Hello!

Congratulations! You've found my walkthrough for how to be safe online. I've written this document for my CyberDefense class as a "giving-back" project. I'm hoping to raise awareness of some common pitfalls and other trouble that people often face online, providing some tips for avoiding these along the way. Feel free to reach out with any suggestions or questions! You can email me at .

And with that, let's get started!

Keep Your Information Safe

Keeping your information safe from cyber criminals is essential. Whether you believe it or not, the entire globe is filled with thousands (probably millions) of people who are scouring the internet, looking for someone's personally identifiable information (commonly referred to as "PII" if you're curious). Once these criminals find certain information, they can do any number of harmful and illegal things, such as:

What should you do?

While these may seem frightening at first, an important thing to remember is that criminals are always looking for low-hanging fruit. If your information is harder to steal, they'll go looking for someone else's.

Think of it like being the only house in your neighborhood with a lock on its door. Your house will be much safer than the others because the thieves likely wouldn't go through the trouble of picking your lock when they could walk into someone else's house instead.

With that metaphor in mind, here are some easy ways you can keep your information safe:

Be extremely careful with your social security number

In the old days, social security numbers were never thought to be confidential. Times have changed dramatically. Social security numbers are used for very sensitive and important things, such as applying for a loan, verifying your identification to your bank, paying your taxes, and much more. If somebody knows your social security number, they can do all these things and much more.

As a rule of thumb, be extremely cautious (probably just avoid) sharing your social security number with:

If someone does not need to know your social security number, they shouldn't be asking for it. For me, my wife knows my social and I know her's, but I don't, for example, share it with my siblings. It isn't because I don't trust them, but because they don't need it (and, of course, I trust my wife more than anybody). My wife may need my social in case of an emergency. We'll discuss this more later, but it's ok to share your social with a trusted family member who functions as an emergency contact and/or who will generally take charge of your estate should you pass away (i.e., a spouse, a trusted child, etc.). But, when you do, it's best to limit who you share this with (i.e., maybe just one of your children instead of all of them).

As you're likely aware, we're at a golden age of phone, email, text, and other communication-based scams. If anyone using any of these (or other) methods requests your social security number, you should immediately have alarms ringing in your brain. Even if they seem really nice or desperate, you should always exercise caution. The tell tale sign of a scammer is that they'll be in a hurry. If someone's trying to encourage you to be fast, they're undoubtedly trying to avoid having you think critically about a situation, making it more likely for them to scam you.

Regarding scams, remember: if it didn't work, they wouldn't be doing it.

I should add a note here that there are a few (quite rare) instances where disclosing your social security number over the phone is valid. I personally can't think of any over email (and certainly not over text), but I used to work at a bank where I would, as part of our verification process, ask people to disclose their partial or even their full social. I'd also ask them for their full social when they'd apply for financing. While these are legitimate, I'd occasionally have people who were extremely cautious and didn't want to disclose it. This did not bother me. While these people didn't need to go this route, there were alternatives where they could upload some pictures of ID-verifying documents (i.e., a drivers license) to a secure website that would send it over to be verified. Basically, even for legitimate instances where disclosing your social is ok, you're often welcome to still exercise caution and skepticism.

Be cautious about anything else that identifies you, especially online

Telling a close and trusted friend your address, full name, some of your family members' names (i.e., your mother's maiden name), and even your birthday or age are relatively commonplace and generally harmless. However, these should never be shared with people or organizations you don't know and trust. That's because, when a criminal is trying to steal your identity, they often need more than just your name and social security number. They may, for example, need to know your date of birth, your high school mascot, or even your childhood pet's name, depending on the situation. Limiting the amount of information criminals have about you is a great way to stay safe online.

What about my birthday?

While it appears commonplace for people to share their birthday online, it really is limited mostly to Facebook. Generally speaking, a person's date of birth (or their birthday and/or age) is kept private. Think about it. In order to, for example, get your prescription medications, all a person would need to know is:

Other institutions, including some banks and doctor's offices, also only require a full name and date of birth for verification.

While deciding whether or not to keep your birthday on Facebook is a personal decision, I personally don't have it on mine. The people in my life who really care about me will wish me a happy birthday without the help of Facebook.

Click here for a tutorial by Lifewire on how to hide your birthday from the public on Facebook.

If you're worried that someone has posted a happy birthday message on your page (i.e., and that someone could use that to figure out your birthday), you can learn how to remove it by clicking this tutorial from Facebook.

Anything else?

The last thing I can think of is to be careful what you post online. If you post about someone's birthday, post about your home address or other personal information, or post anything that might be embarrassing, it may be worth deleting the post (again, you can find out how by clicking this tutorial). Regularly checking your Facebook profile page and seeing if there's anything there that you don't want is generally a good weekly or monthly habit to have.

Whether it be on Facebook, a text to a friend, or any other online platform, always remember: once you send something on the internet, you can never take it back. Once something has been sent out, it cannot be undone. Always be careful what you say online, especially if it could compromise your identity.

