As browses become more and more important, their security becomes more important, as well. Browser developers are always trying to provide the highest security for their users, but sometimes some features are added to the browser for the sake of the users’ convenience. If users are not aware of them, these features can turn into weaknesses that can be exploited by hackers.
In this article, we intend to review a summary of the most important points in a simple language. Following these tips will greatly increase the security of your web browser.
Keep your browser up to date:
Browser developers will immediately publish the patches shortly after identifying their software weaknesses. Download and install the latest browser update. On Firefox, check out if your browser is up to date in “About” menu:
In Chrome, it is also possible to check if the browser is up to date in “About” menu.
Keep your browser extensions up-to-date, as well.
Use well-known browsers:
Browsers like Microsoft Internet Explorer, Google Chrome, Mozilla Firefox, Opera, Safari, and any other trusted software companies. Free software with attractive looks may steal your information.
Do not save passwords to the extent possible:
The best known method of maintaining security is to refrain from saving passwords. For this reason, most browsers ask for user’s permission before saving user’s password, and they will only save the password when the user agrees.
It matters especially when you use computers in public places like cyber cafes. Passwords stored by the browser are easily accessible.
Do not install unknown software:
In browsers, it is possible to add custom plugins. Do not install every extension to keep your data secure. Even if the site tries to add an add-on to your browser, the browser will ask you to confirm.
If you are experiencing strange behavior from your browser, delete its plugins or extensions in browser’s settings.
Do not approve all messages:
Browsers are designed to be user-friendly for all experience levels; from beginner users to professional users. Sometimes the boundary between these two groups of users is broken down by browser verification requests. Do not click confirm or Ignore button before making sure that the message is not harmful.
If your browser doubts a site’s identity, it will alert you. As said before, read the browser messages. The instant confirmation of messages reduces your security level. For example, in the following message, the browser declares that according to valid reports, the website the user intends to access is an instance of Web Forgery:
Or the following message has declared that the address typed in by the user is related to a website used for cybercrime attacks.
Browser Memory Protection:
One thing that might be abused is the memory of the browser you have worked with. Browsers have memory, and they may remember all your activities without asking for your confirmation.
If you intend to connect to the Internet through a non-personal computer, you can use its protected mode to prevent your browser from remembering your records.
In Firefox, in File menu, click Start Private Browsing, and in Google Chrome choose new incognito window.
If you need to clear these records, you can use the combination of Ctrl + Shift + Delete keys.
When entering username and password:
The following is a list of information that might be abused:
- Second Password and CVV2 of Credit Cards
- Email password
- Password to a business computer network or a personal computer
- Password to sites such as Facebook and …
If it was required to enter this information on a site, make sure that the security of the site is verified. To check if the verification is true and valid, use the address bar.
There must be a lock icon in the address bar of each window that requires a password, and the lock should be closed, not open. In the following message, the browser has declared that there is an insecure connection with the site that the user is trying to connect to:
If you see the above message, read this guide.
There is a group of malware that record your commands through a Mouse, Keyboard, and so on, without you being aware, and then they give out the information to third parties. On the site of most banks there is a section called “secure keyboard”, which is displayed by clicking on the password section. Use this keyboard to enter the password, not your system keyboard:
Secure your passwords:
Services requiring password entry have a capability known as Password recovery or Forgotten password. When the users forget their password, they can retrieve their password using this feature. This feature may be abused.
To prevent these abuses, choose a password that includes numbers, lower and upper case letters, and symbols @, _, #, and so on (used simultaneously). Never use a common password for all your accounts on different sites and services. In order to check how long it takes to hack your password, use this site.
To prevent abuses, log in to your account and apply the following in your account security section:
- Enter and confirm your mobile phone number.
- Enter and confirm your primary or secondary email.
- Disable non-secure recovery methods. For example, there are some methods in which some questions about your profile or your friends’ are asked and then the password is provided to you. There is also a face recognition method that has a low security rating.
In the safest possible case, there is still a security vulnerability. Sometimes hackers can guess your password by getting some information about you. To fix this, do not select your passwords based on a specific and predictable pattern.
Sometimes hackers use methods to persuade the user to provide them with a password recovery code. Delete any suspicious messages of which you do not have any information about the sender and do not click on unknown links. For more information on this, read this article.
Close popup windows that have opened without your request.
Change your passwords from time to time.
Block scripts and executable codes in the browser:
All browsers are dependent on software interfaces, such as Scripts (Flash, Active X, Java, and VBScript) to enhance their functionality. Although many pages require the implementation of these codes to display correctly, this technology reduces the security level. Add-ons such as NoScript in Firefox are designed for this purpose.
For more security, it’s best to disable plug-ins such as Flash Player that is responsible for playing Flash media on website pages, or use the latest version of it.