How Do I Know a Web Address is Safe?

Security when clicking onto a website confounds me. Some sites put the section of the site you are wanting ahead of the web address. Example and some put the section after example These examples are just made up but I hope you understand what I’m saying. How do I know if I’m on the secure website I’m supposed to be on? At times I see other addresses flashing by on the toolbar that are not the site I clicked on before the actual site appears.

This simple question opens up a veritable Pandora’s box when it comes to understanding URLs and what is safe to click on.

The concepts are simple, but how those concepts can be combined is complex, particularly if someone is attempting to deceive you.

I’ll try to make some sense of it all.

Read moreHow Do I Know a Web Address is Safe?

How to Remove PUPs, Foistware, Drive-bys, Toolbars, and Other Annoying Things

Ending up with random software on your machine that you never wanted in the first place is annoying as all heck.

Unfortunately, it’s happening more and more. I’d say that PUPs (Potentially Unwanted Programs, although there’s rarely any “potentially” about it), rogue toolbars, and search-engine hijacks are some of the most common issues I see in my inbox.

I’ll talk a little about prevention, but first, let’s walk through the steps I recommend when you suddenly realize you’ve been saddled with software you didn’t know you’d agreed to and certainly never wanted.

Read moreHow to Remove PUPs, Foistware, Drive-bys, Toolbars, and Other Annoying Things

My Computer Is Infected with Malware. Should I Just Throw It Out?

Some time ago, news broke that the U.S. government had plans to destroy up to $3 million worth of computers. In fact, they had already destroyed thousands of dollars of computers by the time the story came out.

Why were they doing it? Because of a malware infection.

I get the question, “Should I just throw it out?” due to malware more often than you think. It’s the knee-jerk reaction of someone who has a machine that is fairly infected and feels utterly hopeless about getting it cleared up again.

But I want to be very clear about something. There is never, ever a reason to destroy hardware because of malware.

Read moreMy Computer Is Infected with Malware. Should I Just Throw It Out?

Are the Bad Guys Winning?

In computer security, it certainly seems as if the “Black Hats” are usually one or more steps ahead of the “White Hats”. What are your thoughts?

There are two answers:

  1. Almost by definition, the bad guys will always be in the lead.
  2. It rarely affects the average consumer directly.

The bad guys aren’t necessarily winning, but they’ll always present a challenge for the good guys.

Read moreAre the Bad Guys Winning?

I Run Anti-virus Software. Why Do I Still Sometimes Get Infected?

I have AVG virus protection always on and have the Windows firewall enabled. Why do I still get infected with some Trojan horses? I check for updates every day so I am sure I am up-to-date.

That’s a very good question. Most people believe they’re totally protected because they have an anti-malware program.

Unfortunately, that’s not true.

The answer is partly the nature of anti-malware software …

… and partly the nature of the race.

Read moreI Run Anti-virus Software. Why Do I Still Sometimes Get Infected?

How Is it Possible to Change a Password Without Re-encrypting an Encrypted Disk?

How is it possible that you can change your Windows password without re-encrypting a hard disk that was encrypted using that password?

I’ll assume you mean BitLocker whole-disk encryption, but the concept applies to many different encryption tools. You can often change the password (or passphrase) without needing to re-encrypt whatever it is you’ve encrypted.

The secret is simply this: your password wasn’t used to encrypt the disk.

Something else was.

Read moreHow Is it Possible to Change a Password Without Re-encrypting an Encrypted Disk?

How Do I Remove Malware?

One question that shows up almost every day in the Ask Leo! inbox is how to remove malware.

Every day.

The scenarios differ, but the problem is the same: a machine has been infected with spyware, a virus, or some other form of malware, and that machine’s owner is having a tough time getting rid of it.

And often there is anti-malware software installed that “should” have taken care of it before it got to this stage.

Hopefully, that’ll never be you. If it is, let’s review the steps I recommend for removing malware and reducing the chances it’ll happen again.

Read moreHow Do I Remove Malware?

How Can I Tell If a Download is Safe?

Someone’s pointing me to a downloadable program as solution for a problem I’m having. I’m really hesitant to download and run unknown EXE files. Is there any way I can scan it with some program or otherwise ascertain if it’s clean or riddled with subtle spyware, viruses, or what ever else could be bad?

I was somewhat taken aback by this question. It’s a perfectly good question — it’s one that more people should be asking more often.

No, my reaction was due to the lack of a good answer.

It turns out that it’s fairly difficult to ascertain whether or not something you’ve downloaded is about to play havoc with your system, particularly before you download it.

