Learn More About Digital Privacy and Security
These short articles offer tips for digital privacy and security. They cover a wide range of topics, including:
- Setting Up a Social Media Account
- Creating Strong Passwords
- What is Two-Factor Authentication (2FA)?
- Securing Your Mobile Device
- Understanding Location Data
- How to Spot a Phishing Scam
- Filing Your Taxes and Avoiding Scams
- Shopping Safely Online
- Changing Privacy Settings on Facebook
- Who Can See My Social Media Posts?
- Safely Applying for Jobs Online
- Keeping Kids Safe: Avoiding Bullying Online
- Advice for Teens: Manage Your Digital Footprint
- Advice for Teens: Managing Social Media
- Advice for Parents: Talk to Your Teen About Social Media
Setting Up a Social Media Account
Social media is extremely popular, and you may already have accounts on popular platforms like Facebook, Instagram, or Twitter. If you’re setting up a new account for yourself or helping someone else — or if you already have an account — here are some tips to make sure your account is kept safe.
- Choose a strong password. Passwords should be easy for you to remember but hard for others to guess. Find more information on passwords here or check out our game Password Mania.
- Add an additional layer of protection to your account by turning on two-factor authentication (2FA). This means that after you enter your password, you will have to verify your identity a second way, either by having a code sent to your phone or email, or using an authentication app. 2FA should be used on accounts that have your most sensitive information, like bank accounts and email, as well as social media.
- Review your privacy settings. Most social media platforms set everything to public by default, so if you want to limit who can see your posts, you need to update the settings. Most social media platforms have a “privacy” section on their settings page.
- Finally, be careful when you share text, videos, and photos, because it may be visible to a lot of people. Don’t share sensitive information on these platforms — this includes things like your location, birthday, or address. It’s always a good idea to double-check a post before pushing the “Send” button to make sure there’s nothing in the post that could be problematic.
Creating Strong Passwords
We’ve all had to create passwords when setting up a new online account. In fact, you probably have dozens of passwords for your email, banking, shopping, and other accounts. But are you making common mistakes that weaken your password and make you more vulnerable to having your personal information stolen? Here are some important tips for making sure your data is protected.
- When you have a lot of online accounts, you might think it’s best to re-use the same password for all your accounts. But that’s not a good idea — if one account is compromised, that makes all your other accounts with the same password more vulnerable. Instead, consider using a password manager. These tools can be used to store all your passwords and help you generate strong passwords for new accounts. All you need to do is remember the password for the manager–so make sure it’s strong!
- We share a lot of personal information about ourselves on social media and other online sites. So it’s not a good idea to use information about us — the names of family members or pets, our favorite movie or book — in our passwords. Ideally, you want your passwords to be memorable to you but not something other people could easily guess.
- Every year, there are security breaches at major companies, and login credentials are posted online. From this, researchers have compiled lists of the most popular passwords, and we can see that people tend to use really simple passwords, including the word “password.” Make sure your password isn’t likely to land on one of these lists by making it long and complex. That doesn’t mean it needs to be a random string of letters, numbers, and symbols–it could be four random words strung together.
- For accounts that store sensitive information like your bank or email, you may want to add two-factor authentication (2FA) to provide an additional layer of security. 2FA means that in addition to entering a password, you have to verify your identity through a second method, typically via a PIN texted to your phone or through an authentication app.
What is Two-Factor Authentication (2FA)?
Two-factor authentication (2FA) — sometimes referred to as multi-factor authentication — provides an additional layer of security to your accounts. When you have 2FA activated, you typically enter your password, then need to enter a PIN sent to your phone or use an authentication app to confirm your identity.
Two-factor authentication may feel annoying, but it’s especially useful for protecting your most sensitive accounts, including your email and financial accounts, as well as online shopping and social media. We suggest adding 2FA to accounts that store sensitive personal information because they can protect your account, even if your password is stolen or compromised. A person would need to know your password and have access to your device (phone, tablet, or computer) to gain access to your account.
Examples of popular authentication apps include Duo and Google Authenticator. Once you have them set up, you can either send an authorization request to them when signing it or generate a 6-8 digit code that regularly resets.
Securing Your Mobile Device
If you have a newer mobile phone or tablet, it’s likely storing a fair amount of sensitive data about you, including account access and passwords. Therefore, you should take steps to make sure that data is protected in case your device is lost or stolen. This handout includes a number of tips for keeping your mobile device secure, including the following.
- Nearly all phones and tablets now let you set up a password, PIN, and/or biometric authentication like your fingerprint or Face ID. Make sure this feature is turned on! Entering a PIN every time you pick up your device might feel annoying but it’s the best protection you have for your phone.
