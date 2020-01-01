The ExpressVPN 10-Step Security Check is designed for use in portrait mode only on smaller screens, please rotate your device and refresh before continuing.

ExpressVPN 10-Step Security Check

To celebrate our first decade, we compiled a quick guide to help you up your security game.

Question 1/10: Physical security

Do you check your physical surroundings before entering sensitive information?

Question 2/10: VPN

Do you use a VPN to secure your internet connection?

Question 3/10: Device updates

How often do you update your device?

Question 4/10: Two-factor authentication

Do you use two-factor authentication (2FA) on any of your online accounts?

Question 5/10: Web browsers

What web browser do you use most frequently?

Question 6/10: Search engines

Which search engine do you use most frequently?

Question 7/10: Facebook

Who can see your personal information on Facebook?

Question 8/10: Phishing

Do you check for phishing links in emails?

Question 9/10: Messaging

Which messaging app do you use most frequently?

Question 10/10: Passwords

Do you use a password manager?

You did it!

Thanks for helping us celebrate 10 years of ExpressVPN by taking 10 steps toward better security.

Find out how to secure your own device by viewing your personal action plan below.

Your ExpressVPN 10-Step Security Check Results: How did you do?

Physical space

1. Physical security: HIGH RISK WEAK OK STRONG KEVLAR

YOU ANSWERED:

It may sound silly, but “shoulder surfing,” or the act of looking over someone’s shoulder during login, is one of the easiest ways to steal a password. Always check for shoulder surfers before logging in to any device. When in doubt, use one hand to cover your screen while you enter the password with the other.

It may sound silly, but "shoulder surfing," or the act of looking over someone's shoulder during login, is one of the easiest ways to steal a password. Always check for shoulder surfers before logging in to any device. When in doubt, use one hand to cover your screen while you enter the password with the other.

Nice! You’re already protecting yourself against “shoulder surfers” most of the time.

We recommend always checking for shoulder surfers before logging in to any device. When in doubt, use one hand to cover your screen while you enter the password with the other.

Great job! Sounds like you’re already aware of how easy it is for someone to steal your device’s password by looking over your shoulder. To take your physical security to the next level, try using a webcam cover or privacy screen for your laptop.

This is the excellent result

ONE THING YOU CAN DO RIGHT NOW
Cover the webcam on your laptop or desktop computer
ONE THING YOU CAN DO RIGHT NOW
Read more about shoulder surfing
FURTHER READING
Cover your camera: Is your phone watching? | ExpressVPN

Physical measures to amp up your security | WIRED

Public wi fi

2. VPN: HIGH RISK WEAK OK STRONG KEVLAR

YOU ANSWERED:

Heads up! Using a VPN is one of the easiest and most effective ways to increase your privacy and security in any situation. A VPN can keep you safe from Wi-Fi hacking on public networks and make you more anonymous on the web.

If you don’t use a VPN, you may be exposing your location and your activity to more people than you’d like. Using a VPN lets you reclaim your privacy by hiding your IP address and encrypting your internet traffic. There’s never been a better time to start.

Nice work. Using a VPN is essential to protecting yourself on unsecure public Wi-Fi networks. But a VPN doesn’t just protect against Wi-Fi hacking. Using a VPN also hides your IP address from sites and apps that want to track you and shields your traffic from other third parties that want to track what you’re doing online.

Awesome! As you probably already know, using a VPN is one of the easiest and most effective ways to increase your privacy and security, wherever you are.

This is the excellent result

ONE THING YOU CAN DO RIGHT NOW
Read up on the multiple benefits of VPN
ONE THING YOU CAN DO RIGHT NOW
Looking for maximum security? Try using Tor and VPN together
ONE THING YOU CAN DO RIGHT NOW
Learn how a VPN protects you on public Wi-Fi
FURTHER READING
What is VPN | ExpressVPN

Choosing the VPN That’s Right for You | EFF

Device updates

3. Device updates: HIGH RISK WEAK OK STRONG KEVLAR

YOU ANSWERED:

If you usually skip your software updates, you’re missing out on more than the latest functionality. Security updates are your first line of defense against the kind of major hacks you read about in the news. If you find it to be a hassle, try turning on “auto update,” and you won’t even have to think about it next time.

Device updates often seem like a hassle, but they’re one of the most important elements of healthy cyber hygiene. If you find yourself skipping them, try turning on “auto update,” and you won’t even have to think about it next time.

You’re already updating your device regularly, which is what keeps it protected from the latest vulnerabilities. Keep up the good work!

ONE THING YOU CAN DO RIGHT NOW
Check your update status on your other devices (Step by-step instructions: Mac / Windows)
ONE THING YOU CAN DO RIGHT NOW
Turn on “auto update” on your device (Step-by-step instructions: iOS / Android)
FURTHER READING
Stop Ignoring Those ‘Update Your Device’ Messages | NYTimes

Turn on auto-updates everywhere you can | WIRED

2 factor authentication

4. Two-factor authentication: HIGH RISK WEAK OK STRONG KEVLAR

YOU ANSWERED:

Two-factor authentication (2FA) is a clever way to prevent attackers from hijacking your accounts even if they have your password. By requiring a separate authentication code sent to your mobile device when you log in, 2FA means that no one can access your account without having your password and your device, which is much harder to do.

