With news of a big hack almost every week, the Internet can be a scary place. So how's an Internet user supposed to stay safe?
One strategy is to mimic how security experts watch out for themselves. And luckily, a new paper from researchers at Google outlines some of the steps they take to keep their systems safe.
The paper outlines two surveys — one with nearly 300 non-expert Web users, and another with about 230 security experts -- asking them how they stay safe online.
Here are a few of the top safety practices the experts used:
1. Install software updates quickly. When someone discovers a problem in software and discloses them to the developer, they push out patches that fix them. Those fixes block up digital holes that can give hackers backdoors into your system -- and often, these can be set up automatically.
The experts reported installing software updates much quicker than the non-experts, and said it was an important part of staying safe. Some 35 percent of the experts said installing them was one of their top three security practices -- but just 2 percent of non-experts said the same thing, according to the paper.
Some non-expert Web users told the survey that they were worried that automatic updates could be abused to install things like malware.
2. Use unique passwords. With a password manager. It's no secret that passwords are a pain in the neck. And with the rolling tide of breaches, reusing a password could leave other parts of your online identity at risk if one service is breached. That's probably one of the reasons that 25 percent of experts in the survey cited using unique passwords as part of their top three online safety practices, vs. 15 percent of non-experts.
And experts were much more likely than non-experts to use password managers to help keep those unique passwords in line -- with 73 percent of experts using them for at least some of their online accounts vs. 24 percent of the non-experts. Password managers are tools that store encrypted versions of your passwords, making it easier to keep track of the dozens of robust, unique passwords that are needed to keep a modern digital life up and running.
But non-expert users seem wary of them, according to the paper, voicing concerns that the password managers themselves might be hacked -- which isn't without precedent. “I try to remember my passwords because no one can hack my mind,” one survey respondent said.
3. Go beyond a password with two-factor authentication. No matter how you store passwords, though, experts were more likely to want an added layer of protection: Two-factor authentication. It works by using a second step, often a code that's texted to your mobile device, that users then use to verify their logins. Most of the big online services offer it -- here's a handy Web site that keeps track of your different two-factor options.
Nearly 90 percent of the experts used two-factor on at least one of their accounts, compared with 62 percent of the non-experts according to the paper.