14 Tips For Browsing The Web Securely

https://josephsteinberg.com/14-tips-for-browsing-the-web-securely/

Publish Date: 2026-06-12 16:03:00

Author:

Using an unordered list, summarize the following article with between 4 and 8 key points. Modern web browsers are incredibly powerful, but their features — including security-related features such as saving passwords or keeping you logged in to a particular site or sites — can become vulnerabilities if not properly utilized. Here are some specific, actionable tips to keep you safe when you use a web browser to perform personal or business functions, or just to enjoy surfing the web. 1. Turn On “Enhanced Protection” Why: Default web browser configurations frequently fail to shield against the latest sophisticated types of digital threats, leaving users potentially vulnerable to attacks involving, for example, drive-by malware installations, malicious scripts hidden inside of the code of pages of compromised sites, and deceptive phishing networks that mimic legitimate services. The “Enhanced Protection” feature reduces user exposure to such dangers – and can both help block against more dangers than standard mode does, and warn you about other threats that standard mode all but ignores. How: Access the browser settings menu in your web browser/s, navigate to the privacy and security section, and do the following: In Chrome: Select and enable Enhanced Protection. In Firefox: Toggle the Enhanced Tracking Protection setting to Strict. In Edge: Enable Enhanced Security. In Safari: Open Advanced Preferences and ensure that Advanced Tracking and Fingerprinting Protection are both fully active. In Other Browsers: Look through the Privacy and Security settings. You should find something there resembling a toggle for Enhanced Protection mode. 2. Minimize Use of Browser Extensions and Remove Unused Extensions Why: Browser extensions are pieces of software that run on your device, and have significant privileges that allow them to systematically read, write, modify, and, potentially, exfiltrate sensitive data across every web page that you access from the browser in which the extensions live and run. That reality means that extensions create a massive attack surface – so keep extension use to a minimum. Likewise, criminals know that web browser extensions are a great way to penetrate into devices, and, as a result, sometimes purchase abandoned legitimate extensions from their original developers and surreptitiously push to users poisoned updates that contain malware. How: From your web browser’s menu, select your browser’s extension management option. Review what is installed, and remove any extensions that you do not need. Do this on a regular basis. Also, while looking at the list of extensions, check the permissions associated with each one. If an extension seems to have access to more than it should, consider that a potential red flag – consider reducing the permissions or getting rid of the extension. Also, it is important to be sure to install extensions only if they were created by trusted developers who will not add unexpected “goodies” into their code, and who will maintain their extensions to prevent vulnerabilities from being left unpatched. 3. Block Third-Party Cookies and Any Other Trackers Why: Commercial advertising networks and threat actors leverage third-party cookies and cross-site scripts to persistently track user behavior across disparate web sites. Surveillance of this sort – and that is what it is, surveillance – effectively allows external entities to compile highly granular profiles of users – and those profiles are often far more granular and informative than many people realize or with which they would be comfortable. If you do not t want outsiders such as social networks, retailers, and data brokers to know about your habits, corporate affiliations, political leanings, sexual orientation, purchases, etc., you should consider blocking cookies and all other trackers. Likewise, you may wish to configure your bowers/s to enforce strict cross-site cookie restrictions – doing so helps to protect your sensitive user behavior from external aggregation, degrades the efficacy of many (but, not all) tracking mechanisms, and, as a result, improves the anonymization of your web-browsing activities. Of course, if something is so sensitive that you cannot afford for anyone to find out about it, ideally you should not keep any record of it on an internet-connected computer. (That may or may not be practical, however.) How: In your browser’s privacy menu configure the browser to reject third-party cookies across all websites. Consider both (a) using a separate browser for sensitive tasks and (b) transitioning to browsers that are inherently engineered with privacy-first defaults. Firefox and Brave would be examples of such browsers. In fact, some security experts recommend using a separate computer altogether for sensitive tasks; such advice may not be practical for many people, but, it is good advice that should be followed when feasible. 