This is part of Edudemic’s Staying Safe Online series. We will be periodically publishing guides and helpful bits of information to keep you thinking about how to stay safe among all those bits and bytes.
Google has just published a terrific new guide to staying safe online. Since we all likely use at least a few of their products, it’s a guide worth checking out. From preventing phishing scams to cookies to properly signing out from websites…there’s a trove of information that you should check out. I’ve embedded ten of the best parts (in my opinion) below to whet your appetite. Not in the mood for reading so much? Check out our recent infographic on managing your online reputation or the Edudemic Ultimate Guide to Online Safety.
Visit Your Google Dashboard
If you have a Google Account, Google Dashboard helps you answer the question, “What does Google know about me?”. It shows you the information stored in your Google Account and enables you to change your privacy settings for many products from one central location.
When you go to your Dashboard you’ll find a single page where you can see the various products you use with your account and what’s stored in them, along with easy access to the product-specific controls. Dashboard can remind you of your last Blogger blog, your favorite YouTube playlist, your uploaded photos and more.
Passwords are the first line of defense against cyber criminals. It’s important to pick strong passwords that are different for each of your important accounts and to change them regularly. Here are some ideas to help create strong passwords.
- Use a unique password for all your important accounts.
Use unique passwords for your accounts, especially important accounts like email and online banking. You are likely to have dozens of accounts across the web, and you cannot guarantee the security of all of them. Criminals target sites that lack strong security, in order to harvest usernames and passwords that they test against other popular sites. When you use the same password across the web, a cyber criminal can learn the password from a less secure site and then use that password to compromise your important accounts.
- Use a long password
The longer your password is, the harder it is to guess. There are almost one quintillion possible 10-character passwords (that’s 4,000 times as many possibilities as if your password only has eight characters) … and that’s if you only use numbers and letters.
- Use a password with a mix of letters, numbers, and symbols
Using numbers, symbols and mixed-case letters in your password increases the difficulty of guessing or cracking your password. For example, there are more than 6 quadrillion possible variations for an eight-character password with numbers, symbols, and mixed-case letters – 30,000 times more variations than an eight-character password with only lowercase letters.
- Try using a line from a song, film or play
Some passwords are easy to guess or crack: Simple words or phrases like “password” or “letmein,” keyboard patterns such as “qwerty” or “qazwsx,” patterns such as “abcd1234” or personal information like your birthday or street name.So choose a combination of letters, numbers, or symbols to create a unique password that’s unrelated to your personal information.One idea you can try is to choose a line from your favorite song, film or play, like “To be or not to be: That is the question.” Then use numbers, symbols and mixed-case letters to recreate it: “2bon2bT1tq” is a password with quadrillions of variations. The more unusual the phrase you choose the better!Or you could pick a random word or phrase, and insert letters and numbers into the beginning, middle, and end, such as “sPo0kyh@ll0w3En.”
- Make sure your password recovery options are up-to-date and secure
Make sure your recovery email address is up to date so that you can receive emails in case you need to reset your password. Sometimes you can also add a phone number to receive password reset codes via text message. Additionally, many websites (including Google Accounts) will ask you to choose a question to verify your identity if you ever forget your password. If you’re able to create your own question, try to come up with a question that has an answer only you would know. Try to find a way to make your answer unique – you can do this by using some of the tips above – so that even if someone guesses the answer, they won’t know how to enter it properly.
- Keep your password reminders in a secret place that isn’t easily visible
Don’t leave notes with your passwords in plain site, on your computer or desk. If you do decide to save your passwords in a file on your computer, create a unique name for the file so people don’t know what’s inside. Avoid giving the file an obvious name, such as “my passwords.” If you have a difficult time remembering multiple passwords, a trusted password manager may be a good solution. Spend a few minutes checking out the reviews and reputations of these services.
- Add an extra layer of security to your Google Account
When you leave your house you feel a bit safer knowing the door’s locked. But imagine how much safer you’d feel if the door was guarded too? The same goes for the information in your Google Accounts. By switching on 2-step verification you’ll have not one, but two security measures to help prevent someone from breaking in.Once you’ve created a password for your Google Account, you can add an extra layer of security by enabling 2-step verification. 2-step verification requires you to have access to your phone, as well as your username and password, when you sign in. This means that if someone steals or guesses your password, the potential hijacker still can’t sign in to your account because they don’t have your phone. Now you can protect yourself with something you know (your password) and something you have (your phone).