- Once you have a password for your phone, you may want to add a separate password for your most sensitive apps, like banking apps. Check the settings in individual apps to see if you can add a PIN. This means that even if someone gets access to your unlocked phone, they won’t be able to open those apps.
- Whenever possible, connect to a secure WiFi network. Many stores and public areas now offer free WiFi, but those networks are generally not secure. So if you are connected to public WiFi, it’s a good idea to avoid sending sensitive data.
- Whether you have an Android device, iPhone, or something else, the operating system gets regular updates, often because someone identified a security vulnerability in the system. Some phones let you auto-update, meaning the phone will download and install updates whenever they come through. Or you might get a prompt from the device to install a new update. This might seem annoying but it helps ensure your device keeps running without a problem and keeps it secure.
- Go through the device’s settings, especially privacy and location settings. A lot of apps request you share location data even though they don’t need it to work. You can control which apps get access to different types of data from your phone and when they can access it (e.g., only when the phone is in use).
Understanding Location Data
If you have a mobile device, you might have had an app request access to your location and wondered if you should share it. Location data is considered to be some of the most sensitive personal information about you, as it tells someone where you are and, over time, can let people infer things like where you live and work, as well as times when you’re not home. So you should only share your location data with apps that you trust and that need that information to work. Here are some things to think about when it comes to location data.
- Most smartphones have “location settings” or “location services” under the privacy settings. You can turn off all location services on your phone, but it may make more sense to go through and turn them on or off for each app.
- Some apps need your location data to work. This includes Maps, Weather, and Transit apps. Check your settings–you might be able to change your settings so you only share your location with these apps when you are using them.
- Some phones let you share your location with trusted others. Make sure that you only share your phone’s location with people you know and trust like family members.
- In general, it’s not a good idea to post on social media about your current location. For example, if you post that you’re out of state on vacation, someone could use that information to break into your home.
How to Spot a Phishing Scam
Phishing refers to a popular type of scam that can occur by email, text message, or phone call. The message looks like it’s coming from a legitimate source — maybe an insurance provider, bank, or the IRS — and asks you to download a file or click on a link and provide your login credentials. If you share login information, the scammer can use it to access your account. Because of this, it’s important to carefully review any email potentially coming from one of your accounts. Here are some red flags to look out for:
- Does the message create a sense of urgency? Does it state you need to reply now or your account will be locked until you respond? This is a common tactic in phishing scams to make you act without thinking.
- Check the email address of the sender. Does it look legitimate? Are there spelling mistakes (e.g., missing or additional letters) or have a lot of extraneous letters?
- If there’s a link in the message, don’t click on it! Hover over it on a computer to see the full URL. If you do want to check your account, open a new tab, enter the URL and log in.
- Don’t download any attachments in a suspicious email. It could contain malware that compromises your device.
- When in doubt, call the company at a number listed on an official website, and ask about the message.
- Check out the Federal Trade Commission’s website for more tips on how to recognize and avoid phishing scams.
Filing Your Taxes and Avoiding Scams
Every year, Americans file their taxes, and it’s becoming more common to file taxes online through sites like TurboTax. However, there’s also been an increase in the number of tax-related scams, so it’s important to be extra careful in protecting your financial information during tax season.
- Sometimes scammers will pretend to be other people and file their taxes early to get the return. Because of this, you should try to file your taxes as early as possible each year.
- One of the most common phone scams involves a call or email supposedly from the IRS. In fact, the IRS has released a list of 12 types of tax-related scams they’ve recorded, including phishing attacks, social media scams, and payroll scams. You should never click on a link or give a caller your personal information if they claim to be the IRS.
- You can always file your taxes through the IRS website, or use a trusted service like TurboTax. Be wary of alternative tax-filing sites that claim to get you a bigger refund.
- Sign up for free credit monitoring and check your credit report once or twice each year. This will make it easier to keep track of your financial accounts and more quickly identify fraudulent activities.
Shopping Safely Online
Online shopping has come a long way since Amazon and eBay first launched in the 1990s. Today, nearly all retailers have an online presence and many will ship products around the world. Online shopping provides tremendous convenience, letting you order products from the comfort of your home. But it can also put your personal information at risk. Follow these tips to make sure your online shopping experience is safe and secure.
- Big retailers like Amazon, Target, and Wal-Mart can generally be trusted for online purchases. That said, you should always double check the site is using HTTPS when you go to enter your financial information.
