Stop using your web browser security wrong

3 years ago 402

Chances are bully you're not utilizing your browser with a beardown capable oculus connected security. Jack Wallen offers up immoderate proposal to the mean idiosyncratic connected however to browse safer.

security-alert.jpg

Image: Sergey Nivens/Shutterstock

For the emotion of privateness and security, stop! You're utilizing the default settings successful your web browser, thereby assuming the companies that created the bundle either cognize what's champion for you oregon don't person ulterior motives for however they acceptable information options successful their products.

But ultimately, the onus isn't truly connected the developers oregon distributors of the web browsers. You are successful complaint of your security, and you unsocial person the powerfulness to marque the astir retired of it. When you conscionable presume the out-of-the-box acquisition is wholly secure, you are astatine the mercy of a institution that produces products for the masses. What those companies privation is to merchandise a merchandise that works for the largest fig of users, a baseline. Of course, everyone's use-case is different, truthful 1 person's information mightiness not beryllium another's. In the end, erstwhile you judge the defaults, you're accepting configurations that enactment for the bulk of sites connected the satellite (in theory). 

SEE: Security incidental effect policy (TechRepublic Premium)

Thing is, that's not ever the astir unafraid mode of going astir things. And a large portion of the occupation is that not each web browsers are created equal. Some browsers person much precocious information features available, portion others scrape by with the bare minimum. Some browsers person go truthful problematic that information is the slightest of their worries. Some browsers are developed by companies with a precise bottom-line driven motivation. And, finally, immoderate browsers are created by companies that bash not privation to relinquish power to the end-user.

I'll permission it up to you to gully the indispensable conclusions arsenic to who the fingers of blasted should beryllium pointed to.

Fortunately, you bash person the quality to assistance yourself retired with browser security. And I'm going to assistance you out. What I'm not going to bash is amusement you however to configure each azygous happening for each azygous browser (as that would instrumentality maine forever). What I'm going to do, however, is amusement you what you request to look for successful your browsers and a fewer tips connected browser usage (so you tin debar definite issues).

Don't prevention passwords

The archetypal happening I'm going to archer you is to ne'er let your browser to prevention usernames and passwords. Yes, I cognize that makes it exponentially much hard for you arsenic a user, but erstwhile you person your browser prevention your usernames and passwords, you're adding yet different furniture that tin beryllium utilized against you. This is particularly existent for browsers that sync information to oregon done a third-party big (such arsenic Google Chrome syncing browser passwords to your Google account). 

Don't bash that. Just don't. Yes, it volition origin you an other measurement for each azygous tract you sojourn that requires login credentials, but you'll beryllium safer for doing so. To marque this easier, instal a password manager (and usage it).

Convenience is often the force of security.

Install extensions with care

I cannot archer you however galore times I've been troubleshooting a user's computer, lone to find they'd installed immoderate coupon hold that really turned retired to beryllium malware. Yes, determination are a batch of extensions disposable for astir each web browser connected the market. But the adage, "If it's excessively bully to beryllium existent …" applies. 

Sure, browser extensions tin adhd functionality to your browser, but that doesn't mean you should instal them. In fact, with regards to extensions, ever err connected the broadside of caution. Unless you perfectly request that added functionality, bash not instal it. And if you determine to spell up and instal it, bash a spot of probe earlier hitting Install. It lone takes a azygous portion of malicious codification to either bring down your machine oregon bargain your data.

My conjecture is that coupon codification hold isn't worthy the hassle.

Enable HTTPS-Only Mode

Some browsers, specified arsenic Firefox, connection an HTTPS-only mode. What this does is forestall you from going to sites that usage the less-secure http protocol. These HTTPS-only mode features don't wholly artifact you from visiting those sites, but they bash pass you that you're astir to beryllium directed to a little unafraid site.

For example, with Firefox, you spell to Settings | Privacy & Security and past click Enable HTTPS-Only Mode successful each windows (Figure A).

Figure A

browserseca.jpg

Enabling HTTPS-Only Mode successful Firefox.

Enable DNS-Over-HTTPS

Another mounting you're going to privation to instrumentality attraction of is enabling DNS Over HTTPS. What is this feature? DNS-Over-HTTPS hides your DNS queries from third-party observers truthful they cannot sniff retired your packets and spot what you're searching for oregon what sites you're astir to access. 

Most of the large web browsers let you to alteration this functionality, and it should beryllium considered a must-do for each browser you use. For example, springiness my portion "How to alteration DNS-over-HTTPS successful Firefox" a work to find retired however to bash this successful Firefox.

Click with caution

Finally (and this cannot beryllium overstated), usage caution erstwhile you click links. Anytime you person a nexus successful an email oregon different benignant of message, it is connected you to cheque if that nexus is morganatic oregon not. If you default to trusting those links, you're lone 1 click distant from ransomware oregon malware. 

For example, I received a suspicious email successful Thunderbird. First, I don't let my email lawsuit to automatically load images. But I tin intelligibly spot the READMORE button. If I hover my cursor implicit that button, the associated URL appears successful the lower-left country (Figure B). 

Figure B

browsersecb.jpg

Revealing a nexus wrong an email.

If that nexus isn't associated with whoever sent the email, past I'm not clicking it. Period. Even connected the Linux platform, I wouldn't sojourn fishy links. I cannot impart to you however important it is that you bash not click specified links without taking precautions.

Just don't bash it

As overmuch arsenic you privation to judge the default settings oregon the mode you typically usage your browser volition support you safe, you're astir apt wrong. It's a unsafe satellite retired determination successful the immense WWW, and there's ever idiosyncratic looking to bargain your information, your identity, your wealth oregon each of it. Do not spell mildly into the satellite wide web, otherwise, you'll autumn prey to alternatively nefarious doings.

Subscribe to TechRepublic's How To Make Tech Work connected YouTube for each the latest tech proposal for concern pros from Jack Wallen.

Cybersecurity Insider Newsletter

Strengthen your organization's IT information defenses by keeping abreast of the latest cybersecurity news, solutions, and champion practices. Delivered Tuesdays and Thursdays

Sign up today

Also see

Read Entire Article