Your Online Presence
Managing what you share about yourself online is a bit like having people over for dinner. You show them around. Cook a fantastic meal. But they’ll only see what you want them to see, because you probably prefer to keep some things to yourself (and will keep those hidden away). The same thing is true online: you share a few things but you don’t want people to know everything about you.
An important first step in controlling what people can find about you on the web is knowing what’s published about you online. Your online identity is determined not only by what you post, but also by what others post about you—whether a mention in a blog post, a photo tag or a reply to a public status update. When someone searches for your name on a search engine like Google, the results that appear are probably a combination of information you’ve posted and information published by others.
Our tool, Me on the Web, makes it easier to monitor your identity online. It helps you set up Google Alerts, so you receive notifications when you are mentioned on websites or in news stories, and it automatically suggests some search terms you may want to keep an eye on.
Me on the Web also provides links to resources offering information on how to control what third-party information is posted about you on the web. These include tips like reaching out to the webmaster of a site to ask for the content to be taken down, or publishing additional information on your own to help make less relevant websites appear farther down in search results.
You can find Me on the Web as a section of the Google Dashboard underneath the Account details.
Whether you use your mobile phone to search for something on the web, or download the latest app, here are some tips and advice to protect yourself, your information and your phone.
- Always use a passcode, password or security pattern to lock your phone.
- Never store personal details on your mobile, in messages or emails. This include things like your bank card pin number, any account passwords or security codes under obvious names in your contact list. You can use a code name if necessary.
- Only enable application installs from unknown sources if you plan to review your apps very carefully (e.g. for Android apps, be wary of those from outside Android Market). It’s always helpful to check permissions before downloading an app.
- Check the source of all your files and apps to make sure they’re safe before you download. For example, if you see a URL like
www.google.comit’s probably safer to leave the site.
- If you give your phone away when you get a new one, make sure you do a factory reset to clear all of your personal data.
- If your phone goes missing, report it right away and work with your provider or police to either locate or deactivate it remotely.
- Only allow automatic updates for apps you really trust.
Online criminals are financially motivated to steal your information, whether or not they know who you are. They dress the part, talk the talk, and by pretending to be something or someone they’re not, they try to get your personal details. A phishing website or message tries to trick you into revealing personal information by appearing to be from a legitimate source, such as a bank, social network, or even Google. We’re always on the lookout for phishing attempts, fake sites and Internet scams and we protect web users from visiting malicious sites roughly 3 million times every day.
It’s good to pay close attention to all sign-in screens online. You should always be wary of any message that asks for your personal information or messages that refer you to a web page asking for these details.
Messages or websites phishing for information might ask you to enter the following details:
- Usernames and passwords
- Social Security numbers
- Bank account numbers
- PINs (Personal Identification Numbers)
- Full credit card numbers
- Your mother’s maiden name
- Your birthday
Here are a few simple steps you can take to protect yourself against phishing:
- Most importantly, never reply to suspicious emails, tweets, or posts with your personal or financial information. Also, don’t fill out forms or sign-in screens that link from these messages.
- Never enter your password after following a link in an email or chat that you don’t trust. It’s better to go directly to the site.
- Don’t send your password via email.
- Only sign in to your account when you’re 100% sure you’re on the real site. If you’re not quite sure, check the Internet address in your web browser. For example, this is a fake URL:
- Install browser updates immediately, or choose a browser like Chrome that updates automatically to the latest version. Many browsers will warn you if you try to go to a website that is suspected of phishing behavior. Google offers a Safe Browsing API which is used by Firefox, Safari and Chrome. We analyze millions of webpages daily and each year we find hundreds of thousands of phishing pages which we add to the blacklist in the Safe Browsing API that then protects users from these pages.
- Most email providers, including Gmail, allow you to report suspicious emails and phishing scams. Reporting a message as phishing will prevent that user from sending you more emails, and our abuse team will use the report to help stop similar attacks.
