How to Stay Secure Online [Video]

By Adam Dachis, LifehackerDecember 17, 2010 at 10:00AM

How to Stay Secure OnlineIn light of recent events, security has been a serious priority for all of us. Although there is no 100% full-proof plan, there are ways to greatly improve your online security and plan for the worst. Here are our recommendations.

The Bad News: Nobody’s Safe

How to Stay Secure OnlineDuring the Summer of my freshman year in high school, I worked at a grocery store as a bag boy and saved up for a laptop. At the end of the Summer I was finally able to buy one. Nowadays laptops are commonplace, but this was back when they were pretty rare. I loved it, and I put my life into that computer. A year later I set it up to print in the computer lab and ran into the other room for 30 seconds. When I returned, the laptop was gone. I was amongst people I trusted and gone for under a minute but, still, it didn’t matter: the laptop was gone. I thought I’d somehow get it back, but it didn’t take long to realize that wasn’t going to happen. But, ultimately, it wasn’t the laptop I wanted back. I quickly realized all my personal information—all my secrets—were in the hands of someone I’ll never find. Someone gained the potential to know the darkest parts of my life and I’ll never know who they are. This experience taught me two things:

  1. No matter how safe you think you might be, something bad can always happen.
  2. The only way to ensure your private information always remains private and in your control is if it never leaves your own head.

The internet and reality aren’t much different, in that sense. There is plenty of, if not more, risk in the real world than there is on the web, but we’re just more accustomed to dealing with it. The online world is still very young and so we’re learning to protect ourselves as we go along. Nonetheless, like with anything, there is no surefire protection. The web is imperfect. We are imperfect. Ultimately, no site is un-hackable. A person or group with enough knowledge and determination can bring nearly any site down. That said, we can certainly try our best to protect ourselves and be prepared for worst-case scenarios.

Create Strong, Resilient Passwords

How to Stay Secure Online
There are several ways to keep remarkably strong passwords, but every strategy has a point of weakness and a level of inconvenience that you’re going to have to accept. We’re going to go over a method that we feel is all-around the best way to go, but include a few variations along the way so you can decide what suits you best.

Create Strong, Secure Passwords that Even You Don’t Know

How to Stay Secure OnlineWhen it comes to our own, individual online security we put a lot of trust in our password managers. Password managers keep track of your passwords on multiple sites so you never need to remember your password when it’s time to log in. This way you can memorize your one master password and never have to worry about remembering any of the others. This is enormously convenient, but what’s more important is the added security benefits. A good password manager can help generate incomprehensible passwords, store them in its database, and decode them locally, only one your machine, when it needs to enter them into the web site. You can use a password manager to generate a unique, complex password for every site you visit. Each site will have a different password, you’ll have no idea what any of them are, and all you’ll have to do is remember the one master password you set for it.

How to Stay Secure OnlineWhile there are a number of good password managers out there, like KeePass and 1Password, our favorite is LastPass. LastPass offers incredibly wide support for several operating systems, web browsers, and mobile phones. It’s also completely free, remarkably secure, and comes with many features to help you stay as protected as possible. Since you’re likely not without a few passwords at this point in your life online, LastPass can help you audit and update your passwords to make them more secure.

But what about creating a secure master password?

While all the passwords LastPass (or your other password manager) will generate will be about as strong as they can be, you want to have a strong master password as well. While your password manager can generate one for you, often times it’s going to be too hard to remember and too inconvenient to type (especially on a mobile phone). If you don’t mind the extra work for the extra security, your best bet is to have the most secure password you can have. If you want something you’re sure you won’t forget, Mozilla offers an easy way to create a strong password you’ll be able to remember:

How to Stay Secure Online

If you’re not in the mood for a cute strong password public service announcement, the concept goes something like this:

  • Pick a phrase you can remember with a number in it, like “A bird in the hand is worth two in the bush.”
  • Change that number (in this case, “two”) to its numerical equivalent: A bird in the hand is worth 2 in the bush
  • Condense the phrase by only using the first letter of each word: Abithiw2itb
  • Add some special characters you can remember: #Abithiw2itb!

How to Stay Secure OnlineDoing this gives you all the characteristics of a good, strong password: lowercase and capital letters, at least one number, special characters, and a combination of those things that basically makes no sense when you look at it and turns out to be longer than eight total characters.

While we recommend generating complex passwords with your password manager, you can use this same technique to create unique passwords for individual sites. You can take the password and add a suffix specific to each web site. Sticking with out example, let’s say you wanted to use this password for Lifehacker. Just add :L1feh@cker, :Lh, or whatever you’ll be able to remember to the end of the password: #Abithiw2itb!:Lh. This way you can type your complex password as you normally would and just append your abbreviation for the site you’re logging into. This method is a little easier, but it’s not impossible for someone to figure out. Ideally you’ll want to let your password manager handle your password generation for you, but if that’s just not for you then this method is a reasonable alternative.

How to Stay Secure Online If at any point you’re not sure about your password’s security, head on over to How Secure Is My Password? to get an approximation of how long it would take to crack using an average desktop computer. Our example (#Abithiw2itb!) would take about seven billion years, which seems pretty good. If you’re satisfied with the password you’ve derived, you’ve got your new master password. If you’re not, keep trying and checking.

Keep Your Other Information Protected

Your passwords are not the only kind of important information you don’t want floating around the internet, and chances are you have a few gadgets you wouldn’t want to fall into the wrong hands. Fortunately there are quite a few ways you can

Protecting Your Credit Cards

How to Stay Secure OnlineIf you shop online, your credit card number has been entered into at least one web site. While this is unavoidable, and just about as safe as using your credit card out in the real world, the fact still remains that your number could be intercepted and used to make unauthorized purchases. One easy way around that problem is using temporary credit card numbers. While not every bank offers this service, if yours does you might want to take advantage of it. If you’re making a purchase online—especially at a site you don’t trust—you just generate a unique credit card number that will expire after its first use. This is also extremely helpful if you sign up for a trial and want to prevent automatic re-billing.

Keeping Your Mobile Technology Secure

How to Stay Secure OnlineThere really isn’t any assurance your technology won’t get stolen someday. As previously mentioned, it happened to me in less than a minute. Fortunately there are a number of tools to keep your laptops and mobile phones secure from tampering, or at least initiate a remote data wipe in the event of a breach.

One of our favorite tools is Prey, which is a free tool (for up to three devices) that can help you track and (potentially) recover your stolen laptop or Android smartphone. If you’re looking for a solution for your iOS device, Apple now offers find my iPhone for free. If you’re not using an iPhone 4, it is still possible to enable the free Find My iPhone, but it’ll take a little bit of extra work. Once you get it up and running, you’ll be able to remotely locate your iPhone, send it a message, and wipe your personal data. To get started, you can download Find My iPhone in the iTunes App Store. Despite the name, it’ll work with any iOS device (but GPS and 3G service certainly help).


That just about wraps it up for guide to online security. With so many options out there, it’s hard to cover the entire spectrum. If you feel we’ve missed something or have some good tips, please share them in the comments. Thanks for reading, and stay safe!

You can contact Adam Dachis, the author of this post at adachis@lifehacker.com. You can also follow him on Twitter and Facebook.