The absolute minimum you need to do to stay secure online

There are a lot of fancy things you can do if you want to stay secure online. But security generally comes at the expense of convenience, and for most people the really secure option that takes hours is just not worth the extra work compared to the less-secure option that they already have.

There are a lot of things you can do to be secure online, but here are the things you have to do. Ignore at your own risk.

1. Password-protect your laptop. And use a unique password. If someone ever steals your computer, you really don’t want that person to have access to all your files and online accounts.
2. Lock your phone with Face ID, Touch ID, or a PIN. If you use a PIN, don't set it to your birthday and don't repeat the same number a bunch of time.
3. Stop using the same password for multiple sites. 65% of people use the same password for every site. If you are one of these people, you are only one password leak away from letting a hacker take over your entire digital life. You can protect yourself without increasing the number of password you have to remember by using a tool like LastPass to generate long, unique, random passwords for all the sites you visit. With LastPass, all you have to do is enter your LastPass password when you open your browser and then the service will remember and autofill your passwords for all the sites you visit. It’s easier and it’s more secure.
4. Whenever you have to actually remember a password, use an xkcd-style password made of four+ random words. Passwords in this format are easy to remember and are actually much more secure than ordinary passwords, even if the attacker knows you are using a password in this format. I recommend generating these kind of passwords with a tool like this and then adding an especially uncommon word and maybe a symbol or two.
5. Activate two-factor authentication (2FA) on all the accounts you care about. At least do this for your email, as someone gaining control of your email can request password reset emails on other sites and use them to log into basically all of your accounts everywhere. 2FA can be as easy as getting a prompt on your phone verifying that you’re currently trying to log into your account. It’s easy and it goes a long way towards keeping your accounts secure.
6. Cover your webcam with tape or a stick-on webcam cover. People like Mark Zuckerberg and James Comey are covering their webcams because once someone manages to break into your computer, it is trivial to turn on the camera and start recording. Do you really want the government to see the shameful things you do in the privacy of your own room?
7. Before you click on any link, ask yourself, “Does this seem sketchy?” There are a lot of attacks that involve sending someone a malicious link. Protect yourself by stopping to think before you blindly click something. If it seems sketchy, it’s probably sketchy. Here are a few things you can check for if you’re not sure what sketchy URLs look like.

Update: This post originally suggested using a VPN on public networks. I've learned more since writing this article, and I no longer suggest using a VPN unless you're trying to get around content restrictions or a firewall.