14 Simple Steps That Make You Instantly Safer on the Internet
It’s been a while since my last article, and I’ve got a pretty good excuse - I’m now the proud dad of a beautiful baby boy! Between diaper changes and sleepless nights, I’ve been thinking a lot about protecting the things that matter - like our online lives. The internet is amazing, but let’s be honest, it’s also full of traps, scams, and phishing attacks. Sure, the “safest” way to avoid it all would be to just… not use the internet at all. Not exactly realistic for most of us. The good news? You don’t have to go off the grid to stay safe. There are simple, practical steps you can take that won’t require huge sacrifices. Will they make you invincible? Nope. But they’ll make you much harder to hack, and that’s a pretty good start.
Quick & Simple
These steps are quick, easy, and don’t require much time at all. Most of the tools and security measures here can be set up in under an hour, so you can start protecting yourself almost immediately.
1. Use a Password Manager
Everyone knows you should use strong, unique passwords with a mix of letters, numbers, and symbols - and never reuse them. But honestly, keeping track of all of that without a tool is nearly impossible. That’s where password managers come in. They securely store your encrypted credentials and can even generate strong passwords for you. Many of them also auto-fill passwords when you log in, making your life a lot easier.
There are plenty of password managers to choose from. Popular options include 1Password, Bitwarden, Proton Pass, and Apple Passwords. Some are free, some are paid, and some offer extra features or better browser and app integrations that might be worth the cost depending on your needs. At the end of the day, any reputable password manager is far safer than sticky notes or a notebook.
One tip: you’ll see a lot of recommendations for LastPass password manager online. Personally, I wouldn’t use it. Between questionable investors linked to Pegasus spyware and two massive data breaches in 2022, I’d rather trust a squirrel with my life savings than LastPass with my passwords.
2. Turn On Multi-Factor Authentication
Whenever possible, you should turn on MFA (multi-factor authentication). MFA adds an extra layer of protection by requiring you to confirm your login using something beyond just a password - an email code, a text message, an authenticator app (Microsoft Authenticator, Google Authenticator, Apple Passwords, etc.), or even a physical security key (YubiKey, Titan Security Key, etc.).
It’s important to note that email and text message-based MFA aren’t very secure. Phone numbers can be hijacked through SIM swapping or SIM interception attacks. Using email for MFA turns your inbox into a single point of failure - if someone gets into your email, they get all your MFA codes as well. Both of those options are fine for non-critical accounts, but for anything important, you should rely on authenticator apps or, better yet, physical security keys.
3. Start Using Passkeys
Passkeys are a relatively new way of signing in, introduced by major tech companies in 2022. They will take your account security to a whole different level. With passkeys, you sign in using your fingerprint, face, or device PIN. No passwords to remember, no codes to type. They’re easier, faster, and far more secure. Not only do passkeys eliminate password-based attacks, but because they are cryptographically bound to a specific site, they also make many phishing attempts far less effective.
While many major websites and platforms now support passkeys, they’re still not available everywhere. Use passkeys whenever you can, and fall back to MFA when passkeys aren’t supported.
4. Use Ad Blockers
Random ads on the internet won’t hurt you, right? Wrong. Many ads can contain malware, a cyberattack known as "malvertising", where ad scripts on even reputable websites are used to spread ransomware, spyware, or phishing attacks. And because most websites don’t curate ads themselves, it’s easy to click on scam ads designed to steal your money or personal data, even on sites you normally trust. It’s gotten so bad that even agencies such as FBI (yes, that FBI) and Australia’s Signals Directorate recommend using ad blockers as a defense against these threats.
Put simply, with ads, you’re hoping scammers don’t trick you. Without ads, you’re guaranteeing they can’t. The best part? Installing a good ad blocker extension on your favorite web browser takes only a few seconds, and once it’s set up, you can forget about it and let it quietly protect you in the background.
Some of the most popular (and free) ad blockers include uBlock Origin and Adblock Plus. I personally use uBlock Origin, and I have nothing but good things to say about it.
5. Set Up Data Breach Monitoring
Data breaches happen all the time. And I don’t know about you, but I definitely don’t have the time (or the desire) to monitor the dark web and various forums for stolen data. Thankfully, there are services that do the hard work for you and alert you whenever a breach involves your email address, letting you know it’s time to change your login credentials.