The term “malware” covers all sorts of malicious software designed to harm a computer or network. Malware can be installed on your machine without your knowledge, often through deceptive links or downloads posing as something you might be interested in. Once malware has been installed on your computer, cyber criminals can sometimes try to access your personal information. They do this by logging your keystrokes or monitoring your computer’s activity. Your computer could also be controlled and forced to visit websites, send spam email or perform other actions without your knowledge. The effects of malware can be anything from a brief annoyance to identity theft.
A few examples of malware:
- a computer program that can copy itself and infect a computer.
- a self-replicating malware computer program, which uses a computer network to send copies of itself to other computers on the network.
- a malware that collects small pieces of information about users without their knowledge.
- any software package which automatically plays, displays, or downloads advertisements to a computer.
- Trojan horse:
- a destructive program that masquerades as an application. The software initially appears to perform a desirable function for the user prior to installation, but steals information or harms the system.
Here are a few simple steps you can take to protect yourself against malware:
- Upgrade your operating system and software to the latest versions and, if possible, turn on automatic updates. Regularly check for updates to software that doesn’t offer automatic update functionality.
- Always keep an eye on what you click and download. By clicking on unfamiliar links, you can expose your computer to malicious software and websites. This software often contains programs that scan your computer or track what keys you type, including your password. To keep yourself safe, only download from sources you trust, and hover over links to check the address before you click. When in doubt, use trusted bookmarks for important sites.
- Be careful when you come across unfamiliar sites. When you’re not sure, leave the site and research the software you are being asked to install.
- Do not trust anything within an email that looks suspicious. Even email from people you know can contain malware links or attachments if their account has been hacked. Be careful when you follow links in an email. It’s better to visit websites by entering the address directly in your browser.
- Some programs bundle malware or other deceptive Internet software as a part of their installation process. When you install software, pay close attention to the message boxes, and scan the fine print. It’s also good to do some research on unknown software before you start the installation process. If you’re worried that the software might be harmful, stop the installation immediately.
- Your friends, family, or coworkers may give you a disk or flash drive with an infected file on it without their knowledge. You can scan the disk with security software before opening the files.
- Do not trust pop-up windows that ask you to download software. Often these pop-ups will make you believe your computer has been infected and ask you to download software in order to be safe. Close the window and make sure you don’t click inside the pop-up window.
- Be careful with file-sharing. Many of these sites have little policing for malware, so if you download anything from them do so with caution. Malware can be disguised as a popular movie, album, or program.
- Remove malware as soon as you can. One of the best ways to clean your computer is to reinstall your operating system. There are also a number of programs out there that can help.
Currently, the best way to remove malware is to scan your computer with at least one, and ideally a few, high quality anti-virus products. We have no connection with the companies below, so we can’t comment on their programs’ effectiveness, but trying any of these programs often makes a difference, as does having the latest versions. You may also use the site av-comparatives.org to find other Anti-Virus software and review test results.
- ESET Smart Security
- Kaspersky Lab Internet Security
- MacScan (for Mac users)
- Microsoft Security Essentials
- Norton Internet Security
If you feel you were deceived when you installed a program that creates popups or modifies your browser, you may want to file a complaint at StopBadware.org. Additionally, you may want to contact the Federal Trade Commission (FTC), which handles complaints about deceptive or unfair business practices in the U.S. To file a complaint, do one of the following:
- Visit www.ftccomplaintassistant.gov
- Call 1-877-FTC-HELP
- Write to: Federal Trade Commission, CRC-240, Washington, D.C. 20580
- If your complaint is against a company that’s outside the United States, visit www.econsumer.gov
If you’ve been redirected to a suspicious site, please take a moment to tell Google about it.
Ever gone out for the day and left your front door wide open? Exactly. The same principle applies when you leave yourself signed in to online accounts on the computers you use. It’s a good idea to sign out of your accounts when you’re no longer using them, and to shut down your browser when you have finished using the web on a shared computer.
Making sure a site is safe
When you go into a branch of your bank, you recognize the official staff by their name, their uniforms and the services they offer you. Having this level of reassurance shouldn’t be any different for online banking or other sensitive sites. It’s good to remember that a safe site’s address starts with “https” and displays a padlock icon in your browser. This is a good indication that the site is safe for you to pay online or share other information.