But it’s getting better.

Read moreHow Can I Tell If a Download is Safe?

The State of Passwords in 2019

Passwords have been in the news a lot lately, mostly due to various breaches at an assortment of online service providers.

I want to briefly touch on four topics:

  • Best practices: what makes a good password
  • Storage strategies: how to securely keep track of it all
  • Two-factor authentication: protection against breaches
  • The possible death of the password as an security identifier

Read moreThe State of Passwords in 2019

Can Everything I Do Online Be Monitored at My Router?

A few days ago around the dinner table, my family was talking about how police can monitor everything you do on the web and track you. Because he is registered as the owner of the router, my father says that he can view everything I do as it passes through the router. Is this true? And if so, how can I bypass this?

Yes, it’s true.

But before you focus on it too much, there are two things to keep in mind:

  • First, it’s not really easy for the average consumer.
  • Second, there are easier alternatives to monitoring than your router.

Let me explain what I mean and what you can do to protect yourself — if, indeed, you can protect yourself at all.

Read moreCan Everything I Do Online Be Monitored at My Router?

Is Changing My Password Enough?

I regularly hear from people who’ve had their email or other online account compromised, are able to recover access to it, and change their password, only to have the account stolen again almost immediately.

The problem is simple, but the solution is a bit of work.

First, you have to realize that while someone else has access to your account, they have access to everything related to that account.

As a result, changing your password just isn’t enough. You need to do more.

Read moreIs Changing My Password Enough?

How Do I Get Rid of

How can I get rid of It’s taken over my computer and has muscled out my two browsers: Firefox and Explorer. Now everything I do has to go through Thanks for your help.

While it might seem that it’s taken over your computer, it’s more than likely it’s taken over something much simpler: your browser.

Read moreHow Do I Get Rid of

Do I Need a New Email Address if Mine’s Involved in a Breach?


My email address was in one of breaches we keep hearing about. Is that address still safe to use? Should I get a new email address?

There’s no need to get a new address just because your email account was part of a breach — as long as you can still log in to your account.

There are steps you should take, but that’s not one of them.

If you can’t log in to your email account any more, though, you may have no other choice.

Read moreDo I Need a New Email Address if Mine’s Involved in a Breach?

Password Checkup: A Recommended Chrome Browser Extension

Keeping track of passwords is hard enough (though a good password vault helps a lot). But now, it seems, we need to start keeping track of all the various and sundry breaches that have occurred, possibly without knowing whether we’re directly impacted.

Services like Have I Been Pwned? are a great start, particularly with its Pwned Passwords service, which lets you know if your account, or a password you use, is discovered in a breach. You can get notifications when your email address is discovered in a breach, but when it comes to passwords, it’s still a manual process.

That’s where Password Checkup comes in.

Read morePassword Checkup: A Recommended Chrome Browser Extension

Why ANY Two-Factor Is Better than No Two-Factor at All

This is an update to an article that originally discussed only SMS two-factor authentication. Since then, two things have happened:

  • An exploit kit was published allowing a phishing attack to hijack a two-factor secured login.
  • Various media declared, “Two-factor has been hacked!”

Unfortunately, these have led some to believe that two-factor authentication is pointless. To quote a reader:  “This makes 2SV quite useless in many cases.”

No. Just … no. That’s a seriously mistaken conclusion.

I’m re-visiting this topic yet again because I want to be very clear: two-factor authentication is not useless. In fact, two-factor authentication — SMS-based or otherwise — is significantly more secure than not using two-factor authentication at all.

Read moreWhy ANY Two-Factor Is Better than No Two-Factor at All

How Can I Tell If My Computer Is Being Hacked?

How can I tell if my computer is being hacked?

You can’t.

There are some clues to look for, and I’ll review a few of those, but ultimately, there’s no way for the average computer user to know with any certainty that a hacker is not in the process of weaseling in or that they haven’t done so already.

Perhaps now you’ll understand why I talk so much about prevention.

And I’ll talk about it some more.

Read moreHow Can I Tell If My Computer Is Being Hacked?

Two-factor Might Be Hackable? USE IT ANYWAY!

It hasn’t been that long since I wrote about SMS two-factor being hackable, and why you should use it anyway.

It’s an important enough topic that when I saw another article discussing a potential two-factor exploit — ‘You can’t relax’: Here’s why 2-factor authentication may be hackable — I just have to jump in to reinforce my message.

Use two-factor authentication anyway.

I’ll explain why it’s important, even if two-factor is technically hackable.