- There are many ways to pay for online shopping. If you’re using a credit card or bank card, check whether they protect you in cases of fraud. There’s also “digital wallet” companies like Paypal, Apple Pay, and Google Pay that you can use instead of entering your credit card information directly. Or you could also look into services that create a unique card number for each purchase, which reduces the likelihood of your account being compromised.
- Be very cautious when making purchases from online marketplaces on sites like Facebook and Craigslist. Never send money before you can verify the purchase is what was described online. And if you need to meet up with someone to pay and get the item, do so in a public place like outside a major store or in the parking lot of your local police department.
- You may like to browse online sites when you have some down time. But be very careful about submitting sensitive information like your credit card number when you’re on public WiFi that doesn’t require an account or login. It is very easy for a hacker to intercept information sent over a public WiFi network, so it’s best to wait until you get on a more secure network before you complete your purchase.
- Be careful when making a purchase from a device you don’t own. Make sure you don’t accidentally save your personal information to that device and make sure you log out of any accounts when you’re done.
Changing Privacy Settings on Facebook
Facebook is still the most popular social media platform, with more than 2 billion users worldwide. Many people connect with friends, family, coworkers, and others through the site, and we share a lot of information through posts, photos, and videos. Because of this, it’s important to make sure your account is set up the way you want it to be. While specific settings change over time, here are a few suggestions for keeping on top of your Facebook account.
- First, find the Settings page. On the website, this is usually in a pull-down menu in the top right corner of the page. On the app, it’s usually in the bottom right (click on the three bars, then scroll until you see Settings & Privacy).
- Facebook offers a feature called “Privacy Checkup” that walks you through different settings and options on your account. This is useful, especially if you haven’t looked at your settings in awhile.
- If you want to add an extra layer of protection, you can add two-factor authentication (2FA) to your account under Security & Login. [Don’t know what 2FA is? Check out the description above.]
- Think about who you want to see your Facebook posts. One way to control this is to turn off a feature that lets search engines index your page so they show up in search results.
- Facebook uses facial recognition technology to auto-tag people in photos. For some people, this is very convenient, while others find it kind of creepy. If this bothers you, you can turn the feature off in Settings.
Who Can See My Social Media Posts?
Have you ever posted something on social media, then got a reply from a stranger? Maybe you wondered how that person saw your post. Or maybe you thought your post was only visible to your friends. Most social media share your content publicly by default, so follow these tips to make sure your post settings match your expectations on different social media platforms.
- Look at your settings on each social media site you use. The settings will vary a lot, and some platforms like Twitter only let you have your account as private or public. Others, like Facebook, let you share things publicly, with all your friends, or with a subset of your friends. Facebook also lets you quickly change the settings on an individual post — look for a button directly under your name and click on it to change who can see that post.
- Another way to protect your posts is to use a “pseudonym,” which is a name not connected to your “real” identity. Then you might feel less concerned about sharing posts publicly. For example, you could make your Twitter handle “LovesCats24” instead of “JoeSmith24.” Not all sites let you make up your user ID, however; Facebook, for example, requires you to use your real name when setting up an account.
- Some social media platforms have a setting that keeps your posts from being indexed on popular search engines like Google, even if the post is public. Check the privacy settings on each site you use for this feature.
- Ever wonder what some random person on the internet sees when they click on your social media profile? Facebook has a feature to let you do this. Go to your profile and look for the “View As” option (currently listed under the three dots on the top part of your profile). This will show you the public view of your account.
Safely Applying for Jobs Online
Many jobs now ask you to complete an online application form, and they may also ask for you to share sensitive information as part of the application. However, it’s important to make sure that any information you share with a potential employer is kept safe, and that can confirm an application request is legitimate. In this handout, we share some tips to avoid scams and keep your personal information secure.
- A lot of companies and individuals post job ads on social media, online job boards, and sites like Craigslist. If the job listing is not on an official company website, take care with sharing personal information. You may want to take some extra steps to verify the job ad is legitimate and not just a scam to get your information or money.
- Online job forms may ask for a range of potentially sensitive information, including your address, contact information, and social security number. When filling out a job application online, check the URL for the site. Is it https? If so, that means your data will be encrypted when you submit the form. If the form does not use https, you may not want to submit sensitive information through it. Instead, call the company to ask about (1) whether you need to submit that information and (2) whether you can provide it through an alternate channel.
- If you’re ever uncomfortable with a request for information that you don’t think is necessary for the job, ask! Some information may be required to collect by law, but other times applications ask for information they don’t need. For example, some employers have asked job applicants to share their social media account information — or even their login credentials! Several states have made this practice illegal but others may still try to ask you for it.