Safeguarding your email
You wouldn’t want anyone to open your postal mail and read it. The same goes for email. With Gmail we do our best to keep your messages and inbox safe: Gmail helps protect against viruses, spyware, and other malware. It offers default HTTPS access and 2-step verification as an optional extra layer of security for your Google Account.
All modern browsers have tools to help you delete or block cookies from being set. But it’s important to remember that many sites need cookies to work properly so by deleting or blocking them, some parts of these websites might not function correctly.
Here is an example of what can be stored in a cookie:
- A name:
- The cookie’s name, which is unique to the site that set it.
- Site name:
- The name of the domain or sub-domain that set the cookie.
- Expiration date:
- After the expiration date, the cookie will be automatically deleted. Some cookies will expire when you close your browser. These are called session cookies. Other cookies may expire weeks, months or years after being set. These are called persistent cookies.
- A value:
- This is the information in the cookie that the website uses to “remember” your previous visit.
You wouldn’t expect a magazine about fishing to be full of advertising about dance music or video games. It makes more sense to show ads about things readers are likely to be interested in, such as new angling gear. On the Internet, the same is true: websites usually try to show you advertising that they think is likely to be of interest, which makes sense for you, the website owner and for the advertiser.
We try to show you relevant ads and we use some clues to your preferences to help us do this, both on Google Search and across the web.
The ads that appear on Google Search are targeted based on your search queries. If you type “cheap flights”, for example, into Google, you will probably see sponsored links at the top of the page and on the right hand side showing ads from travel companies. To decide which ad to show you, the automated system looks at the search query that you enter, the relevance of the ads to this query and how much the advertiser is prepared to pay in the auction and, in some cases, your very recent query history. This process does not use any data you may share with Google through other products (such as Gmail) and the ranking is completely unrelated to Google’s natural search results. These are examples of contextual ads as they are related to what you are looking for on that page at that time.
In addition to the sponsored links you see on Search, Google places ads across the web by acting as an intermediary between advertisers and website owners. In some cases these are contextual like search ads, i.e. they are based on the content of the web page where they appear. In other cases they are interest-based ads and these are shown because we’ve made a guess at the types of things likely to interest you. We base this on other pages you’ve previously visited that show Google ads. So if you’ve visited many gardening sites, you may see more gardening ads across the web.
This is how it works:
- When you visit websites and watch videos where Google shows ads, we store a number in your browser by using a cookie to remember your visits. That number could be something like
- Because many of the websites you visit are related to gardening, we’ll put your number (
114411) in the “gardening enthusiast” interest category.
- So we may show you more ads that are relevant to gardening enthusiasts as you browse websites where Google provides ads.
Throughout this process we don’t store your name or keep any personal information about you. We just recognize the number stored in your browser, and show ads related to the interest categories associated with your cookie (so we’re recognizing your browser, not you). We don’t show ads based on sensitive information or interests, like race, religion, sexual orientation, health, or sensitive financial categories.
You can control which types of ads you see using Ads Preferences Manager. This allows you to change the interest categories associated with your browser (or if you don’t want us to store your interests at all, you can opt-out altogether).
Ads in Gmail
Ads that appear in Gmail are similar to the ads that appear next to Google search results and on content pages throughout the web. In Gmail, ads are related to the content of your messages. Our goal is to provide Gmail users with ads that are useful and relevant to their interests.
Ad targeting in Gmail is fully automated, and no humans read your email in order to target advertisements or related information. This type of automated scanning is how many email services, not just Gmail, provide features like spam and virus filtering and spell checking. Ads are selected for relevance and served by Google computers using the same contextual advertising technology that powers Google’s AdSense program.
Only ads classified as family safe are distributed through our content network and to your Gmail inbox. Also, we are careful about the types of content we serve ads against. For example, Google may block certain ads from running next to an email about catastrophic news. In addition, we will not target ads based on sensitive information, such as race, religion, sexual orientation, health, or sensitive financial categories. You can control the use of these signals from the Gmail Settings page.