Advice Security Experts Rated Useless and Harmful

Security Advice by Category | Security Advice Ranking (Expert) | Security Advice Ranking (User) | Advice Experts Rated Useless and Harmful | Advice Experts Rated High Priority | Full Corpus

Note: The evaluation of the following advice as "useless" or "harmful" does not necessarily reflect the opinion of the researchers. Please see Redmiles et al. 2020 for more information.

All advice is of the form "You should...":

Useless Advice

• consider opening a credit card for online use only [all experts agree]
• file taxes early[all experts agree]
• let your children teach you about the Internet too [all experts agree]
• use an unbranded smartphone [all experts agree]
• ask people to remove your personal information and photos
• be aware of your online reputation
• bring proof-of-purchase for computer equipment when traveling
• carry laptops in something other than laptop cases
• change your respondentname regularly
• contact police or authority figures in case of a cyberattack or cyberbullying
• create keyboard patterns to help with remembering passwords
• create pronounceable passwords
• disable and/or limit caching
• encourage the positive sides of the Internet with children and friends
• install software in phases
• keep the computer in a common room in your house if you have children
• not meet up with people you've met online
• not use credit or debit cards online
• not use encryption when sending e-mail to a listserv
• regularly search for your name
• shut down your computer
• store passwords in a file
• try alternate urls to avoid censorship
• understand new features before you try them
• upgrade your email provider
• use a load balancer

Harmful Advice

• base passwords on upcoming events
• buy devices with passwords, preferably passwords that you can change
• change passwords often
• clear your cookies
• create a new email address if your last one is compromised
• create keyboard patterns to help with remembering passwords
• download a filtering software to prevent website access
• draw shapes on your keyboard to generate passwords
• feel comfortable making weak passwords for sites thar don't keep personal info
• install firmware on mobile devices
• isolate iot devices on their own network
• keep sensitive information on removable storage media
• lock your sim card in your smartphone
• not change browser security settings
• not change your passwords unless they become compromised
• not download or execute any files
• not identify yourself to websites
• not open attachments from unknown senders
• not respond to or retaliate against cyberbullies
• not send or forward files you haven't scanned for viruses
• not shut down your computer
• not use a password manager
• not use encryption when sending e-mail to a listserv
• not use extensions or plugins
• obfuscate something meaningful to generate a password
• protect your computer from power surges
• remove improper and/or sensitive information from the web
• store passwords in a file
• store passwords properly
• transfer sensitive files to network shares
• turn off automatic downloads
• use different personas online
• use filters in email
• use less common software
• use private search engines
• use tor
• use tracking applications
• write down passwords on paper