Privacy checklist for everyday browsing
Good privacy is not a weekend project or a wall of jargon. A handful of settings do most of the work, and you can set them once and forget them. You do not need to become a security researcher — you just need to close the obvious gaps. This checklist walks through the four areas that matter and tells you what to change in each.

Work through the four sections below in order. Each one is short, and you can stop after any section and still come out ahead. None of it requires technical skill — just a few minutes in the right settings menus.
Accounts
Your accounts are the front door. A reused password that leaks from one site can unlock dozens of others, so this is the area where a little effort pays off the most. The goal is simple: every account gets its own strong password, and the important ones get a second lock.
- Use a strong, unique password for every account — never reuse one across sites.
- Install a password manager so you do not have to remember or invent those passwords yourself.
- Let the manager generate long, random passwords; you only need to remember the one that unlocks it.
- Turn on two-factor authentication (2FA) for email, banking, and any account you would hate to lose.
- Prefer an authenticator app or a passkey over text-message codes when a site offers the choice.
- Check your saved logins for old accounts you no longer use, and close the ones you do not need.
Browser
You spend most of your online life in a browser, so a few settings here go a long way. Most of this is about staying current and cutting down on what follows you around the web.
- Keep your browser set to update automatically — updates fix security holes, not just add features.
- Remove extensions you no longer use; each one can read more of your browsing than you might expect.
- Install extensions only from official stores, and skip anything that asks for more access than it needs.
- Turn on the option to block third-party cookies and trackers where your browser offers it.
- Review site permissions for location, camera, and microphone, and clear ones you do not recognize.
- Pick a search engine you are comfortable with from a privacy standpoint.

Network
Your network is how your traffic reaches the internet, and not all networks are trustworthy. Public Wi-Fi in cafés, hotels, and airports is shared with strangers, so this section is mostly about protecting yourself when you are away from home.
- Use a VPN on public Wi-Fi so others on the network cannot see what you are doing.
- Turn on the kill switch so nothing leaks if the VPN connection drops for a moment.
- Let the VPN handle DNS so your provider, not the café router, resolves the sites you visit.
- Run a quick DNS leak test once to confirm everything is routing through the tunnel.
- Confirm your VPN is installed on every device you actually browse from, not just one.
Devices
Finally, the device in your hand or on your desk. Phones and laptops carry a lot of personal data, so a few basic protections matter in case one is lost or stolen — and so apps cannot quietly collect more than they should.
- Set a lock screen with a strong PIN, passcode, or biometric on every phone and laptop.
- Turn on device encryption so your data stays unreadable if the device is lost or stolen.
- Review app permissions and revoke access to your location, camera, mic, and contacts where it is not needed.
- Keep your operating system updated so security fixes arrive automatically.
- Delete apps you installed once and forgot about — each one is a little more exposure.
- Remove old devices from accounts you no longer use.
Frequently asked questions
Do I need a VPN at home?
On your own trusted home network, a VPN is optional for everyday browsing — your traffic is not shared with strangers the way it is on public Wi-Fi. A VPN at home still helps if you want to hide your browsing from your internet provider or keep your IP address private, but the bigger win is using one whenever you connect to Wi-Fi you do not control.
Is a password manager safe?
A reputable password manager is far safer than reusing passwords or keeping them in a note. Good managers encrypt your data so that only your master password can unlock it, which means even the company cannot read your logins. The main thing you control is choosing a strong master password and turning on two-factor authentication for the manager itself.
What is the single most important step?
If you only do one thing, install a password manager and use it to give every account a strong, unique password. Reused passwords are the most common way accounts get broken into, and a manager fixes that across all your accounts at once. Adding two-factor authentication to your email is a close second.
How often should I redo this checklist?
Once or twice a year is plenty for most people. It is also worth a quick pass after a major change — a new phone, a new laptop, or a big software update — since those are the moments when settings get reset or new apps ask for access.
