Skip to main content
tech.org.au home

Guide

How to stay safe online

Security advice is often either terrifying or so technical that people give up and do nothing.

Updated 6 July 20268 min readBy AngusPart of Online safety tips

Knowing how to stay safe online comes down to a small set of habits, not a computer science degree. You do not have to be paranoid and you do not have to buy anything. The seven habits below are the same ones security professionals rely on, written in plain language and ordered so the most protective steps come first.

Do the first three today and you will already be safer than most people. The rest take a spare afternoon and then look after themselves.

1. Use a password manager

The single biggest weakness in most people's security is reusing the same password everywhere. One leak then unlocks everything. A password manager creates and remembers a long, unique password for every account, so you only remember one strong master password.

The password managers built into iPhone, Android and every major browser are free and good enough for most people. Dedicated apps add extra features if you want them.

2. Turn on two-factor authentication

Two-factor authentication (2FA) means a stolen password alone is not enough to get into your account, because a second step is also required. Turn it on for your email first, then banking, then social media.

Prefer an authenticator app or a passkey over codes sent by text message, because text codes can be intercepted. Text-message codes are still far better than no second factor at all.

3. Use passkeys where you can

A passkey replaces your password with something tied to your device, such as your fingerprint or face. Because there is no secret to type, a passkey cannot be phished by a fake login page. Google, Apple, Microsoft and a growing list of services now support them.

4. Keep everything updated

Most hacks exploit known flaws that an update has already fixed. Turning on automatic updates for your phone, computer, browser and apps closes those doors without you having to think about it.

5. Slow down on links and messages

Scams work by creating urgency so you act before you think. The rule that defeats almost all of them: never act on a message directly. If your bank, Australia Post or the tax office appears to message you, do not tap the link, open the official app or type the web address yourself.

6. Back up your important things

A backup turns a disaster into an inconvenience. If your phone is lost or your laptop is hit by ransomware, a recent backup means your photos and files are safe. Turn on iCloud or Google backup for your phone, and copy computer files to an external drive or a cloud service.

7. Lock down your home wifi and devices

Change your modem's default admin password, use a strong wifi password, and set a screen lock on every device. These quiet basics stop the opportunistic problems that are easiest to prevent.

Frequently asked questions

What are the most important things to stay safe online?

A password manager for unique passwords, two-factor authentication on your email and bank, and a habit of never clicking links in unexpected messages. Those three cover the majority of real-world attacks. Passkeys, updates and backups round it out.

Is two-factor authentication really necessary?

Yes. It is the difference between a leaked password being a minor issue and a full account takeover. Turn it on for your email first, since your email can reset almost every other account you own.

How do I stay safe online without paying for anything?

Everything that matters is free. The password managers built into your phone and browser, two-factor authentication, passkeys, automatic updates and the backup tools already on your devices cost nothing. Paid security software is optional, not essential.

More in the online safety tips hub

Get one useful tech tip a week

Plain-language guides and the occasional scam warning, sent when it matters. No spam, unsubscribe anytime.

Prefer to just ask? angus@tech.org.au or use the contact form.

Join the newsletter