Read moreTwo-factor Might Be Hackable? USE IT ANYWAY!

What Should I Do About the Latest Breach?

As I write this, there’s been a breach (referred to as the “Collection #1 breach“) that apparently contains something like three-quarters of a billion email addresses and plain-text passwords.  It’s newsworthy because it’s huge and contains passwords for anyone to see.

It’s also quite frustrating, for reasons I’ll outline in a moment.

Naturally, the question I’m getting most is simply this: what should you and I do?

The same thing we do every breach, my friend; the same thing we do every breach.

Read moreWhat Should I Do About the Latest Breach?

12 Steps to Keep from Getting Your Account Hacked

My account has been hacked into several times. If I’m able to recover it, it just gets hacked again. Sometimes I can’t recover it, and I have to start all over with a new account. What can I do to stop this all from happening?

I don’t get this question a lot. But I really, really wish I did. What I get instead, repeatedly, is “I’ve been hacked, please recover my account/password for me!” (Which, for the record, I cannot do, no matter how often, or how nicely, or not so nicely, I’m asked.)

The only salvation is in prevention, and this applies to email, social media, and pretty much any password-protected account you might have.

What can you do to make sure your account doesn’t get hacked in the first place?

Read more12 Steps to Keep from Getting Your Account Hacked

How Do I Gain Access to My Deceased Relative’s Computer?

My {relative} passed away recently. I desperately need to gain access to the contents of their computer so I can recover {important financial documents}, {one-of-a-kind pictures}, {his or her last thoughts}, etc. The machine has a login password that he never shared with anyone. Can I get in? If so, how?

As you can see, this is a composite question based on a scenario I hear from time to time.

A relative or acquaintance has passed away and left behind a password-protected PC containing files that are important for any number of possible reasons.

You may be able to get in. On the other hand, particularly if your late relative was security conscious, you may not.

Read moreHow Do I Gain Access to My Deceased Relative’s Computer?

How Do I Keep My Kids Safe from Internet Garbage?

If you’ve been on the internet for any length of time, you probably feel like its main purpose is to distribute pornography, drug ads, and questionable financial solicitations. If you’ve got kids, you’re probably also worried about pedophiles, cyber-stalkers, bullies, and other nefarious net inhabitants.

While things aren’t nearly as bad as the press might make it out to be, it is bad enough.

What’s a responsible parent to do?

Read moreHow Do I Keep My Kids Safe from Internet Garbage?

How Can an Employer Recover Information I’ve Erased?

I just saw this article where a company did a forensic investigation of one of their employee’s computers. How do they find searches and network activity if one clears their cookies and uses CCleaner?

There’s so much more to your computer, as well as your activity history, than just cookies and whatever tools like CCleaner can clean.

So much more.

I’ll review a few of the more obvious ways employers can recover or collect information about your activity. Realize, though, it’s not with the intent that you be able to hide what you’re doing, but to illustrate the futility of even trying.

Read moreHow Can an Employer Recover Information I’ve Erased?

Use BitLocker to Bypass Potential Self-Encrypting Drive Vulnerabilities

Whole-disk encryption is a form of data security that encrypts all the data on a hard disk, irrespective of what that data might be.

Encryption and decryption happen at a low level, making it transparent to normal usage. As long as you’re able to log in to your Windows machine, you’ll have access to everything on it as if it were unencrypted. Turn the machine off, and the data is inaccessible and securely encrypted until you sign in again.

Low-level encryption and decryption can happen either by the hard disk itself, as data is read from or written to the drive (hardware encryption) or by Windows (software encryption).

The problem? Some drives using hardware-based encryption have been discovered to have vulnerabilities that could allow encrypted data to be exposed.

Read moreUse BitLocker to Bypass Potential Self-Encrypting Drive Vulnerabilities

What Happens When I Die?

Making technology both convenient and secure is a problem we deal with daily. We make trade-offs and use techniques that we hope strike an appropriate balance.

A more difficult dilemma that we rarely think about, however, is death. If something were to happen to you, would the people you leave behind be able to access the information they need? What happens to your encrypted data, online accounts, social media, online finances, pictures, and digital-whatever-else if for some reason you’re not around or able to access it?

I hear regularly from people frantically trying to access important, sentimental, or critical data that a recently deceased or incapacitated friend or family member has locked up tightly.

It’s not particularly pleasant to think about, but with all the security measures we put into place to keep bad people out, it’s worth having a plan for letting the good people in.

Read moreWhat Happens When I Die?

How Can I Use a Password Manager for My Security Questions?