To get started, go into the settings menu of your favorite apps and look for an option called "Enable 2-factor authentication."

You’re no stranger to 2FA, but there’s still room for improvement. Take a look at your phone and see if there are any important apps you’ve missed (especially banking and email apps) and visit the settings menu to enable 2FA as soon as possible.

You’re a two-factor authentication pro! Your accounts are more secure than most. If you want to go the extra mile, you may want to explore other authentication options, like a hardware security key.

Hardware keys are physical devices that resemble a small USB stick, and they are currently the most secure 2FA method. They can even prevent phishing attacks! Look for one compatible with the FIDO U2F standard.

ONE THING YOU CAN DO RIGHT NOW
Learn why hardware keys are the most secure 2FA method
ONE THING YOU CAN DO RIGHT NOW
Download an authentication app like Authy or Google Authenticator
FURTHER READING
How to: Enable Two-factor Authentication | EFF

List of websites that support or don’t support 2FA | twofactorauth.org

Web browser

5. Web browsers: HIGH RISK WEAK OK STRONG KEVLAR

YOU ANSWERED:

Besides a spotty security record, Microsoft Edge just isn’t optimal for protecting your privacy. Unlike other browsers, Edge has no tracking protection feature to prevent sites from sharing your browsing information, even in private browsing mode. We’d recommend switching to a more privacy-conscious browser like Firefox.

There’s no sugarcoating it: if you’re still using Internet Explorer, it’s time to jump ship. The browser has long been notorious for security vulnerabilities, and now that Microsoft has no major updates planned for it, there’s no excuse for not switching to a modern browser like Firefox.

Whether you’re using one of the most popular web browsers or a more obscure one, you might be sacrificing your security and privacy. Instead of using a browser that makes it easier for big companies to track your activity and sell it to advertisers, try Firefox. It’s fast, customizable, and developed by a nonprofit organization (Mozilla) with a proven commitment to privacy.

Awesome! You’ve already chosen a web browser that values your privacy and security.

Nice! If you’re using the Tor Browser, you’re already ahead of the curve when it comes to private web browsing. Keep it up!

ONE THING YOU CAN DO RIGHT NOW
Need maximum security? Download the Tor Browser
ONE THING YOU CAN DO RIGHT NOW
Looking for maximum security? Try using Tor and VPN together
ONE THING YOU CAN DO RIGHT NOW
Download Firefox or Brave
FURTHER READING
Ranked: Security and privacy for the most popular web browsers | ExpressVPN

Mozilla and ExpressVPN announce partnership to provide VPN services | ExpressVPN

Panopticlick: Is your browser safe against tracking? | EFF

How to use Tor to protect your privacy | ExpressVPN

Search engine

6. Search engines: HIGH RISK WEAK OK STRONG KEVLAR

YOU ANSWERED:

Google is the easiest choice of search engine, but it can come at a cost to your privacy.

If that’s not a price you’re willing to pay, and you’re worried about Google collecting your data and sharing it with advertisers, consider searching with DuckDuckGo. It delivers solid search results with none of the tracking.

This is the bad result

Nice. You’ve already ditched Google as your primary search engine, which is the first step toward reclaiming your internet activity from advertisers and other third parties.

We recommend you check out DuckDuckGo, which is hands-down the best search engine for privacy. Unlike Google, Bing, and Yahoo, DuckDuckGo doesn’t store a single bit of your search history or personal information, so it can’t share it with anyone.

Awesome! You’re already searching with DuckDuckGo, which means advertisers and other third parties won’t see your search history.

ONE THING YOU CAN DO RIGHT NOW
Tell your friends about DuckDuckGo
ONE THING YOU CAN DO RIGHT NOW
Try searching with DuckDuckGo
FURTHER READING
About | DuckDuckGo

DuckDuckGo at 10: Looking ahead with CEO Gabriel Weinberg | ExpressVPN

Social media

7. Facebook: HIGH RISK WEAK OK STRONG KEVLAR

YOU ANSWERED:

Are all of your Facebook friends your “friends” in the sense that you’d trust them with your personal information? And do you really trust all of them not to lose their Facebook password to a scammer?

Take the time to check what information you’re sharing with just “your friends.”

Depending on when you joined Facebook, you could be sharing your personal information with everyone by default. That means anyone on the internet can search your name and find your email address, phone number, and more. Take a moment to review your privacy settings to get that under control!

Right on! Sounds like you’ve got your Facebook privacy settings under control.

Fed up with Facebook? Deleting your account is the single best step toward better privacy you can take.

Awesome! Your personal information is safe from the surveillance and manipulation machine known as Facebook.

