Recommendations

The recommendations section provides practical tips for improving your online security.
Click on a selected topic to view detailed guidance.

What does a strong password look like?
abc123 weak โ€” cracked in <1 second
John2001! medium โ€” cracked in minutes
Coffee&Bike#Sun9 strong โ€” decades
wX7$mPq!2Lz#eNr& very strong โ€” practically impossible
Rules for creating a secure password
๐Ÿ“
At least 12 characters โ€” the longer the better. 16+ is the current standard.
๐Ÿ”€
Mix uppercase, lowercase, numbers and special characters โ€” not just at the end. Example: C0ffee&Bike#9.
๐Ÿšซ
Avoid names, dates of birth and dictionary words โ€” these are the first things attackers try. Also avoid “password”, “qwerty”, “123456”.
๐Ÿ”
Use a different password for every service โ€” if one site is breached, your other accounts stay safe.
๐Ÿ’ก
Passphrase method โ€” take a sentence you remember and use the first letters: “My cat has 4 paws and sleeps!” โ†’ McH4p&S! Easy to remember, hard to crack.
Password managers โ€” what are they and why use one?
A password manager is an app that remembers all your passwords for you. You only need to remember one โ€” the master password. Everything else is encrypted and secure.
๐Ÿ”“
Bitwarden
Best free manager. Open-source, works on all devices. Recommended for beginners.
๐Ÿ”
KeePass
Stores passwords locally on your device. Full control over your data.
๐ŸŽ
iCloud Keychain
Built into Apple devices. Sufficient for iPhone and Mac users.
๐Ÿ”‘
Google Password Manager
Built into Chrome and Android. A good start for Google users.
Two-factor authentication (2FA)
2FA = password + a second element. Even if someone learns your password, they cannot log in without the second factor.
How to enable 2FA โ€” Step by step
1
Go to the security settings of your account
Look for “Two-step verification”, “2FA” or “MFA”
2
Choose an authenticator app
Google Authenticator, Microsoft Authenticator or Authy โ€” all free
3
Scan the QR code with the app
The site will show a QR code โ€” scan it using the app’s camera function
4
Enter the 6-digit verification code
The app generates a new code every 30 seconds โ€” enter it to confirm
5
Save your backup codes!
The site will generate one-time codes in case you lose your phone โ€” print them or store them somewhere safe
โš ๏ธ
SMS as 2FA is a weaker option โ€” attackers can hijack your number via SIM swapping. Use an authenticator app whenever possible.
Check if your data has been leaked
๐Ÿ”
Visit haveibeenpwned.com and enter your email address. You will find out if your data was part of a breach. If yes โ€” change your passwords for those services immediately.
What is phishing?
Phishing is an attack method where criminals impersonate a trusted person or organisation (a bank, courier, police, or even a friend) to steal data or money. It is the most common type of cyber attack.
What does phishing look like? โ€” Examples
๐Ÿšฉ Example phishing SMS
“Your parcel has been held due to an unpaid fee of ยฃ0.99. Pay here: bit.ly/xxx-parcel”
๐Ÿšฉ
Fake domains โ€” the address looks similar to a real one: amazon-secure-login.com instead of amazon.com
๐Ÿšฉ
Urgency and pressure โ€” “Your account will be blocked in 24 hours!”, “Act now!”
๐Ÿšฉ
Requests for login credentials, ID numbers, card details or verification codes
๐Ÿšฉ
Spelling mistakes, unusual fonts or logos that look unprofessional
๐Ÿšฉ
Shortened links (bit.ly, tinyurl) or addresses with random characters
๐Ÿšฉ
Unexpected attachments in emails โ€” even if the sender looks familiar
How to protect yourself
๐Ÿ”—
Check the URL before clicking โ€” hover over the link (without clicking) and check the address shown at the bottom of your screen.
๐Ÿ”’
Look for HTTPS โ€” but remember: HTTPS only means the connection is encrypted, not that the site is safe. Scammers use HTTPS too.
๐Ÿ“ž
Call and verify โ€” if a bank or company asks for your details, hang up and call back on the official number from their website.
๐Ÿง 
Stop and think โ€” phishing plays on emotions (fear, urgency, curiosity). If something feels suspicious โ€” pause before you click.
๐Ÿ“ง
Do not open attachments from unknown sources โ€” especially .exe, .zip, or .doc files with macros.
๐Ÿ”
Warn others โ€” if you receive a suspicious message, let your family and friends know. Phishing is often sent in mass campaigns.
What to do if you clicked a suspicious link
1
Do not enter any data
Close the page immediately
2
Change your passwords
For any accounts you may have accessed on that device
3
Scan your device
Run an antivirus scan
4
Report the incident
Report suspicious sites to your national CERT or cybercrime authority
Updates โ€” why they matter
System and app updates patch security vulnerabilities that attackers exploit to take over devices. An outdated system = an open door.
๐Ÿ”„
Enable automatic updates for your operating system and apps โ€” do not postpone them.
๐Ÿ“ฑ
Update apps on your phone too โ€” especially your browser and banking apps.
โš ๏ธ
A smartphone no longer supported by the manufacturer will not receive security patches โ€” consider replacing it.
