Safe Computing Advice

Safe computing skills are foundational digital literacies, affecting every area of your life, with consequences that trickle into our institutions, businesses, and community. Safe computing means to be appropriately informed about the security implications of our digital choices: What we click, where we go, what information we give out, how we keep information safe. You don’t need to be an expert to learn some safe computing skills that can drastically reduce your risk and give you more control over your digital space. This page covers four important skill sets: Securing your device, email security, safe browsing, and password management.

Device security

Having a secure device means that you’ve taken steps to ensure that your computer can sufficiently protect the information that passes through it—and that information is important: You might see a collection of vacation photos and shopping receipts, but a hacker sees the keys to your identity and a potential launch point for other attacks. The most important steps are to be rigorous about applying updates, to have an anti-virus, and to password protect your device.

  • Updates are the single most important security protection in your digital life. If you change one behavior after reading this, it should be diligent updating. Best case is to set updates to occur automatically.
  • Anti-viruses are needed on all major devices, including Apple computers. Notice that this is just one of several critical security measures: Anti-viruses aren’t a cure-all, but they are essential. Fortunately, there are plenty of great, free anti-viruses available, and they mostly run in the background. See our anti-virus page for more details.
  • Password protecting your device isn’t just about preventing physical access to the device, it also helps protect the computer against remote attacks and from rogue software. Encrypting your hard drive is another step in the right direction. See the password management section below for tips on making and keeping good passwords.

Email security

Your email account has special security needs because it can reset the password for almost any other account, it is where you’re exposed to most phishing attacks, and if compromised, it could be used to send malicious emails. If you make good security choices for a single online account, it should be your email. In addition to choosing a strong, unique password for the account, it is important to turn on 2-step verification and to use caution when interacting with emails.

  • 2-step verification is an extra layer of security on your account. Periodically, you’ll face a second authentication challenge when you log in, like entering a one-time code sent to your phone. 2-step verification is required on Luther emails, but you should enable this service for any other service you can. While 2-step verification isn’t a guarantee to protect your account, it makes accounts drastically more secure. See our 2-step verification page for more information.
  • Phishing is the most common form of cyberattack. Use caution when opening emails you weren’t expecting. Verify that the request within the email is legitimate before providing any personal information. Do not follow any links unless you trust the destination or open any attachments unless you are absolutely sure what they are about and who the original sender was. See our phishing page for more information.

Safe browsing

Most of our exposure to digital risk happens on the internet. Clicking the wrong thing or going to the wrong site can be disastrous—So how do we know what is safe and what isn’t? A few general rules of thumb are to browse intentionally, to exercise reasonable suspicion, and to notice what “normal” looks like.

  • Intentional browsing means only visiting sites that you’ve evaluated to be safe, as opposed to following a maze of ads and posts. Similarly, manually navigating to a site’s main landing page is safer than relying on, say, a random emailed hyperlink. If you’re unsure about a link, Google’s site status page will analyze it for you.
  • Exercising reasonable suspicion is largely self-explanatory, but it does bear mentioning that the internet is not an inherently safe space. Here are some warning signs you should heed:
    • You get an unexpected email that urgently needs you to do something. See our phishing page for more information. Your browser is using a different search engine than Google, Bing, or other known, legitimate service.
    • Your browser warns you that a site isn’t safe
    • Your email service warns you about a specific email
    • A tech support service contacts you unexpectedly
    • The site you’re visiting raises pop-up windows, background windows, or additional tabs
    • The site you’re visiting goes through several redirects before your final destination
    • The site you’re trying to visit isn’t the one that’s delivered
    • You’re asked for sensitive information on non-encrypted sites (i.e. those sites without addresses beginning “https” or that don’t display a lock-icon in your address bar).
  • Form a mental impression of baseline “normal” behavior for your computer, so that you’ll recognize when something is off. This means noticing what an OS prompt looks like, what your browser’s default homepage looks like, etc. Attacks will often attempt to impersonate a service you trust, but fail to get it just right: the font, language, styling or behavior may be slightly different from the real thing. This is your clue to exercise greater care or seek help.

Password Management

Successful password management is the skill of securing and generating good passwords. For most people, this is the most cumbersome part of their digital life: we have too many passwords and most of them are variations of each other. Fortunately, there are a few good techniques to make passwords less of a hassle, namely using a password manager and creating memorable passwords.

  • Password managers are tools that store your passwords in a high security vault. Many password managers integrate with your browser, allowing them to fill in passwords, store new or changed passwords, and generate random passwords. When you use a password manager, the number of passwords you need to remember sharply decreases, freeing up some mental space for better passwords for your most important services. LastPass and 1Password are two popular choices—both services have a good free service. For more information, see our password manager guide.
  • Picking a new password can be hard. Often we choose weak variations on existing passwords. The Technology Help Desk recommends a passphrase method, where your password is 3-5 random words without special contortions like word substitution. This makes for strong, memorable, unique passwords. For more information, see our passphrase guide.