You might be wondering what information is safe to share. In my opinion, the following are generally safe to share:

That's generally all that's required to be shared in order to use the internet. A common rule in cybersecurity is to "deny by default," only giving the minimum information that is needed. Keeping your information safe online is an excellent way to avoid being a victim of fraud.

Keep Your Computer and Smartphone Safe

Nowadays, desktop computers, laptops, smartphones, and even some refrigerators all can normally do a similar set of online functions, such as checking email, accessing the web, and so forth. Cyber criminals around the world want to take advantage of vulnerabilities found in these devices so they can, among lots of other things,

While these consequences for poor security might seem frightening or overwhelming, remember that taking basic security cautions can greatly reduce the chances of any of this happening. Here are some ways you can get started:

When people refer to a "link," they're referring to a set of letters and numbers that, when clicked, will take you to a specified website. They're normally blue and can be clicked to go to a certain website (the previous link just takes you back to the website you're currently on, www.justafewthoughts.org. Click it and try it out!).

Links can be found anywhere online. They are often used on websites, in emails, on social media, and can sometimes be a bit tricky to notice. Sometimes, for example, a link is inside a picture, sometimes of a button that says "click here!" Other times, a link can be a bit tricky. For example, the link www.apple.com might look like it's taking you to Apple's website, but, if you click it, it'll actually take you to Microsoft's!

A more modern type of link is what's called a "QR code." You've probably seen a QR code before, most of them look something like this:

QR Code 1

Sometimes a QR code might have a picture in the middle, sorta like this:

QR Code 2

The picture in the middle doesn't usually mean anything, it's just a way to decorate it, sometimes with a company logo.

These two QR codes are both links that go to the website you're on now (www.justafewthoughts.org). To use a QR code, you'll need to open your smartphone's camera and point it at the QR code, then click the link button that appears. If you're using a desktop or laptop computer, try it out! If you have any trouble, click here to view a helpful tutorial by WikiHow.

If you're viewing this website on your smartphone, you can take a screenshot of the QR code, view the picture in your Photos app, and click the link that should appear. Click here to view a tutorial by Webopedia on how to do this. You can also take a picture of a QR code and use the link using the same method.

QR codes should be treated just like any other link. They should be scanned with caution. Only scan a QR code that you know is trustworthy. For example, if you're at a restaurant and they say that the menu can be accessed using their QR code, it's probably safe. Or, if you're at church or a play and they give you a QR code to scan for the program, it's also probably safe. But, if you're on a walk and see a QR code stapled to a utility pole that just says "Scan me" without any context, it could install a virus on your phone if you scan it.

The same goes for any link. If you click on a malicious link, it can send you to a website that forcibly downloads viruses and/or malware onto your phone or computer. Only click on links that you trust.

If you're ever unsure about a link (or anything else online), ask for help! Ask a trusted family member or friend if you want to click a link but are worried it might be malicious. You can also reach out to me if you'd like.

Use a long password

To start, you should never share your passwords with anyone except maybe a trusted emergency contact. Avoid telling your passwords to friends, family, or (obviously) strangers. Companies will never call or otherwise reach out to you asking for a password. You should never text or email any of your passwords to anyone.

Understanding a bit how passwords work will help you understand why it's so important to have a long password. When you create a password for your computer or website account, the password itself is never saved anywhere. The text of the password is mathematically jumbled up into what's called a "hash." The hash is then stored inside the computer. Whenever you try to log on, it will take the password you give, turn it into a hash, and compare the hash to what is inside. If the hash matches, it will let you in. If the hash doesn't match, it will tell you you've got the wrong password.

If you're curious, here's what your password hash would look like if you're password was "Hello" (using the sha256 algorithm):

66a045b452102c59d840ec097d59d9467e13a3f34f6494e539ffd32c1bb35f18

(By the way, your password should never ever be "Hello").

The reason why computers use hashes is because a hash is impossible to reverse. In other words, a computer can easily get the hash from "Hello," but it's a bit harder to go the other way, getting "Hello" from the hash.

But, how hard is it?

Let's say I broke into your house and stole your old Macbook Pro (I would never do such a thing). I could take it home and, using some vulnerabilities in some older MacOS versions, I could find your password hash. Then, I would give the hash to my personal computer. I would then give my computer a large dictionary of words and tell it to hash each word in the dictionary until it finds the word that matches the hash. Once it has found it, I've found your Macbook Pro's password.

This was actually a project in one of my previous cybersecurity classes. We were given an older Mac and instructed to break into it. After some online research and help from my classmates, that's how I got in.

How long did it take my computer to guess the password? If the password was "Hello," it would have taken milliseconds. Computers are great at doing things really really fast. I remember the password in the Mac I broke into was a bit longer, I think it took about a half hour. If you're password is 8 or 9 characters long, it'll probably take a few hours (especially if there's a number or special character). If it's 12, it'll probably take a few days or weeks. If it's 16 or longer, it'll take several years.