ONE THING YOU CAN DO RIGHT NOW
Check your privacy settings on other social media with the links below
ONE THING YOU CAN DO RIGHT NOW
Do you use other social media? Double-check all your privacy settings using the links below
ONE THING YOU CAN DO RIGHT NOW
Review your Facebook privacy settings
FURTHER READING
The complete guide to Facebook privacy | WIRED

The ultimate guide to Instagram privacy | Comparitech

A Guide to Twitter’s Privacy Settings | Mozilla

How to permanently delete your Facebook account | ExpressVPN

Phishing

8. Phishing: HIGH RISK WEAK OK STRONG KEVLAR

YOU ANSWERED:

Email providers like Gmail do a pretty good job of flagging spam that might contain phishing links. But these filters aren’t perfect, and it pays to keep your eyes open.

If you’re suspicious about an email’s origin, check the domain of the sender’s email address. And instead of clicking on links in the body of an email, navigate to the service through a trusted channel. For example, if you see an email link to a supposed Dropbox notification, avoid it and instead visit your Dropbox account from a bookmark or by typing www.dropbox.com into your browser.

Phishing is the attempt by scammers to steal your personal information or money (or both) by getting you to click a link in your email. Often they will try to disguise themselves as someone you know to make you let your guard down.

If you’re suspicious about an email’s origin, check the domain of the sender’s email address. And instead of clicking on links in the body of an email, navigate to the service through a trusted channel. For example, if you see an email link to a supposed Dropbox notification, avoid it and instead visit your Dropbox account from a bookmark or by typing www.dropbox.com into your browser.

Nice! You’re aware of the techniques scammers can use to trick you into clicking on links in your email. Keep up the good work!

ONE THING YOU CAN DO RIGHT NOW
Check your skills with this phishing quiz
ONE THING YOU CAN DO RIGHT NOW
Forward this phishing quiz to your family and friends!
ONE THING YOU CAN DO RIGHT NOW
Learn how to spot a phishing email
FURTHER READING
Phishing | FTC Consumer Information

Can you spot when you’re being phished? | Jigsaw with Google

Internet hacks: Phishing and spearphishing explained | ExpressVPN

Messaging

9. Messaging: HIGH RISK WEAK OK STRONG KEVLAR

YOU ANSWERED:

Your choice of messaging app has an imperfect track record for privacy and transparency.

Telegram: Once popular with the privacy-minded, the app has been known to leak metadata and isn’t end-to-end encrypted by default.

Viber: Though encrypted by default, Viber has not been very transparent about its software or ownership.

In either case, consider switching to an app like Signal, which is widely trusted by the security community.

Your choice of messaging app presents real privacy and security concerns.

WhatsApp: Though it claims it can’t view your messages, WhatsApp still shares metadata with its parent, Facebook, a notorious data mishandler.

Facebook Messenger: Doesn’t have end-to-end encryption on by default, and the privacy-minded should be wary of any Facebook product.

Skype: Lacks many privacy features, including end-to-end encryption, and has surveillance capability built in to the software.

These and many other messaging platforms offer too few safeguards. We recommend a privacy-focused app like Signal.

By using iMessage, you’re already ahead of the secure messaging game. iMessage is end-to-end encrypted by default, and Apple has a relatively strong record for privacy.

Your messages are less secure, however, when they are automatically backed up on iCloud. For better security, you may want to check out Signal, the messaging app famously advocated by Edward Snowden.

You’re already doing a great job of encrypting your communications with a messaging app that respects your privacy. Keep it up!

ONE THING YOU CAN DO RIGHT NOW
Tell your friends to switch to Signal, Wire, or Wickr!
ONE THING YOU CAN DO RIGHT NOW
Download Signal
FURTHER READING
The most secure messaging apps | ExpressVPN

Meet Moxie Marlinspike, the anarchist bringing encryption to all of us | WIRED

Password manager

10. Passwords: HIGH RISK WEAK OK STRONG KEVLAR

YOU ANSWERED:

You may think you’re saving time and energy by reusing your passwords, but you’re actually setting yourself up for an even bigger hassle. If the password to one of your accounts is exposed in a data breach, your other accounts with the same password will soon follow.

Save yourself some stress right now and download a password manager like 1Password or LastPass. You’ll only have to remember one master password, and all your other passwords will be filled in automatically.

Nice. Sounds like you know the value of a strong password. But if you ever find yourself sacrificing the strength of your passwords just to remember them all, consider using a password manager like 1Password or LastPass.

Cool! You’re already using a password manager, which is a great way to create strong, unique passwords for all your accounts.

ONE THING YOU CAN DO RIGHT NOW
Check if any of your accounts have been compromised | Have I been pwned?
ONE THING YOU CAN DO RIGHT NOW
Try 1Password or LastPass
FURTHER READING
Using Password Managers to Stay Safe Online | EFF

Random Password Generator | ExpressVPN

About the ExpressVPN 10-Step Security Check

Protecting your privacy and security online is essential—and shouldn’t have to be complicated. That’s been a driving principle for ExpressVPN since our founding in 2009. We developed the ExpressVPN 10-Step Security Check to show how we all can improve our security online with just a few simple actions.

If you’re eager to learn more about online privacy and VPNs, the best place to start is our “What is a VPN?” page.

