Keeping your devices safe
Here are some steps you can take to keep your devices safe and secure your online accounts.
Disable your web browser’s built-in password manager and delete all saved passwords
Many current internet browsers (such as Google Chrome, Microsoft Edge and Mozilla Firefox) have a function that allows you to save any log-in credentials and passwords that you use to your browser, to save you having to log in each time you want to access an account.
We strongly recommend that you do not use this feature. You can erase any saved credentials and disable this feature in the settings or preferences menus of your browser.
- Select the Chrome menu in the toolbar and choose Settings.
- Choose the Autofill option from the menu and click Passwords.
- Turn off Offer to save passwords and Auto sign-in.
- Recommended additional step- Choose the Privacy and security option from the side menu, select Clear browsing data and clear all data for all time. Note - this will clear all your browsing history and stored caches and saved passwords and will log you out off most sites.
- Select the Settings and more menu and choose Profiles.
- Select Passwords and disable Offer to save passwords.
- Return to the main Settings menu and select Privacy, search and services
- Recommended additional step - Scroll down to Clear browsing data and clear all data for all time. Note- this will clear all your browsing history and stored caches and saved passwords and will log you out off most sites.
- Select on the Firefox menu on the toolbar and select Settings.
- Select Privacy and Security.
- Scroll down to Logins and passwords and uncheck Ask to save logins and passwords for websites (uncheck the three related options under this option).
- Recommended additional step – Scroll up to the Cookies and Site Data option, select Clear Data and clear all data. Note- this will clear all your browsing history and stored caches and saved passwords and will log you out of most sites.
Run a virus scan on your devices
We recommend that you undertake a virus or malware scan of the computer you use at home or in the office as a priority.
If you have installed commercially available internet security software (such as Norton, McAfee or Trend Micro) on your computer, we recommend you update the virus definitions for the software and conduct a scan for viruses in your computer’s operating system.
If your computer uses Microsoft Windows 10 or later, but you have not installed internet security software, you can use the inbuilt Microsoft Defender security software to conduct a virus scan of your computer. However, we recommend you first check that Defender is activated and that you run an update of the virus definitions before you conduct a scan of your computer.
For further guidance on how to update use or update anti-virus software on your computer, the Australian Cyber Security Centre provides a useful guide.
Update your device operating systems
In addition to undertaking a virus scan, we recommend that you update your computer’s operating system and ensure that all applications and software on your computer are up to date.
For further guidance on how to update your computer’s operating system, we recommend you refer to guidance published by the Australian Cyber Security Centre.
Strengthen passwords for your online accounts
Once you have scanned all your devices for viruses, we recommend that you change the passwords for your online accounts. We recommend that you do not reuse passwords and use unique passwords (or passphrases) for each online account.
ID Support recommends prioritising the following online accounts for password resets/changes
- Government accounts you operate, including your MyServiceNSW account or accounts with other NSW government or Australian government agencies
- Email accounts, including Microsoft Office and web-based services such as Gmail and Hotmail.
- Your Microsoft Office 365 account (if you use it)
- Online bank accounts
- Accounts with telephone companies, internet service provides or utilities (gas, water) companies, which you access online
Online shopping accounts that you use regularly, particularly accounts where you have linked your credit card or have provided detailed personal information such as date of birth, address and contact details
Activate multi-factor authentication (MFA) for key accounts
Where possible, you should enable multi-factor authentication for online accounts that you operate. Not all online accounts and services have the option of multi-factor authentication, but you should enable it for accounts that do. For example, arrange to get an additional code sent to your phone by SMS before you can log into your account.
The Australian Cyber Security Centre provides a range of guidance on best practice for passwords and password management, and the use of multifactor authentication.
Check your account details
It is possible that people may have used your account login details to access accounts that you operate and change information in them. This could include accounts that you operate with NSW government, such as your MyServiceNSW Account.
We recommend that you check that your vital information in your accounts, including your current contact details, are correct and have not been changed.
For email accounts, we also recommend that you check your account settings to ensure that there are no changes to your account profile or settings, including in relation to login access restrictions, account synch setting and onforwarding rules, or the recovery details for your email account.
If you notice any unexpected changes in any accounts operated by you, we recommend that you contact the relevant business or service provider to discuss additional security controls or alerts that they may be able to place on your account.