Password breaches are a common occurrence, and if you use the same password on every site, that may grant access to bad actors who try out that password elsewhere to get into your accounts. The best way to protect yourself is to use a unique password everywhere (and two-factor authentication, when possible). A password manager is a program that makes this easier by creating and storing unique, strong passwords for you.
A password manager generates long, unique passwords, stores those passwords in what's typically called its "password vault," and then can fill out the username and password for you when you need to log in to a site. It protects all these passwords behind one single "master password," meaning you only have to remember one password instead of dozens. Depending on the password manager’s implementation, this can mean it's important you make that master password as strong as possible and set up two-factor authentication on your password manager account. In most cases, a password manager also syncs your passwords between different devices—like your phone and computer—so you can log in from any device.
"Something you know, and something you have." Login systems that require only a username and password can be vulnerable to someone else obtaining (or guessing) those pieces of information. Services that offer two-factor authentication also require you to provide a separate confirmation that you are who you say you are. The second factor could be a one-off secret code that is sent to you via email or text, a number generated by a program running on a mobile device, or a separate device, such as a USB authentication token that you carry and that you can use to confirm who you are. Companies like banks, and major internet services like Google, PayPal and Twitter now offer two-factor authentication.
VPN stands for “Virtual Private Network.” When you connect to a VPN, all data that you send (such as the requests to servers when browsing the web) appears to originate from the VPN itself, rather than your internet service provider (ISP). This masks your IP address , which can be an important tool for protecting your privacy, since your IP address provides an indication of your general location and can therefore be used to identify you.
In practice, VPNs can:
Protect your internet activity from prying eyes, especially if you’re connected to an unsecure Wi-Fi network in a café, airport, library, or somewhere else. This has become a less critical aspect of VPNs as the majority of web traffic is now encrypted using HTTPS, but in certain situations, where you may not want a network operator or ISP to see your basic web traffic, a VPN is still useful.
Circumvent internet censorship on a network that blocks certain sites or services. For example, when you are working from a school’s internet connection or in a country that blocks content. Note: it’s important to keep up to date on security news for specific countries’ policies on VPNs.
Connect you to the corporate intranet at your office while you’re traveling abroad, at home, or any other time you are out of the office.
Malware , short for “malicious software ,” is software that is used to harm computer users. It has a wide-range of capabilities that include:
The majority of malware is criminal and is often used to make money; either by obtaining financial or identity information, ransoming private data, or gathering login credentials for email or social media accounts. Governments, law enforcement agencies, and even private citizens use malware to circumvent encryption and to spy on users. With malware, an adversary can: record from a webcam and microphone; disable the notification setting for certain antivirus programs; record keystrokes; copy emails and other documents; steal passwords, and more.
Antivirus software can be effective at combating basic, “non-targeted" malware that might be used by criminals against hundreds, or even thousands, of targets. However, antivirus software is usually ineffective against targeted attacks, such as the ones used by the Chinese government hackers to compromise the New York Times. EFF recommends using antivirus software on your computer, though we cannot recommend any particular antivirus products as being superior to others.