Keeping Kids Safe: Avoiding Bullying Online
Cyberbullying and harassment are unfortunately part of interacting online. That doesn’t mean you should try to keep your child from using any interactive platform; rather, you can help them be prepared to both minimize their chances of experiencing cyberbullying as well as respond when they see it online. In this handout, we’ve provided information on four organizations and websites that actively work to stop cyberbullying.
- StopBullying.gov provides information from different government agencies on identifying, preventing, and responding to bullying.
- ConnectSafely.org is a non-profit focused on teaching adults and children about online safety, privacy, and security.
- The US Federal Trade Commission has extensive resources aimed at protecting kids online, including recommendations for talking to your child about cyberbullying and, more broadly, staying safe online.
- CommonSense Media is a great resource for navigating technology and media. They provide reviews and ratings of TV shows, movies, and video games, as well as educational materials on a range of topics, including cyberbullying. See their Family Engagement Resources for ideas on how to talk with your kids about their technology use.
Advice for Teens: Manage Your Digital Footprint
The term “digital footprint” refers to the traces you leave online–your social media posts, things other people post about you, and more. If you’re curious about your digital footprint, you can Google your name. If you have a common name, try Googling your name plus something about you (e.g., “Joe Smith” +Maryland).
While being aware of your digital footprint is important for everyone, teens need to start thinking about the things they post online and how they could be problematic in the future. Colleges and employers do online searches for prospective students and employees and no one wants to miss out on an important opportunity because of a social media post.
Even while in high school, teens should start thinking about their online image and what type of impression they want to create. This could mean starting a public-facing website or social media account to share hobbies. It could also mean locking down social media accounts so they don’t show up in search results or can be viewed by anyone on the site. This kind of impression management is just as important online as it is offline.
Advice for Teens: Managing Social Media
There are dozens of social media and messaging apps out there, and you may use multiple accounts to chat with your friends, watch videos, and keep up with the latest trends. But it’s also important for you to make sure you keep your social media accounts — and the content you share on them — protected. Here are four tips to help you ensure your social media remains a fun experience.
- The easiest step you can take is adding a password, fingerprint, or Face ID protection to your phone to keep other people from accessing your apps. This includes both friends or siblings, who may want to pull a prank on you, as well as strangers if you leave your phone out or lose it.
- One of the best — and worst — things about social media is how easy it is to share content. Take a quick video at a concert and want to share it with your friends? No problem. But that also means that sometimes we might post something before thinking through if it could hurt someone’s feelings. Maybe a friend looks really bad in a picture, or maybe you make a joke that could easily be misinterpreted. So it’s always a good idea to slow down a bit and double-check your post before clicking “send.”
- Privacy settings vary a lot between apps but it’s a good idea to check them out and make sure you’re okay with the settings. Can anyone on the internet see your posts? Maybe you want to limit that just to friends.
Advice for Parents: Talk to Your Teen About Social Media
If you have a tween or teen, it’s likely they have at least one social media account — or they want to set up an account. Social media can be a scary place, but they can also help children connect with their friends and learn about new things. We think the most important thing you can do as a parent is have open conversations with your children about social media and encourage them to share their experiences with you and come to you if they have a problem. Here are three tips to help you talk to your child about social media:
- Set ground rules. These rules could define which social media they can and cannot use, who they can connect with on social media, and the type of content that is inappropriate to share. For example, you may decide it’s okay for your child to have an Instagram account as long as the account is set to private and they let you follow them. Or you might say it’s okay to use Instagram but not Snapchat. Or you might tell them it’s okay for them to watch Tiktok videos but you don’t want them posting videos of themselves. When you set these ground rules, it’s important to share with your child why you’re putting these rules in place, and to let them know that rules can change over time. As they get older, for example, you might be more willing to let them join social media without your explicit approval first.
- Along with setting up rules, it’s important to make sure everyone — adults and children — understand those rules. It might even be a good idea to write down rules about technology use and put them in a prominent place to reduce confusion. While tempting, you should avoid spying on your child by going through their phone whenever possible. This is a breach of trust and could make your child resent you and try harder to hide things from you. Part of growing up is putting more trust into your child and letting them make mistakes; if they do make a mistake, you want them to trust you enough to come to you for help.
- Fostering trust with your child when it comes to social media will also benefit other types of interactions, and you can encourage them to come to you whenever they have a problem or want to talk about something they saw. Especially as teens enter high school, you want them to know that they can talk to you without fear of judgment or punishment, and trust plays a key role in that relationship.