Updated 2020-01-17

When people think changing their passwords keeps anyone/thing out of their account except for people who know the passwords

Goal

Teach people so that they the knowledge and easy-to-use, free tools to keep themselves safe online.

TL;DR: remove applications from your accounts and enable two factor authentication, don’t forget about your email account, browser, and computer itself either.

Remember: You’re data is never safe. Security breaches on major websites and company databases happen daily, including government and proprietary systems you have no choice but to be in the database of (Equitrust). If your goal is to not be on the grid, try not being on the grid: which includes not having social media accounts. If your goal is to have your already limited communiques be as secure as you can make it, read on.

Steps and Tools

Here are three steps (installing 3-6, applications, going through some settings, and playing around in your operating system’s control panel) to secure your accounts, browsers, and computers.

There are going to be two links next to each suggestion showing how to fulfill the suggestion on a variety of services (F: Facebook, G: Google, X/O: XKCD or The Oatmeal Comic [non-instructional, just funny]); and more links at the bottom of each section to blog posts/articles/etc. on the topic from respectable companies (links are shrunk to ensure my sanity when looking at the code for this page - they go through bit.ly).

The Actual Account

An account can be compromised a number of ways. Whether it’s an app you absent-mindedly approved injecting posts for you or sending emails as you, a snooper on your wi-fi stealing your passwords, malware on your computer either taking your passwords or injecting malware that may do so, your computer being stolen, or an number of other things: you need to secure it to avoid data (or even financial and identity) theft, and just general ads.

To actually secure any account, remove applications that have access to the account that are unrecognized [F] [G], enable a security feature like two factor authentication [F] [G], go through and modify what your account follows/likes to ensure you aren’t made a target unnecessarily [F] [G], review the locations your account is logged in from [F] [G], and finally control who can see your account [F]. You might as well update your password, too [F] [G] [X].

Links
- Facebook’s list of tips + instructions	- Google’s list of tips + instructions
- Facebook security settings	- Google’s security settings
- Facebook Account Security Checkup	- Google Account Security Checkup
EFF: Protecting Yourself on Social Media

Your Email

Email accounts are central to social media and other types of accounts, due primarily to the fact that you can recover any account you have the email account for by saying “I forgot my password” with little security in the recovery process.

Luckily, you can secure them in a similar manner, and switch to a real email provider (as in, if you don’t know numerous people outside of your family that use it, switch: Yahoo, Hotmail, Comcast, AOL, etc are all providers to move away from [they give an impression of computer illiteracy, they are laxe in their security, they have been hacked many, many times] ^{[O] [how to switch]} - GMail is safe, powerful, simple, and well known; Protonmail is incredibly safe, a bit more complex, but young). Your email really isn’t really safe unless you use anti-spam features though ^[G], because even the most veteran of internet users can sometimes be fooled by these; when you don’t like an email, or can realize it’s spam, don’t just delete it, mark it as spam - this improves the anti-spam features, and will proactively mark similar emails as spam.

Finally, you can see if your email, and if particular accounts, were compromised -or at least listed- in a known data-breach on Have I Been Pwned (HIBP). Putting in your email address will tell you if you were “pwned” (listed in a breach) and if you scroll down a little then it will show you the website that was compromised, or if it was a general list from an unknown source; if it says you have been (you probably have) then you should change the passwords on those websites specifically, and update your email password. You can also click “Notify Me” at the top of the website to receive an email notification any time your email address shows up in a new breach, so you can update your account and email account password as quickly as possible.

Note: In general information about breaches, such as updates to HIBP, will come some time after a breach. Sometimes it’s not until the list surfaces somewhere that can be found by HIBP, sometimes companies hide it away until they’ve fixed their holes before they will list a breach. However, in general breaches will only result in a dump of the database, meaning they see your email address, but your password may be safe. This means your account could become a target for password guessing, and your email account as well, but that your account may well stay safe until the information does show up.

Additional

(Furthermore, people on Facebook get hacked a lot. We’ve all seen the spam posts, messages, or app requests. Notify these friends, and un-follow or unfriend them if they’re unwilling to secure their account - at some point you may forget that they were hacked, and accept an app invite from them, this app could be the same malware that jacked their account)

2 - Your Browser

(F: Firefox, C: Chrome)

Additionally, no account is really safe if you browse the web unsafely. Install an add-on to your browser that blocks ads (such as ublock origin ^{[F] [C]} or more thoroughly, though also more complicated: privacy badger ^{[F] [C]}); ads are sometimes just ads, but on sketchier or lower-budget sites, they’re malicious as well. Also, go through your browser’s add-ons, some add-ons are side-loaded when installing applications (FireFox has just started disallowing this ^{[F] [C]}), or are installed intentionally, forgotten, and somebody hacks the application (or the developer of it sells out) and your browser updates it to a very rotten version of the add-on - remove any you don’t use often.

3 - Your Computer

But your computer isn’t safe until you use good anti-virus to scan the depths of it, remove threats, and become proactive about your own safety. Make sure you have some good anti-virus. Anti-virus such as Norton and AVG are hardly actually anti-virus, but more like malware themselves - install something known, free, and doesn’t bother you for a paid version with pop-ups; I like MalwareBytes and always have it running, or Comodo if I know my computer is compromised (it’s really annoying to keep it around forever, but does a great cleaning job). Install a firewall on top of your system’s to reduce the likelihood of any malware on your computer functioning properly - I liked TinyWall (don’t put it in learning mode unless you have already secured your machine, otherwise it will become much less useful, however it doesn’t seem to work properly in Windows 10) and now Glasswire (I paid the 40$ for it because I love it and it has solid support, but you really don’t need to). If you know other people use your internet, frequent public networks, torrent, visit sketchy sites regularly or anything of the like, also consider a VPN (virtual private network) - they can be pricey, but if you go through reviews of free ones and find a good one you can still be better off - I like the private internet access VPN which is only 7$/month and is very easy to set up - admittedly, it does not have a super user -friendly UI. I have not found a free one that seems trustworthy, and in addition to that a lot of the big-name VPNs, the ones you see advertise on YouTube channels a lot, have been hacked and data stolen more than if you’d been unprotected. Here’s a great video on YouTube that helps explain if you need a VPN, and what it actually does for you. The simplest way to clean your computer though is to take the not-so-immense amount of time to go through your installed programs and remove programs you don’t remember installing or were side-loaded during the installation of a real program, here’s a guide to do that on Windows 10. Finally, make sure your operating system is supported. If it’s not supported, you’re not getting vital security patches or any generic improvements.

Windows 8 (now in extended support, which is only security patches) and 10 are the only supported Windows versions (excluding enterprise deals).
Mac OS 10.13 (High Sierra, extended support) and 10.14 (Mojave) are the only supported Mac OS versions.

Update your operating system to the latest version, and be sure to run update checks to get the latest patches. If you don’t want to pay for the latest major version, then you can always switch to a user-friendly Linux distribution - here’s a good article that explains how you can ease yourself into it, and here’s an article listing some beginner-friendly distros.

Conclusion

There is one program in there (PIA VPN) that costs money, and it’s not even required. Securing your technology is free, easy, and prevents future issues; why wouldn’t you do it?

Fun Fact

This is some of the stuff I do to “speed up computers” (which normally just means removing junk and malware). Your computer is as fast as it gets, it only slows down because you load it with crap, a component is failing, a system update failed partially, or your hard drive is far more full than it should be. Hard drives are cheap, even external ones; if this is the case, just buy one, format it, and use a drive that isn’t loaded with hardware manufacturer’s junk.