4. Do Not Store Passwords in Your Browser Why: It is convenient to click “Save Password” when a browser prompt pops up after you log into a site for the first time, but doing so can create a security risk. Various forms of modern malware specifically target local browsers in an attempt to extract saved credential databases. Because browsers historically store these credentials using less than ideal mechanisms – a deficiency that cannot really be fully ameliorated as the browsers need to somehow submit the original cleartext password and, therefore, cannot store only a one way hash of it – a compromised endpoint may allow an attacker to decrypt and steal your stored credentials. How: In every modern web browser that offers the ability to remember passwords, users can easily turn off such a feature through the browser’s configuration settings. Also, importantly, consider reading the article How to Create Strong Passwords That You Can Easily Remember. 5. Enable HTTPS-Only Mode Why While most modern web sites have migrated over to encrypted HTTPS, some older sites (and some sketchy sites) still default to unencrypted HTTP. Connecting to sites via unencrypted HTTP exposes all data transmitted in either direction during your session to potentially being captured and read by unauthorized parties. Such data can include session identifiers, personal information, and credentials. Note that this vulnerability is especially problematic on public networks, where attackers can freely monitor unencrypted traffic, or even potentially inject malicious payloads. Also, keep in mind that the use of HTTP rather than HTTPS also exposes users to a greater risk of falling prey to phishing attacks. How: Modern web browsers have a setting that allowed users to force the browser to establish encrypted connections before loading a page, and block the browser from accessing sites that do not allow encrypted connections. You should consider turning on that feature. Also, if you receive a warning from a browser that informs you that a site does not support encrypted HTTPS, you should strongly consider not continuing to the site. 6. Separate Sensitive Activities from General Browsing Why: Because a single malicious tab running a cross-site scripting or session-riding exploit can undermine the security of all sites opened in the tab’s parent browser, and because malware downloaded from one browser session can impact another, do not perform sensitive activities such as checking your bank account or accessing sensitive documents from the same browser that you use for general web browsing. How: Ideally, as alluded to above, you should use completely separate computers for the sensitive tasks – if that is not possible and/or practical, you should at least use a different web browser – and set its security settings as strict as you can without preventing the sites that you are using from working. Isolating sensitive sessions and data in this way can help keep you safe. You may even want to use separate browsers – or at least separate browser profiles – for personal use, for work use, for banking and the like, and for shopping. 7. Turn Off Auto-Fill For Forms Why: Browser auto-fill functionalities are a great convenience, but, they present a significant danger of accidentally exposing sensitive information. Malicious web developers can construct web forms containing invisible, hidden input fields; when a user browses to a page that triggers auto-fill to supply information, the user’s browser may automatically populate the hidden fields with stored telephone numbers, physical addresses, and/or financial account details. I have even seen situations in which credit card numbers were captured by a hacker leveraging autofill after the mischaracterization of such data on some other site. How: Every modern web browser that offers auto-fill capabilities has a setting to disable this feature – take advantage of that feature. 8. Clear Your Cache and Cookies Regularly Why: Browsers store significant amounts of data on a temporary basis in order to minimize the time that it takes the browsers to reload common pages or unchanging elements of such pages. Cookies also improve convenience – sometimes even reducing the steps needed in order to login to a site. But, both cookies and cache create potential vulnerabilities – in some cases they can be targeted by advanced local exploits So, ideally, you should set your browser to automatically clear cookies and cached data when you close it. In any case, you should manually wipe cookies and cache on a regular basis – some experts suggest doing so once a week on the same day, a scheduling technique that increases the chances of remembering to do so. How: In the case of every modern web browser, both auto-clear upon browser close and manual deletion are features that are accessible via configuration settings 9. Disable Media Autoplay Why: When a browser is configured to allow automatic playing of accessed media, it exposes thew user’s device to the risk of a compromised web page sending malicious scripts or other code to the device – the technical details of various ways in which this can accomplished is beyond the scope of this article. In any case, by restricting media playback privileges so that media cannot autoplay you can help protect yourself against such risks. How: Somewhere in your browser’s settings there will be an option to “Disable AutoPlay”, “Ask before playing media”, or something else of the sort. Enable that feature – which prevents video, audio, and active scripts from running automatically upon the loading of a page in which one or more of such media types are found. (If the feature is expressed in the other direction – e.g., “Enable AutoPlay” – disable the feature.) 