How do password managers handle random security questions?  I’ve never seen this mentioned in any of the articles that I have read.  Am I still going to have to maintain a readily available list of security question answers?

Not surprisingly, password managers are all about passwords. More specifically, they’re about automatically saving and entering your username and password when you need to log in. When it comes to security questions, often also referred to as “secret questions” — well, that’s just not their job.

But that doesn’t mean they can’t help.

Read moreHow Can I Use a Password Manager for My Security Questions?

Don’t Lose Your Phone: Here’s What Can Happen (and How to Prepare)

Mobile phones are amazing devices. They’re much more than just having your email or social media at your fingertips; they’re truly portable general-purpose computers that also happen to be able to make phone calls.

We do a lot with our phones. Because they’re always with us, they’re one of our primary means of content consumption — everything from social media to news to maps to ebooks and more — as well as our primary means of communication (though ironically, rarely by actually using the telephone) and one of our primary content-creation devices as well, in the form of photos and videos.

As tiny computers, we’ve come to rely on them to store data, act as security keys, wallets, fitness trackers, automotive trackers, and dozens of things I can’t even think of right now.

Given everything we use our phones for, to say that we shouldn’t lose them is stating the obvious. And yet lose them we do. I’m going to review some of the things you need to be aware of when (not if) you lose your phone, and some of the ways you can mitigate the damage when it happens.

Read moreDon’t Lose Your Phone: Here’s What Can Happen (and How to Prepare)

BoxCryptor: Secure Your Data in the Cloud

One of the hidden issues in online storage is privacy. Almost all online storage providers have the ability to examine your data or hand it over to law enforcement even if the provider has encrypted your data.

Hopefully, most of us will never have to deal with the law-enforcement scenario, but even the realization that a rogue employee at an online data storage provider could peek into what we keep online can cause concern. For some, it’s enough concern to avoid using cloud storage at all.

The solution is simple: encrypt the data yourself.

Unfortunately, implementing that “simple” solution isn’t always that simple or transparent, and can add a layer of complexity to online storage some find intimidating.

BoxCryptor is a nicely unobtrusive encryption solution that is free for personal use.

Read moreBoxCryptor: Secure Your Data in the Cloud

How Can I Send a Document to Someone Securely?

I recently had to send some very private identification papers over email. Now normally I wouldn’t do this and I would use snail mail instead but this was very urgent and I thought I would take a chance. As far as I know, no ill has come of it but I was wondering what ways are there to send emails securely across all platforms and also be sure that the right person on the other end gets it?

I’m occasionally faced with this same dilemma. Either for expediency or convenience, I want to email something I wouldn’t want to fall into the hands of anyone else.

While there are many approaches, there’s really only one pragmatic approach.

Read moreHow Can I Send a Document to Someone Securely?

What Can a Website I Visit Tell About Me?

When I visit a web site that collects visitor statistics, I understand they can see my IP which will tell them my ISP, that I have a  Mac, the area where I may live, what browser I use, if I’m new to the site, or if I click information on the site. But can the site collect the following information:

  • My computer name (the name I assigned to my computer)?
  • Profile information???
  • My browsing history (any/all sites I’ve visited and when) or can they just tell the number of items in my history?
  • Email addresses associated with my computer?

I’ve reviewed similar questions but I’m not sure I truly understand what information a web server can collect from my connection/browser.

This turns into a fairly complex answer pretty quickly. It’s both more and less than you might think.

I’ll start by covering what every website sees.

Read moreWhat Can a Website I Visit Tell About Me?

Can My ISP See What I’m Doing If I Use a Virtual Machine (VM)?

In your article Can Everything I Do Online Be Monitored at My Router? you state that “your ISP can see everything you do”. Is that still true if I run a virtual machine to hide what I’m doing?

Yes, it’s still true: a VM doesn’t get you any additional privacy from your ISP.

I do need to clarify exactly what “everything you do” means. I’ll also revisit what you need to do to avoid ISP monitoring. Hint: a VM isn’t the solution, but might be a convenient part.

Read moreCan My ISP See What I’m Doing If I Use a Virtual Machine (VM)?

How Do I Know if My Machine is Free of Malware?

How do I find out or know that my computer is free of keyloggers? Would Windows Defender or MalwareBytes find them if there are any, or do you have a referenced article on the topic where I can read about it? Understand that this is the biggest security concern I have about my computer nowadays.

How do you know your computer is free of keyloggers? You don’t.

It’s not the answer most people want to hear, but it’s the true bottom line.

There are a few reasons for it, which I’ll discuss, as well as what you and I need to do in the face of this rather grim reality.