So, in other words, if you're password is "0Ld_y3LLr" (9 characters), it would certainly be cracked within a week, possibly within a day. If your password is "I really love my grandmother's cherry pie" (41 characters), it would take hundreds of years to crack. You could make it a bit trickier by adding some numbers and maybe even intentionally misspelling some words, like so: "I realy luv my gr@ndmother's chery p1e" (38 characters). Because this password is technically a few characters shorter than the first one, some would argue that the first one is more secure. At this point, it would still take a matter of centuries for a bad guy to crack either of these passwords (unless, perhaps, they knew you loved your grandmother's cherry pie).

With passwords, it's generally a good idea to think of them as "pass-sentences" rather than "pass-words." Sentences are much more secure because of how long they are.

But what if you're worried about having to remember all of these passwords?

Use a password manager

If you use the same password for every website and computer you use, an attacker only needs to compromise one of those to have access to your entire online presence. It's a best practice to use a different password for everything. Humans are terrible at this, but computers happen to be great at it! Hence the innovation of the password manager.

A password manager is an online dictionary of your passwords. It is kept secure by trustworthy organizations such as Apple, 1Password, LastPass, or NordPass to name a few. To access your password dictionary, all you need is one password, often called your "master password." Once you provide the master password, then you can view all of your passwords, copying and pasting them as needed.

Most password managers can be installed onto your smartphone or web browser and will actually automatically fill in your username and password for you, making surfing the web much easier. Many have a free to use version. I happen to be using an inexpensive paid version for me and my family, allowing me to use the password manager on all my devices.

If you use a Mac and/or iPhone, both devices currently have the "Passwords app" as a built-in password manager. You can read more about it here if you'd like.

Using a password manager is much easier and more secure than trying to remember every password you've ever used. It can be a bit daunting at first, but taking the time to learn how to use one will prove to be a wise investment in your online security.

Again, avoid sharing your master password with anyone except maybe a trusted family member or other emergency contact.

Regularly update your devices

Remember the exploit I told you about where I cracked the old Mac's password? That would not have been possible if the Mac's operating system was updated to the latest version. Companies and organizations that manage a computer's OS regularly release updates to make them more secure, sometimes adding new features that make the device easier to use.

Updating your computer's OS is free and normally quite simple. Click here to learn how to update your Mac, here for your Windows computer, here for your iPhone, and here for your Android (if you're using Linux, you're a big enough nerd to figure out how to update it on your own).

Anything else?

While there's no guarantee that these will prevent any sort of security breach or attack on your devices, being cautious with links, using a long password (12-16 characters or more), using a password manager, and regularly updating your devices will help you avoid some of the most common and dangerous cyber attacks.

How to Prepare for an Emergency

In the event of an emergency, it may be necessary for a trusted person to access your information, including passwords, bank accounts, medical history, home ownership documents, will, and lots of other information. One common problem, for example, is that, when a family member dies, their loved ones are often unprepared to get access to their computer and/or smartphone, preventing them from settling their estates, often making it more difficult to enact their will. This can even cause trouble in collecting more sentimental information such as recorded memories and photos.

Having a plan for an emergency is extremely important for both you and your loved ones. While I won't walk you through every way to prepare for an emergency, I will give a few suggestions that relate to your computer, smartphone, passwords, and online resources.

Have one or two trusted and capable emergency contacts

While you should never disclose your private information to someone you don't trust, you also shouldn't share it with someone who doesn't know how to handle it. The first step in preparing for an emergency is to pick one or two people who you know you can trust, who maybe live nearby, and who have at least a basic understanding of how to work a computer and smartphone.

Once you have chosen your person (or people, but not too many), ask them if they are willing to be your emergency contact and handle your information. If they don't feel comfortable with this responsibility, you should pick somebody else.

Have a secure and accessible way for your emergency contact(s) to access your information

Emergency situations can be scary. Making sure your information is easy to access by your emergency contacts will be critical. This is where having a password manager comes in handy; as far as passwords go, your emergency contact only needs your master password. However, it may also be wise to tell your emergency contact your smartphone PIN in case they need your phone for multi-factor authentication. You might also consider sharing your computer password as well as copies of some important documents, including your drivers license, deed to your home, vehicle title, and will, as well as the location of the originals of these documents.

You might also consider keeping a fireproof and waterproof safe in your home with the following contents:

If you go this route, you'll of course want to inform your emergency contact of the location and combination of this safe. You might even consider keeping the safe with your emergency contact if they're ok with that.

Final Thoughts

Just like a computer's operating system, this website will be updated as the world around us changes. Feel free to reach out to me at if you've got any questions or suggestions! Thanks for taking the time to read this, feel free to share it with anyone you'd like!

Last Updated: 13-Apr-2025