10. Disable Automatic Downloads Why: Websites that have been compromised by hackers can be configured to push malware onto endpoints accessing them. As such, similar to the case of AutoPlay discussed immediately above, browsers configured to allow automatic downloads may end up downloading malicious code – which, in some cases, may even execute without the user taking any action to manually start the process. Disabling automatic downloads prevents files from being written to local storage without a user’s approval – making the delivery of malware or poisoned scripts much more difficult for evildoers. How: Go to the downloads portion of your browser’s settings and ensure that the settings reflect that the browser will prompt you for a destination location (i.e., folder) before beginning any download. 11. Close Tabs and Restart the Browser Daily Why: Leaving browser tabs open keeps active authentication tokens and session states alive. Do you really want to leave those types of things in place for a long period of time? If an attacker somehow gains access to your machine — whether by physically accessing it or by hacking it — your open tabs can grant that party access to your accounts. Furthermore, keeping a browser open endangers you by delaying the application of security patches that require a browser restart in order to take effect. And, on top of all that, let’s be honest – how many of your open tabs are you actually going to revisit, and how many will you eventually just shut down anyway? For most people the answer is close to, if not, zero. How: At the end of each day, and at other times when you are preparing to shut down your computer, close your open tabs. 12. Do Not Rely On Incognito Mode Why: Many people seem to think that activating what is known as either “Incognito Mode” or “Private Browsing” grants them total anonymity and protection from cyberthreats. This is incorrect. In reality, all that private browsing modes do is provide minimal privacy benefits – they do not provide any network-level protection, nor do they protect against tracking via advanced fingerprinting methods. On top of that, these modes do not protect against your Internet Service Provider (ISP) knowing to where you browsed, and, if you are using a corporate network, do not prevent your employer from knowing the same thing. How: Use Incognito mode, but, do not rely on it to deliver security or privacy. 13. Consider using a VPN Why: As discussed in the section immediately above, browsing is not private – even when Private Mode is enabled. A Virtual Private Network (VPN), on the other hand, can help protect your privacy and security when browsing (and/or performing other Internet-related tasks). A typical modern VPN service both (a) encrypts your Internet traffic, making it much harder for hackers, internet service providers (ISPs), advertisers, or anyone on the same network to monitor your online activity, and (b) hides your real IP address by directing traffic through the VPN provider’s infrastructure. While not bulletproof, VPN technology makes it look to sites on the Internet that you are accessing them from the VPN provider’s systems, not from your own system. This reduces the ability of sites to track you. Again, such privacy is not bulletproof – but, it is far better than Incognito Mode or the like can provide. How: Subscribe to a reliable VPN service. 14. Use Security Software Why: Without security software running on your device, you are a “sitting duck”. By this point in time, I should not even have to state this – but, the reality is, that I do. How: Obtain a license for, install, and keep an active subscription to endpoint security software. Joseph Steinberg( Cybersecurity Expert Witness and Board Member )Joseph Steinberg is a cybersecurity expert witness and advisor, and a Lecturer on Cybersecurity at Columbia University in NYC. He has led businesses in the information-security industry for over two decades, and has written books ranging from the best-selling Cybersecurity for Dummies to the official study guide for a CISO certification exam. He is one of only a few dozen people worldwide to hold the suite of advanced information security certifications, CISSP, ISSAP, ISSMP, and CSSLP, indicating that he possesses a rare, robust knowledge of information security that is both broad and deep; his information-security-related inventions are cited in well over 500 US patent filings.