Over at the Google Security Blog, Lulia Lon, Rob Reeder, and Sunny Consolvo have an interesting post on some research they did on what security experts do differently from non-expert to stay safe on the Internet. The post is the TL;DR for the longer (20 pages) paper on the research.
The most important thing you can do, according to the experts, is to keep your system up to date by installing updates but non-experts don’t do that and sometimes even consider it unsafe. The other big item experts do is to use a password manager, also resisted by non-experts. The password manager insures—or, at least, can insure—that two other important criteria are met: the use of unique, strong passwords. That’s hard without a password manager but trivial with one. When I set a password for a new site I just let my password manager choose a long, random, unique password. I don’t even bother looking at it because there’s no chance I could remember it—that’s what the password manager is for.
The fifth thing that experts recommend is to use two-factor authentication. Sadly, most sites don’t offer that but it’s obviously a big win for security.
Although the paper is a bit long, it’s interesting and fills in many details that the short post doesn’t cover. It’s also instructive to see the things that non-experts believe are effective in keeping them safe.