One of the most popular (and free) options is Have I Been Pwned, which lets you check when and where your email has been exposed. It also lets you set up automatic notifications for future breaches. Many password managers offer similar features as well - 1Password Watchtower, for example, monitors breaches and adds a few extra security insights on top. In short, there are plenty of options, and setting them up couldn’t be easier.
6. Delete Old Accounts and Remove Excess Personal Data
Personal data privacy goes hand in hand with security. The less information you share, and the fewer places you store it, the lower the chances it’ll be leaked, misused, or turned against you through endless spam, credential-stuffing or phishing attacks. Think about it - do you really still need that account you made in 2015 just to buy an ugly Christmas sweater during a Black Friday sale? It’s probably still holding your email, contact info, shipping address, and maybe even your old credit card details. You don’t need it anymore, so delete it. And if you ever want to buy another sweater from that site again, you can usually check out as a guest or make a fresh account.
Going a step further, ask yourself: why does your local cinema website even need your phone number? Or your home address? They certainly don’t need either to sell you a ticket - those arrive in your email just fine. So why leave that information sitting there? If the site ever suffers a data breach, you have no control over how that data could be used. The best defense is simple: don’t provide information that isn’t necessary. And if you’ve already shared it, just log in and delete it, or replace it with fake data.
Some websites don’t offer an easy “delete account” button, but don’t worry - sending a quick request to customer support usually does the trick. In my experience, most reputable sites will remove your account for you no questions asked.
7. Choose Privacy Respecting Apps and Services
Companies like Google and Microsoft love your data. They track your activity, build detailed behavioral profiles, and use that information for targeted advertising. Even when this data is labeled “anonymized,” it often ends up with third parties who can target you with scammy ads tailored to your profile (ads you’re statistically more likely to click on).
To give another example of how your personal data gets used, Google has been known to scan email contents. A 2018 Wall Street Journal report revealed that third-party app developers had access and read some Gmail users’ emails without explicit consent. Personally, I’d prefer these tech giants stop treating my inbox like a training dataset.
The good news? Reducing how much data these tech giants collect is surprisingly easy. If you care about privacy, avoid using Google Chrome or Microsoft Edge. Instead, pick from solid alternatives like Firefox, Safari, Brave, or even Tor Browser. Likewise, swapping Google Search for DuckDuckGo or Brave Search removes a huge source of tracking. The search results might be slightly less personalized, but that’s exactly the point, and they work perfectly well for most needs. For email, consider moving from Gmail to a more privacy focused option like iCloud Mail or Proton Mail. Proton even offers privacy respecting replacements for much of the Google suite if you want to go all-in.
Finally, if you’re ready for a bigger shift, choosing Linux or even macOS over Windows can further reduce how much data your operating system collects by default.
8. Use Secure Mobile Payment Services for Payments
You should use secure mobile payment services (like Apple Pay or Google Pay) instead of typing your credit card details into websites or relying on physical cards. Not only are these mobile payment services more convenient, but they’re also significantly more secure. When you pay with something like Apple Pay, your real card number is never shared with the merchant or stored on your device or Apple’s servers. Instead, each transaction uses a device specific account number and a one-time security code, which keeps your real card details hidden. In contrast, entering your credit card number on a website exposes it to risks like data breaches, phishing, or malware. Physical cards aren’t much better - they transmit your actual card number, making them vulnerable to skimmers and merchant breaches as well.
9. Use a VPN
A VPN (Virtual Private Network) is a great option whenever you need to secure your internet connection, especially on untrusted or public Wi-Fi. VPNs hide your real IP address, enhancing your anonymity and helping to prevent websites and services from tracking your location or browsing habits. Of course, many people also use VPNs to bypass geo-restricted content or sidestep the new UK age verification laws. Should you do that? That’s entirely your call. As for which VPN to choose, there are plenty of reputable providers - ExpressVPN, NordVPN, ProtonVPN, and Surfshark are just the first that come to mind. As long as the company is well-regarded, you’ll most likely be fine.
10. Use Data Removal Tools
Data removal tools like Incogni or DeleteMe are a bit more controversial. These services contact data brokers (companies that collect and sell personal information about people, often without their knowledge or consent) on your behalf and request deletion of your information. They’re relatively inexpensive, and many users claim they dramatically reduced spam calls and unwanted data exposure. Others say they saw no improvement or even more spam. Personally, I don’t use these tools, but I wouldn’t dismiss them entirely. For some people, they can be a useful addition to their privacy toolkit.
