Staying Safe Online

This page is written for less-technical people who want to reduce their risk online.

The most important advice I can give is simple:

Slow down, stay skeptical, and ask for help when something feels off.

There is no tool or magic wand to stay 100% safe online.

But these habits and best practices will definitely help.

If you’re unsure about something, ask someone you trust.

You can also email me at security@luke.yt and I’ll do my best to point you in the right direction.

1. Password Management

Weak passwords and password reuse are still the number one way people get compromised. The human brain just can't remember dozens of unique, secure passwords.

Use a password manager.

It generates strong passwords for you
It remembers them so you don’t have to
It prevents password reuse automatically

Most modern phones and browsers already include one. Start there before looking for anything more advanced.

If you must create a password yourself:

Use at least 12 characters (16+ is better)
Avoid personal information of any kind
Avoid dictionary words where possible
Use a mix of letters, numbers, and symbols
Never reuse it on another site

Writing passwords down and storing them securely is still safer than reusing the same password everywhere.

Even an old notebook with good, unique passwords written down and stored in a secure place is better than nothing.

⌂ ↑

2. Think Twice Before You Click

Most scams succeed because they rush you. Urgency is the attacker’s most effective tool.

Unexpected messages demanding immediate action
Offers that seem unusually good
Messages designed to scare or emotionally manipulate you

Scammers increasingly impersonate family members, coworkers, or companies you trust. AI now makes these messages harder to spot than ever.

If a link leads to a login page, stop. Check the website address carefully. Fake login pages often look perfect but point to the wrong URL.

⌂ ↑

3. Multi-Factor Authentication (MFA)

MFA is used to prove your identity using something in addition to your password.

Even if your password is stolen, MFA can stop an attacker from getting in.

Authenticator apps are the strongest common option
SMS codes are better, but weaker due to a hacking technique called "sim swapping"
Email-only verification is not ideal, but still better than nothing

Any service handling sensitive data should support MFA. If they don't, strongly consider switching businesses or services.

⌂ ↑

4. Spotting AI, Deepfakes, and Synthetic Media

Realistic visuals are no longer proof that something is real. Verification matters more than appearances.

Things to watch for:

Camera angles that don’t make sense
Lighting that doesn’t match the environment
Eyes that don’t track objects naturally
Teeth that blur or change between shots
Text with strange spacing or misspellings
Very short clips with constant cuts (less than 10 seconds)

AI struggles with consistency. Look for changes in clothing, background, or facial features between cuts.

When in doubt, find a second source that independently confirms the event.

⌂ ↑

5. What To Do If You Think You’ve Been Hacked

First: stay calm and don't be embarrassed. Panic leads to bad decisions and this could happen to anyone.

Confirm whether anything actually happened. Many scams claim access they don’t have and rely on fear alone.

If you believe an account was compromised:

Change the password immediately
Enable or reset MFA
Log out of all active sessions
Review recent activity if available
If necessary, contact your local IT, local law enforcement, or reach out to a cybsecurity expert

If a device may be compromised, power it off and avoid using it until you get help. If in doubt wipe it or replace it entirely.

Security notifications from reputable companies should always be taken seriously. Do not ignore them.

If you need help, you can contact me at security@luke.yt. I’m happy to give general guidance, but I’m not a formal incident response service.

⌂ ↑

6. VPNs: Pros and Cons

VPNs are often misunderstood, there's a lot of hype and marketing about them being amazing for security.

VPNs are useful when:

You travel frequently
You use public or hotel Wi-Fi
You need to protect traffic on untrusted networks

A VPN encrypts your connection between you and the VPN provider. It does not make you anonymous.

Using a VPN shifts trust from your internet provider to the VPN company.

For most people at home on a trusted network, a VPN provides limited benefit.

⌂ ↑

7. Other Best Practices

Here are some other various tips to stay safe online

Enable automatic updates - Companies are constantly pushing security updates
Built-in password managers - Most browsers and phones have these built-in now
General security settings - Most devices have optional additional security settings that can be enabled
Device encryption - Wherever possible encrypt your device so that data on it cannot easily be retrieved
Regularly reboot your device - Some malware fails to run after a reboot (especially true on iPhone)
Be aware of what you download - every app you install and give permission to is a potential risk, be careful
Permissions - regularly review your app permissions and remove any unnecessary permissions
If it seems to good to be true - It probably is, stay prudent.

If you don’t fully understand a security setting, leave it on.

When unsure, contact a professional.