7 easy ways to improve your online security for free

A woman programmer is typing a code on computer to protect a cyber security
(Image credit: VideoFlow / Shutterstock)

Getting a handle on your online security can seem like a daunting and expensive task but it doesn’t have to be. With the right free tools, you can improve the strength of your passwords, eliminate spam from your inbox, avoid falling victim to phishing emails and more without spending a thing.

Like many things in life, most people tend to be reactive when it comes to security as opposed to proactive. It’s understandable that you would want to create strong, complex passwords for your online accounts after getting mixed up in a data breach. However, if you do some research and take the time now, you can secure the credentials for all of your online accounts before the next big breach or cyberattack.

Becoming a victim of identity theft is not only expensive but sometimes it can take months or even years to restore your identity or credit. During that time, you’ll be unable to take out loans or even apply for a new job as many employers run credit checks as part of their screening process.

If you’ve been putting off overhauling your online security, there’s never been a better time to sit down and get to work. Still though, keeping your online accounts secure is an ongoing process which is why you may want to revisit these steps at least once a year.

1. Check if your credentials have already been exposed online

A pair of hands using a tablet to log into an app.

(Image credit: mama_mia/Shutterstock)

Before you get started updating your passwords, it’s always a good idea to see if any of them have been exposed in a data breach. 

To do so, you can use either Have I Been Pwned or CyberNews’ personal data leak checker. While both tools will tell you if your email was involved in a data breach, Have I Been Pwned goes a step further by providing detailed information on each individual data breach that includes what kinds of data was compromised. Likewise, Avast Hack Check will send you a detailed report via email about all of your breached passwords and to which online account they belong to.

You can also see if your passwords have been compromised by using Google and Apple’s built-in tools. Google Password Checkup, which can be accessed from Chrome’s password manager, will provide you with a list of all of your compromised passwords as well as give you the option to change them. 

On a Mac, you can head to System Preferences > Passwords to see all of the passwords stored in Keychain. Next to each entry, Apple will tell you if your passwords were compromised or even reused across accounts and provide you with a link to “Change Password on Website.”

2. Delete your unused accounts

As the number of online accounts you have grows, you create a wider attack surface for cybercriminals who will often use one compromised account to target other more valuable accounts. This is why you should go through your online accounts and delete the ones you no longer use.

Fortunately, Background Checks.org has an online tool called Just Delete Me to help make the process of deleting your unused accounts easier. The tool itself is a directory of direct links that allow you to delete your accounts from the web. The directory is also color-coded to let you know which accounts are easy to delete (green), hard to delete (red) or impossible to delete (black). There’s even a “Show Info” button under each entry that gives you instructions on how to delete each account. A Google Chrome extension is also available that adds a traffic light icon to the browser’s omnibar that provides all of the information from Just Delete Me at a quick glance.

In addition to making you safer online, deleting your unused accounts can help reduce spam in your inbox and make your online presence more clutter free. 

3. Create strong, unique passwords for each of your online accounts

LastPass Free Password Generator

(Image credit: LastPass)

When it comes to creating strong, unique passwords for all of your online accounts, coming up with passwords on your own can be difficult, which is why many users fall into credential reuse where they use the same password or a variation of it across multiple accounts. This is the easiest way to get hacked as once your password is compromised on one site, it can be used to gain access to your other online accounts.

For this reason, you should use a password generator to come up with your passwords instead. LastPass has a free Password Generator Tool on its site that can help you do just this. However, it also has a toggle at the bottom that can be used to adjust the length of your passwords and you can have it create passwords that are easy to say or easy to read. You can choose to include uppercase or lowercase letters (or both), numbers and symbols so that the passwords it creates will meet signup requirements.

4. Store your passwords securely using a password manager

While a password generator can help you create new passwords, a password manager can be used to store them securely and many can also be used to create passwords as well. Paid services will give you more features but Bitwarden is a free, open source password manager that gets the job done. 

Even with Bitwarden’s free plan, you can create unlimited passwords and sync them with an unlimited number of devices. There are also apps for mobile and desktop as well as browser extensions. If you want more though or plan on using the service for business, you can always upgrade to a paid plan after testing out the free one first.

5. Install an antivirus program or get to know the one you already have better

Google Play Protect app settings

(Image credit: Tom's Guide)

When it comes to protecting yourself against malware and other cyber threats, one of the easiest things you can do is install antivirus software on your Windows PC. However, you may not even need to as Microsoft’s built-in antivirus software, Windows Defender, has improved significantly at detecting threats in recent years and it comes pre-installed on both Windows 10 and Windows 11. Still though, you may want to open it up and poke around in the settings to ensure that everything is configured correctly. It’s also worth noting that Windows Defender works best when you’re using other Microsoft products, so this means that you’ll want to use Microsoft Edge instead of Google Chrome when browsing the web.

Android users are in a similar situation, as Google Play Protect can help keep your smartphone secure with minimal system impact. Just like with Windows Defender though, it comes pre-installed and enabled by default. However, Google Play Protect isn’t the best at detecting malware, so you may want to install a separate Android antivirus app if you want even more protection for your phone or tablet. This won’t affect Google Play Protect though as it can run on your devices even with a separate antivirus app installed.

6. Learn to spot phishing emails to protect yourself from scams

Phishing emails are routinely used to steal your personal information and credentials which is why they can be so detrimental to your online security. For this reason, you should educate yourself on how to spot them so that you aren’t tempted to interact with them or click on any links they contain. Microsoft has a detailed support page with tips on how to protect yourself from phishing and things you need to look out for like bad spelling and grammar, mismatched email domains and suspicious links or attachments.

If you want to take things a step further though, the cybersecurity firm Proofpoint has a Free Phishing Awareness Training program with eight different mini-courses on a number of different phishing campaigns including fake browser updates, lookalike websites, fraudulent shipping notifications and more. These courses provide useful information, warning signs and actions you can take to avoid becoming a victim of phishing. It’s worth noting that you will need a business email address to sign up.

7. Stop using the same email address for all of your online accounts

An email inbox displayed on the screen of a laptop, next to a cup of coffee.

(Image credit: one photo/Shutterstock)

Although many of us have separate personal and work email accounts, some experts actually recommend having four different email accounts. However, for improving your online security, just two will do. This way you can have a main email account and an alternate one.

In a blog post on AARP’s website, chief security evangelist at ESET, Tony Anscombe suggests putting your finances in one email account and putting everything else in the other address. This way when you see financial or business emails in your other email account, they’ll stand out immediately and you’ll know to exercise caution when interacting with them.

Another way that you can improve your online security is by only sharing your main email address with those who need it. If a cashier asks for your email while shopping, respectfully decline and you won’t end up with spam in your inbox. Also if a company falls victim to a data breach, your email won’t be exposed.

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.