When You’re Ready To Go Further
The following steps take your online security to the next level, making you even harder to hack. Fair warning: some of them might be overkill for everyday threats, but if you’re serious about protecting yourself, they’re worth considering.
11. Use a Separate Network for Your Smart Devices
Smart devices often have weaker security and are more vulnerable to hacking. By isolating them on a separate network, you add a layer of protection to your main devices (i.e., laptops, smartphones), preventing hackers from easily moving between your smart devices and sensitive personal devices. This minimizes the risk of privacy breaches and unauthorized access to sensitive information.
Most modern routers support multiple networks (SSIDs) or VLANs, allowing you to separate devices without buying extra hardware. Just check what features your router offers and go from there - there are plenty of tutorials online. Setting it up usually doesn’t take long, but reconnecting all your smart devices to the new network can take a while depending on how many you own.
12. Use Virtual or Disposable Payment Cards
Many banks such as Revolut or N26 now let you create multiple virtual payment cards that exist only in digital form - no plastic required. Not only these virtual cards protect your main card details, but you can usually set spending limits, expiration dates, and even restrict which merchants can charge the card, giving you far more control than a physical card ever could. Unlike physical cards, virtual cards cannot be physically stolen or lost, and if compromised, they can be instantly deactivated without affecting the main account.
If you want to go a step further, you can use disposable virtual cards. These are temporary, single-use cards generated for individual transactions and automatically discarded afterward. Even if an attacker somehow gets ahold of the card details, it won’t matter - the card is already dead.
13. Use Email Aliases to Hide Your Real Address
Most people use a single email address for everything, and that creates several problems. First, it guarantees a flood of spam. Second, it makes it much easier for companies to track you across apps and services. And finally, it hands hackers half of your login credentials on a silver platter. After all, most accounts use an email + password combo. If attackers already know your email, that's one piece of the puzzle solved. Using multiple email addresses (or aliases) makes life harder for advertisers, data brokers, and hackers alike.
There are two popular ways to hide your real email address. The first is to create several email accounts or aliases. Most email providers allow this in some form. You might use one alias for newsletters, one for online shopping, one for banking, and one for personal communication. How you group things is up to you - the goal is simply to separate important accounts from the junk. The second approach is to generate a unique email alias for every service you sign up for. This is even more secure since no two services share the same email address. As a bonus, it makes it incredibly easy to spot who leaked or sold your data - because only that one company ever had that specific email. The downside? It’s nearly impossible to manage manually, so people usually rely on paid services like iCloud Hide My Email or SimpleLogin. Personally, I use a mix of both approaches.
14. Get a Secondary Phone Number
Just like with email, most people use a single phone number for everything - and that comes with its own set of problems. Your phone number is essentially a unique ID tied to you, and once it’s out in the wild, trouble follows. You’ll get phishing calls (now increasingly AI-generated), and even worse, you’re exposed to SIM swapping attacks. These attacks let hackers hijack your phone number, which is terrifying when you consider how many people use their phone number for account recovery or two-factor authentication. Once someone takes over your number, they can often take over your other accounts too. Darknet Diaries podcast (one of my favorite security and privacy oriented podcasts) has several episodes that dive into how SIM swapping works behind the scenes - it's genuinely life-ruining stuff.
If you’re a high-risk, wealthy, or simply privacy-conscious individual, getting a secondary phone number is a smart move. Use it only for critical accounts and sensitive communication. Honestly, you could even take it further and use multiple numbers - one for family and emergencies, one for banking, one for business, and so on. If you have a lot to protect, the extra effort is absolutely worth it.
Final Words
These 14 steps will make you significantly safer online and protect you from most common threats. That said, if you’re a wealthy individual who faces a high threat level, like targeted attacks or sophisticated hacking attempts, this list alone might not be enough. Think of it as solid first-line defense - it keeps you out of the easy-to-reach danger zone, and gives you a foundation to build even stronger security measures on top.
Thank you for reading! I’d love to hear down in the comments section what steps you’re taking to stay safe online and how you protect your loved ones from digital threats.
