Click wisely

Man using laptop and holding credit card

Before entering sensitive information into a website, look for the security padlock symbol. The padlock is one way of checking that a website is safe and indicates that the information you submit is secure.

  • Double-click the icon. It will display the certificate information for the page you are viewing to guarantee that you are on a safe, secure website. Make sure the certificate is current and issued to the same company you are visiting.
  • Don’t be fooled by a padlock that appears on the web page itself because it is possible for a cyber criminal to copy the image. So, double check that the padlock is in the window frame of the browser itself.
  • After validating the padlock, you can also check the text before the website name in the address bar. The “https” is another indication that the page you are viewing is secure.
  • Pay attention to the web address. Check the address and if you click on a link, look to make sure that the address stayed the same. If it has changed, then it has taken you to a fraudulent web address where cyber criminals can monitor and access your information.

Browser Security

Secure Your Browser

Always run an up-to-date version of your web browser. Use Qualys’ BrowserCheck to confirm your browser, plug-ins and system are patched.

Browser Privacy Settings - Vendor information regarding browser privacy settings.

Exploiting browser vulnerabilities has become a popular way to compromise computers. There are several easy ways to secure your preferred browser, through individual browser settings and add-ons. Browsers aim for a balance of performance and security. Features added by the manufacturer to improve performance may make the browser (and the computer) less secure. In addition, the more add-ons you have installed, the more your browsing experience may be impacted or slowed.

Tips for Safe Internet Browsing

  1. Install and use an ad blocker such as AdBlock Plus or uBlock Origin (for Chrome or Firefox).  It's best to use one or the other not both.
  2. Do not use the "remember my password" function of a browser or website. Instead, use the 1Password password management service (available free to Duke faculty, staff and students). You may review details about getting set up with 1Password at the 1Password service page. To remove data that may have already been saved see:  Chrome and Firefox.
  3. Ensure the pop-up blocker in your browser is enabled (instructions available for Chrome and Firefox).
  4. Consider private browsing using Chrome Incognito mode or Firefox private browsing. These options are starting to be available for mobile browsers as well. Firefox has created Focus as a privacy focused browser. 
  5. Consider uninstalling Adobe Flash or Oracle Java plugins if you have them installed. Many content providers have moved away from these platforms due to ongoing security issues with both. If you need Flash, it's built into Chrome. If something needs Oracle Java, remember it needs to be updated on a regular basis.  They continue to be two of the top programs leveraged by malware to compromise computers.

For Advanced Users 

The items listed below will add additional security to your web browsing, but from time to time may need adjusting for a site to function.  You should read what these extensions do, and research each before deciding if they are the right tools for you. They may be available for other browsers, we've only provided links for Chrome and Firefox here. Users should be comfortable with managing Chrome extensions and Firefox add-ons as a prerequisite to using any of the items in this list. Extensions also add to the overall resource use by your browser. Mobile users will find some of these have App corollaries as well.

  • NoScript Firefox only - Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks, "Spectre", "Meltdown" and other JavaScript exploits.
  • UMatrix  Chrome and Firefox - Point & click to forbid/allow any class of requests made by your browser. Use it to block scripts, iframes, ads, facebook, etc.
  • IP Whois & Flags Chrome and Firefox - Displays server's location for all websites, and provides Geo location and WHOIS info on toolbar click
  • Privacy Badger Chrome and Firefox - Protects you from trackers as you surf the web.
  • Ghostery Chrome and Firefox - A powerful privacy extension. Block ads, stop trackers and speed up websites. Creating an account allows settings to be shared between machines and browsers.
  • Web of Trust Chrome and Firefox - Instantly know which websites to trust! WOT protects you while you browse, warning you against dangerous sites that host malware, phishing, and more. Creating an account allows settings to be shared between machines and browsers. Can use a user's Google credentials for login.