Many password managers use desktop-browser extensions or smartphone apps to auto-populate the login portion of a site or app. That’s way easier than trying to remember what password you’re using for a banking site or Hulu.

In addition to keeping all your passwords at the ready, these services will also prompt you to change them on a regular basis, find duplicate passwords and become a secure storage area for information you need to access but can’t put in a Google doc.

Of course, that master password needs to be a complex and secret string of numbers and letters. It can be a long phrase or a weird series of words and numbers. The EFF suggests a passphrase that’s longer than six words. The longer and more random the phrase the tougher it is to crack. What’s great is that you can use your smartphone’s biometric security feature to unlock your password manager so you don’t have to type in your crazy-long master password all the time. And for real, keep it secret.

Stop all the tracking

If you’ve ever searched for a product and suddenly you’re being served advertisements about that item, you’ve been tracked. The problem is that the more you browse the internet, the larger your digital footprint that’s being collected and sold becomes.

“A lot of people think of targeted advertising is great,” said Bill Budington, senior staff technologist at the EFF. “‘I’m getting more directed ads towards me so they’ll be more attuned to my interests.’ But what we find is that using targeted advertising, people with alcoholism are advertised the liquor store down the street.”

Fortunately, you can stop all that tracking with the EFF’s Privacy Badger browser extension. It looks at all the services being pinged when you land on a site and blocks most of them. You can fine-tune what’s being shared with third parties via easy-to-use sliders right in the extension.

On your smartphone, Apple’s Safari can block cross-site tracking via the privacy section of the Safari option in the OS’s main Settings feature. In Chrome for Android, tap the three dots in the top right-hand corner, select Settings, navigate to Advanced then Privacy and turn on, Do Not Track. Google’s Chrome also has a do-not-track feature, but it’s best used with the Privacy Badger extension.

Or you can go all-in on all your devices and use the Brave browser. It blocks trackers on your Mac, Windows machine, Android and iOS devices and Linux. No extension or fiddling with system settings required.

“Running without an ad blocker/privacy preserver is like driving without seatbelts and airbag. You may be able to drive unharmed for a while, but when you do get hit, not having these essentials will be as devastating digitally as a car crash would be physically,” said Bob Rudis, chief data scientist at Rapid7 security firm.

Two-factor authentication

It sounds like a pain. Every time you log into a service you have to wait for a text message or load an authentication app. But two-factor authentication (2FA) is one of the best ways to secure your stuff.

“Ensuring that there are two-factor authentication put into place is crucial for making it harder for malicious actors to access data. The best method for two-factor authentication is to have a password application tied to your account that prompts you to approve the access,” Rudis said.

The reality is that it keeps your accounts from being hacked. What’s great is that most sites and services now offer 2FA and it’s pretty painless to use. It typically only rears its head when you log in via an unknown browser or computer. So start using it, especially for your email accounts. Those accounts are the gateway to all your other services: Lock ’em down.

2FA is another level of security to protect against phishing schemes. You might get scammed into sharing your password with a hacker via email or spoofed site, but at least you can keep that person(s) from logging into your account without that special codeIn communications and information processing, codeIn commun... More that inexplicably just showed up on your phone. Also if that happens, change your password immediately.

If you have to use SMS (texting) for 2FA, do it. It’s better than nothing. But if your service supports it, use an authentication app like Google Authenticator. It’s available for iOS and Android and uses a time-based codeIn communications and information processing, codeIn commun... More system so you don’t need to be online to use it.

Social media pruning

That Instagram photo of your dog sitting in front of your home seemed pretty harmless. Your dog is cute; your house is pretty awesome. Then someone got mad at you online because you disagreed with them about politics or anime or really anything and now that person knows where you live.

Social media has become a great way to share your thoughts and images, but it’s also a prime spot for data mining and some of that information can end up in the hands of some bad or at least annoying people.

“Whenever you are sharing data online, whether it’s through social media posts, blogs, profiles or any other mechanism, you’re creating an opportunity for hackers and other third parties to use social engineering or other techniques to try to get access to various accounts or other information,” said Mark Rasch, a cybercrime and privacy attorney.

To reduce the chances of random strangers knowing a bit too much about you, first, familiarize yourself with the privacy settings on social networks. Users can lock Twitter and Instagram accounts so only friends can see what you post. The issue with this is that it’s an all or nothing proposal. Either your account is locked or its wide open for all the world. Twitter and Instagram don’t allow privacy settings on a per-post level. If you want to share images and posts with only certain people, you can use the group messaging feature in Twitter and send images directly to a group of Instagram contacts or create special locked accounts for just your friends.

Facebook — even with all its privacy issues — offers more granular control over who can see a post. Each post can be shared with the entire world or just select friends. You can even post something that only you see.

Unfortunately, you might not be able to adjust the privacy settings of past posts. If you’ve posted something with a bit too much about your personal life, it’s probably best to remove it.

In addition to photos of the front of your house, you might want to rethink images that include the front of any of your friend’s houses or apartments. Even if your address isn’t visible a quick reverse image search and some time on Google Maps can make short work of tracking your homestead down.

It’s also a good idea to keep your personal and professional images different. The EFF says that you should make sure that your separate accounts should stay separate. They note that if you use the same image for a dating site that you use for work, someone who finds you attractive could do a reverse image search and find out where you work.