Safe Wi-Fi habits
๐Ÿšซ
Public Wi-Fi is a risk โ€” do not log into your bank, shop online or enter passwords on a public network (cafรฉ, airport, hotel).
๐Ÿ”’
If you must use public Wi-Fi โ€” use a VPN (e.g. ProtonVPN, free plan).
๐Ÿ 
At home: change the default router password. Set encryption to WPA3 (or WPA2 if WPA3 is unavailable). Regularly check the list of devices connected to your network.
๐Ÿ“ถ
Consider a separate guest network for visitors โ€” without access to your own devices.
Physical device security
๐Ÿ”
Set a PIN, password or fingerprint as a screen lock on every device.
โฑ๏ธ
Shorten the auto-lock timeout โ€” 1โ€“2 minutes is enough.
๐Ÿ’พ
Make regular backups โ€” to an external drive or cloud. This protects against ransomware and hardware failure.
๐Ÿ—‘๏ธ
Before selling or giving away a device โ€” perform a full factory reset and remove your account.
App permissions
Many apps request access to your microphone, camera, location and contacts โ€” often without any real need.
๐Ÿ“‹
Regularly review permissions: Settings โ†’ Apps โ†’ Permissions. A torch app asking for microphone access? Deny it.
๐Ÿ“
Share location only while using the app โ€” not “always”.
๐Ÿงน
Delete apps you no longer use โ€” fewer apps means a smaller attack surface.
Personal data online
Your data is a commodity. Companies collect information about what you do online to serve ads and sell profiles to others. You can control this.
๐Ÿช
Click “Necessary only” on cookie banners instead of “Accept all”. This limits tracking by advertisers.
๐Ÿ•ต๏ธ
Use incognito mode on shared computers โ€” your searches and passwords are not saved.
๐Ÿ“ง
Do not give your main email address everywhere. Consider a second address for signing up to services.
๐Ÿ”
Search with DuckDuckGo instead of Google โ€” they do not track your search history.
Social media
๐Ÿšฉ
Quizzes and apps on social media often harvest data โ€” “What animal are you?” is not fun, it is a phishing attempt.
๐Ÿ”’
Set your profile to private โ€” only friends can see your posts and photos.
๐Ÿ‘๏ธ
Review connected apps on your account โ€” Settings โ†’ Privacy โ†’ Apps. Remove any you do not use.
โš ๏ธ
Do not post photos of documents, boarding passes, keys or the view from your window when you are on holiday. This is information for burglars.
Your data rights (GDPR)
You have the right to:
  • โœ“
    Access โ€” you can ask any company for a list of the data they hold about you
  • โœ“
    Rectification โ€” correction of inaccurate data held about you
  • โœ“
    Erasure โ€” the “right to be forgotten” โ€” you can request deletion of your data
  • โœ“
    Portability โ€” receiving your data in a machine-readable format
  • โœ“
    Complaint โ€” to your national data protection authority if a company violates GDPR
Free security tools
๐Ÿ”“
Bitwarden โ€” password manager
The best free password manager. Open-source, works on all platforms. Recommended for beginners.
FREE
๐Ÿ”
Have I Been Pwned (haveibeenpwned.com)
Check if your email was exposed in a data breach. Just enter your address.
FREE
๐Ÿ›ก๏ธ
ProtonVPN
VPN from the creators of ProtonMail. Free plan with no data limit. Protects your connection on public Wi-Fi.
FREE (basic plan)
๐ŸŒ
uBlock Origin โ€” ad and tracker blocker
Browser extension blocking tracking ads and malicious sites. Install in Firefox or Chrome โ€” free.
FREE
๐Ÿ“ฑ
Google Authenticator / Microsoft Authenticator
Apps for generating 2FA codes. Essential for enabling two-factor authentication.
FREE
๐Ÿ”Ž
VirusTotal (virustotal.com)
Check whether a file or link is safe โ€” scanned simultaneously by over 70 antivirus engines.
FREE
๐Ÿ“ง
SimpleLogin / AnonAddy
Generate email aliases โ€” use a different address for each registration. Your real email stays hidden.
FREE (basic plan)
Where to report incidents
๐ŸŒ
ENISA โ€” enisa.europa.eu โ€” European Union Agency for Cybersecurity, resources and guidance
๐Ÿฆ
Your bank โ€” if you gave card details or made a transfer to a fraudulent account โ€” call immediately and block your card
๐Ÿ‘ฎ
Police โ€” if money was stolen or your identity was compromised โ€” file a report
๐Ÿ“‹
Your national data protection authority โ€” if a company violated your data rights
Quick security checklist
  • โœ“
    I use a different password for every service
  • โœ“
    I have 2FA enabled on my email and banking accounts
  • โœ“
    My operating system and apps are up to date
  • โœ“
    I do not click suspicious links in texts or emails
  • โœ“
    My phone and computer have a screen lock enabled
  • โœ“
    I have backed up my data within the last 30 days
  • โœ“
    I have checked whether my email was in a breach at haveibeenpwned.com
  • โœ“
    I do not use public Wi-Fi without a VPN