Read moreHow Do I Know if My Machine is Free of Malware?

How to Best Back Up Your Encrypted Data

I talk about encryption a lot. I talk about backing up even more.

Encryption is a critical component of keeping data safe and secure and out of the hands of those who shouldn’t see it.

Backing up, of course, is our safety net for when things go wrong. A recent backup can save you from almost anything.

Unfortunately, I’d wager that most people are backing up their encrypted data improperly. The result is that they’re not as protected by that backup as they might think they are.

Read moreHow to Best Back Up Your Encrypted Data

VeraCrypt: Free Open Source Industrial Strength Encryption

Encryption comes up frequently in many of my answers. People are concerned about privacy as well as identity and data theft, particularly on computers or portable devices where they don’t always have total physical control of the media.

The concern is that someone might gain access to sensitive data.

Encryption is the answer.

Even if your device falls into the wrong hands, proper encryption renders that access useless.

VeraCrypt makes encryption not only easy, but nearly un-crackable.

Read moreVeraCrypt: Free Open Source Industrial Strength Encryption

How Could My Bank Account Have Been Hacked if I Have Good Security?


My bank account was just hacked. The hacker opened a new account, transferred money from my line of credit into that account, then transferred the money out to his outside account. So, it appears he somehow got my client card number and my password.

My laptop is about five years old, running Windows 7, which I update every week. I have BitDefender for virus scans, which I do a full system scan every week. My password was 15 characters long, with a mix of numbers and upper and lowercase letters. When I am not at home, I use a VPN service while on the internet. I have changed my bank passwords to 22 characters long and installed Malwarebytes Premium for real time virus protection.

So, I have two questions: how could a hacker possibly do this with the precautions I have? and how can I protect myself further from this point?

You do have good security in place — above average, I’d say. That makes this situation a little more difficult to diagnose, as well as a tad more frustrating.

While I certainly can’t tell you exactly what happened, I can speculate on some possibilities. I also have a few ideas on how I’d protect myself if I were in your shoes.

Read moreHow Could My Bank Account Have Been Hacked if I Have Good Security?

Download Your Facebook and Google Data

There’s been a tremendous amount of discussion relating to the amount of data kept, shared, sold — and occasionally leaked — by large service providers like Facebook and Google.

Regardless of how you feel about it, it highlights something I believe is important to realize: these services collect a lot of data. We may never know just how much is being collected or with whom it is being shared.

However, both Facebook and Google allow you to download data they’ve collected relating to your account. It’s unlikely to be everything, but even so, it’s a heck of a lot. It’s worth understanding what they have.

Read moreDownload Your Facebook and Google Data

I’ve Lost All My Passwords, What Do I Do?

Do you have a general technique for creating new passwords for every single site that needs them? Yes, I did the unthinkable, I lost my LastPass account and have to start over. This is a reminder of the old saying, “When you have dug yourself into a deep hole, stop digging.” Unfortunately, I was stupid enough to keep digging. I hope you can spare some advice for someone who seems to get more stupid with age. There may be others on your list that have the same problem.

The technique is simple.

The problem is that the technique is time-consuming and ponderous.

Let’s review that technique, and what you can do to avoid this situation in the future.

Read moreI’ve Lost All My Passwords, What Do I Do?

How Should I Encrypt the Data on My Laptop?


My wife needs to encrypt patient files on her laptop.

She has been encrypting individual files, but I wonder if you recommend a program that will encrypt folders. e.g. her Documents folder?

Is there a way to encrypt a hard drive or partition?

Encrypting individual files is perhaps the least efficient way of protecting data. There’s also a serious potential for data leakage, as you must securely delete the unencrypted files after encrypting them. Most people don’t do that.

There are three basic approaches to securing data on a laptop. Which is most appropriate for you or your wife depends a little on how conscientious you are and a little on how geeky you are. Of course, all methods depend on how religious you are about backing up.

Read moreHow Should I Encrypt the Data on My Laptop?

Is Online Banking Safe?

I would think that no PC would be immune from malicious threats if they landed on some corrupt site that then installed malware or key-capture software. Is there any reasonable way to continue to safely do online banking?


Avoid getting infected.

I know, that sounds trite and flippant, and I don’t mean to be so. Ultimately, though, all the advice boils down to exactly that: do what it takes to stay safe on the internet.

I regularly bank online. In fact, I’ve done so for years without incident. I much prefer it over the alternatives, particularly since many alternatives seem to be slowly disappearing.

Read moreIs Online Banking Safe?