18 April 2013

Best Security Tips for Safer Browsing

google chrome safe browsingThere's a lot to like about Google Chrome's built-in security features. The browser offers unique sandboxing functions and privilege restrictions, and even updates itself in the background to help better protect you from hackers and malware. But like all browsers, Chrome is imperfect, and there are steps you can take to protect it from attack. Here's how to get the most from Chrome's built-in security features, and work around its security shortcomings.

Privacy features

Chrome offers several privacy features that help protect you while you browse. The most notable are its phishing- and malware-protection schemes, and a tool that can auto-correct misspelled Web addresses.

Chrome's phishing and malware protection put up a warning screen whenever you visit a website that Google has identified as potentially malicious, whether it spreads malware or tries to steal your personal information. Meanwhile, Chrome's URL autocorrect feature usees a Google-provided online service to fix misspelled URLS to help you avoid visiting the wrong site—and perhaps a nefarious site—by accident. Indeed, "typosquatting" is still a threat.

Chrome has several useful features that can help you avoid dangerous sites.

To use these features, open the browser's Settings panel and scroll down to the Privacy section (you may need to click Show advanced settings to get there), and check the boxes labeled Use a web service to help resolve navigation errors and Use a web service to help resolve spelling errors. Also, be sure to check the Enable phishing and malware protection box.

Additionally, click the Content settings tab and consider restricting some content. You can, for example, disable JavaScript (which is often exploited by malware) and plug-ins. When you do so, Chrome will notify you when a site is using them so that you can voluntarily opt in for legitimate sites.

Restricting and limiting Web content can help block some types of malware attacks.

Protect your saved passwords and credit card details

If you let Chrome save your website passwords, anyone who uses your PC can easily access them with a little poking around in the Settings panel. But unlike Firefox and its Master password feature, Chrome—and by extension, third-party add-ons—won't let you encrypt your passwords or saved credit card information.

Luckily, there are a few things you can do to help protect your privacy. First, don't allow people you don’t trust to use your Windows user account. Instead, either create a new Standard (non-administrative) account for others to use or turn on the Guest account.

It's ridiculously easy for someone to get at your saved passwords in Chrome.

If creating another Windows account is too inconvenient, consider using a Chrome extension like ChromePWBrowser Lock, or Secure Profile to password-protect Chrome. This effectively forces others to use another browser on your system like Internet Explorer (which doesn’t let others easily view your saved passwords) or Firefox (which lets you encrypt and password-protect your saved passwords).

Another option is to securely store your sensitive data using a third-party password manager. Some third-party password tools let you sync your passwords across other browsers, which might be helpful if you go from one computer to another. KeePass andXmarks are two popular password managers worth trying.

Secure your synced data

Chrome can sync most of your settings and saved data (including passwords, but not credit card details) across multiple computers and devices that have Chrome installed, but this creates a security vulnerability. By default, Chrome requires you to enteronly your Google account password to set up a new computer or device to sync your browsing data. So if your Google account password were hacked, an intruder could potentially access a list of all your passwords.

Adjusting your sync settings can better protect the data that Chrome saves.

That is, unless you set a custom encryption syncing passphrase.

Once you set a syncing passphrase, you have to first sign in with your Google account password and then enter the passphrase to set up new synced devices. This adds an important extra layer of security. To set this up, openSettings, click Advanced sync settings, and select Choose my own passphrase.

While you’re there, also consider turning on encryption for all synced data instead of just passwords.

Secure your Google account

Google offers several security features to help you better control and protect your account, and you should definitely consider using them if you use Chrome's sync feature. They help secure your entire Google account, so you should also consider using these security features if you tap into multiple Google services.

On the Google Account Security page, consider enabling Google's 2-step Verification. Once you've done that, you’ll have to enter a special code—which you'll receive via text, voice call, or the Google app—whenever you attempt to sign in to Google from a new PC or mobile device. This scheme ensures that anyone without direct, hands-on access to your mobile hardware will be denied entry into your Google data. When signing in to applications or features that don’t support the verification codes (like Chrome's sync feature), you’ll have to sign in to your Google account, access the 2-step Verification settings, and generate an application-specific password.

Google offers many security features and functions so you can better protect your account.

While on the Google Account Security page, you might also want to turn on email and/or phone notifications for password changes and suspicious log-in attempts. This way, you'll know right away if someone tries to change your password or attempts to log in to your account without your knowledge.

Additionally, review your recovery options in case you forget your password in the future. Last, review your authorized apps and sites and remove those you don’t use anymore.

Install extensions for additional protection

We reviewed many of the security features offered by Google and Chrome, but various extensions allow you to add even more security functions. For example, Web of Trust (WOT) can warn you of dangerous sites, and ADBlock can remove annoying or malicious advertisements that can lead to malware or phishing sites. View Thru lets you see the destination of shortened URLs, and KB SSL Enforcer can help you take advantage of HTTPS/SSL encryption on sites that support it.

For professional and affordable web design and web development, feel free to contact us at Farend, for no obligation consultation.

The above article was originally published by PCWorld and can be seen here.