Security Tools

Essential tools to protect your family online

The right security tools make staying safe online much easier. In this lesson, you will learn about password managers, two-factor authentication, browser extensions, and other tools that significantly improve your digital security.

Browser Extensions

Browser extensions can add powerful security features to protect you while browsing the web. However, choose carefully — extensions have access to everything you see and do in your browser.

Recommended Extensions

  • Use uBlock Origin to block ads and trackers
  • Install a password manager extension (Bitwarden, 1Password)
  • Enable HTTPS-only mode in your browser settings
  • Consider a VPN extension on public networks
  • Only install extensions from official browser stores

Extension Safety

  • Some browser extensions spy on you (stick to well-known ones)
  • Too many extensions can slow down your browser
  • Free VPNs often sell your data to advertisers
  • Always read reviews before installing any extension
  • Remove extensions you do not use anymore

Two-Factor Authentication (2FA)

2FA adds a second layer of security. Even if someone gets your password, they cannot access your account without the second factor (like a code on your phone). This is one of the most important security measures you can enable.

2FA Best Practices

  • Enable 2FA on all important accounts (email, banking, social)
  • Use an authenticator app over SMS — see recommended apps below
  • SMS 2FA is better than nothing but can be intercepted
  • Keep backup codes in a safe place (written down, not online)
  • Test 2FA before you need it (try logging out and back in)

2FA Warnings

  • Never share your 2FA codes with anyone
  • Do not approve 2FA requests you did not initiate
  • If you lose 2FA access, recovery codes are your only backup
  • Some sites only offer SMS 2FA (still use it)
  • Scammers may try to trick you into giving them a 2FA code

2FA Examples

Legitimate 2FA:

Enter code from your authenticator app: 123456

2FA Scam:

Someone calls: "I need your 2FA code to verify your account. It's 123456."

Recommended Authenticator Apps

Authenticator apps generate secure codes locally on your device. They are more secure than SMS because they cannot be intercepted through SIM swapping.

Aegis Authenticator

Free • Open Source • Android

  • AES-256 encrypted vault — codes hidden until you unlock with biometrics or password
  • Zero data collection — no account, no tracking, no analytics
  • Import from Google Authenticator, Authy, andOTP, and more
  • Screenshot blocking and auto-minimize after copying (anti shoulder-surfing)
  • Supports TOTP, HOTP, and Steam Guard
  • Encrypted local backups — your data never leaves your device

PCMag Editors' Choice for Android authenticators. Note: Android only — no iOS version.

getaegis.app

Ente Auth

Free • Open Source • iOS + Android

  • Cross-platform — works on iPhone and Android
  • End-to-end encrypted cloud sync (optional)
  • No account required — use without signing up
  • Supports TOTP and works offline
  • Open source and audited

Best open-source option for iOS users or families with mixed Android/iOS devices.

auth.ente.io

Frequently Asked Questions

What is two-factor authentication (2FA) and why should I use it?
2FA adds a second layer of security beyond your password. Even if someone steals your password, they cannot access your account without the second factor (usually a code from your phone or an authenticator app). Enable 2FA on all important accounts: email, banking, social media, and any account with sensitive data. It is one of the most effective ways to prevent unauthorized access.
Should I use an authenticator app or SMS for 2FA?
Authenticator apps are more secure than SMS. SMS codes can be intercepted through SIM swapping attacks. Authenticator apps generate codes locally on your device and work offline. Aegis Authenticator (getaegis.app) is a free, open-source option for Android that encrypts your vault — PCMag gave it their Editors' Choice award. Ente Auth is a great cross-platform (iOS + Android) alternative. If a service only offers SMS 2FA, use it — it is still much better than no 2FA at all.
Are free VPNs safe to use?
Most free VPNs are NOT safe. They often track your browsing, sell your data, show ads, or have security vulnerabilities. If you need a VPN, choose a reputable paid service with a clear no-logs policy. For most people, a VPN is mainly useful on public Wi-Fi networks. Some trusted options include Mullvad, ProtonVPN (has a free tier), and IVPN.
What browser extensions should I install for security?
Essential security extensions include: uBlock Origin (blocks ads and trackers), a password manager extension (Bitwarden, 1Password), and HTTPS-only mode (built into most browsers now). Be cautious with other extensions — only install from official stores, check reviews, and remove any you do not actively use. Each extension is potential attack surface.
How do I recover my account if I lose 2FA access?
When you set up 2FA, most services provide backup codes. Store these codes securely (written down in a safe place, or in a password manager). These codes can be used to access your account if you lose your 2FA device. Without backup codes, you may need to contact the service's support team with identity verification, which can take days.

Ready to Practice?

Test your security tools knowledge with our interactive games.

Try Interactive Version