The idea that we should create a gargantuan list of cyber security tools started to spring in our minds around the beginning of this year.

We started from a simple idea: It should be useful. We need it. You need it. It will come in handy in the future, to have all those tools in one place.

In our journey into the cyber security and data protection world, we ran into lots of useful tools. Some of them were unmarketed gems that we had no idea that they even existed. We ran into most of them completely by mistake, while searching for something else (usually on Quora or randomly navigating on blogs).

When we finally decided to do it, to work on the list, we had no idea how and where to begin.

What tools should we include? What should we not? How do we tell if one is worthy and the other one is not?

Do we mention ultra-known products?

What about antivirus products? We haven’t tested them all since there are independent industry experts who do a much better job.

Should we mention the services that are duplicated and basically do the same thing? Or should we stick to the best?

Why? Who decides what’s best for someone and what’s not?

Should we stick to what’s free or should we also add paid products?

Eventually we came up with what we’re about to read. But first here’s a quick guideline that you should read before we jump right to the subject:

  1. We don’t claim that this is the ultimate list. It’s not complete and it’s definitely not final. It probably never will be. We are aware that we missed lots of essential, important tools – by mistake or just because we can’t know them all. So please feel free to jump in with more useful tools that you feel they should be mentioned.

  2. We stayed away from recommending antivirus, VPN or firewall products. There are independent industry experts who only do that. Instead, we prefer to list those experts or websites that will help you compare such services, in order to choose what’s best for you.

  3. We tried to test them all before recommending them. And we only included tools that have free versions.

So here we go:

50+ free security tools you can use for your online protection

Table of contents:

Check if your password is strong
Password managers
Activate two-factor authentication
Was your account hacked?
Geo-tag removal on social accounts
Revoke access to third party apps
Do a security check-up
Other communicating tools
Keeping vulnerable software under control
Extra Encryption, Privacy and Anonymity
Redirect checkers
Remote screenshots
Scan for threats



Check if your password is strong

A unique, strong password is key to our online security. We keep nagging about it in our articles (and we’ll keep on nagging) because most people simply ignore this basic rule.

First of all, here’s why it should be unique:

We never use the same key for our house and car, right? Then why would we use the same password for our accounts?

Our online accounts are interconnected. If one of those passwords is breached, the cyber criminal will have access to the rest of your accounts.

And no matter how careful you are not to give out your password, sometimes you might not be responsible for the breach. Companies have plenty of vulnerabilities. Their employees can have poor security habits. Their ex-employees might want to get vengeance this way. Your online connection might not be secure and your traffic unencrypted. There are tons of flaws out there that could expose your credentials.

How your online accounts are interconnected

Second of all, here’s why it should be strong (and what does “strong” mean):

Most people have weak passwords. They use family or pets names, favorite songs, birth dates and so on. This type of information nowadays is readily available online – usually posted directly by us, on social networks or blogs or forum comments.

If a cyber criminal really wants to hack your account and you use such a password, all they’ll have to do is spend some time finding out more information about you.

They also have the technical skills to test out millions of passwords combinations in a short period of time. So there’s that.

These are the worst passwords of 2015:


If you really want to find out more about how to manage your passwords like an expert, you can follow this guide (includes some easy-to-follow steps).

And here are some tools that you can play with to find out how secure a password is considered (don’t test using your real passwords!).

Another cool tool can estimate how long it would take for your password to be cracked by a hacker: Estimating Password-Cracking Times

how secure is my password

Password managers

Constantly coming up with strong, unique passwords is hard. We get it.

It’s hard to remember to change them, and it’s even harder to remember them. Especially since it’s not recommended to write them down – not in a document on your desktop, not in an email draft, not in your phone or written on a paper that stays under your mouse pad. No, no, no, no.

And since not all of us have an elephant memory, some smart guys created tools that make it easier for us to manage passwords.

Passwords managers are easy to use. You install them as browsers plug-ins and they help us save passwords and keep them encrypted. When we log in to a new account, the password manager will ask us if we want to save the password.

All we have to do is remember the password that we use for the password manager tool account.

Here are some of the most popular apps for password management:

  • LastPass – it’s one of the oldest and most known password managers.
  • Sticky Password
  • 1Password – not exactly free, but offers a free trial that lasts 30 days


Activate two-factor authentication

Ok, so this is plan B. If passwords fail and a cyber criminal somehow manages to find out your beautiful, strong, unique and completely random password, the second factor authenticator will work as an extra shield.

Two-factor authentication adds an extra layer of protection. This way, the password will not be enough to access your account, you’ll also have to prove your identity using a second method. This usually consists of a unique, time sensitive code, that you receive using your mobile phone.

In order not to do this every time you log into your account, you can choose to remember the devices you use and only require the second way of authentication when you want to log in from a new device (laptop, PC, tablet, browser, whatever that may be).

I always wonder why the companies don’t enable this option by default. It would help avoid a great deal of accounts that end up compromised because of poor passwords habits.

If you want to check what services offer users the possibility to activate two-factor authentication, use this tool:

Two Factor Auth

Was your account hacked?

There are several projects out there that store huge database of leaked, stolen or compromised passwords.

Other projects gather all the past data breaches.

You can use them to confront with your passwords or accounts and check through their databases.

If someone ever used a password that’s the same with yours and was leaked in a past breach, you’ll have to change it.

You can also check if you have any accounts that were compromised in any of those data breaches.

Use these services:

Here are more projects that you can use to inform yourself about data breaches:

World's biggest data breaches (Feb 2016)


Geo-tag removal on social accounts

It’s highly recommended that you avoid checking in from your social accounts – especially from your home.

Something so common and apparently innocent as a social media check-in can turn into a nightmare. You can never control who can access your social network posts. You never know who else benefits from the information you shared.

There have been many cases of people who checked in while on vacation, bragged about the wonderful places they visited, only to come back home and find out that they were robbed. Burglars were tipped of thanks to the posts on social media.

However, if it’s already too late and you already have plenty of check-ins made online, you can remove your previous ones.

For Facebook you’ll have to do that manually for each post you published and then turn off location for future posts. However, for Instagram there’s an easier batch solution that you can use.

Here’s how you remove Instagram geotags:

In the Instagram mobile app, go to your profile and tap on the dropped pin icon. At the top right you’ll see three dots, tap on them and then click on “Edit”. Afterwards you’ll see a photo map of your photos that have geotags. You’ll just have to select the photos that you want to remove from your geo-map. Tap on them, and then tap on the check mark at the top right of the screen. It will ask you to Confirm that you want to remove the geotags and permanently remove their location data from Instagram – click Confirm and that will be it.

How to remove geo tag location from Instagram account

Revoke access to third party apps

You probably logged in with your social accounts to many third party apps – games, other social networks, streaming services and so on.

For privacy matters, it’s recommended that you only allow access to trustworthy apps. Those apps have access to your profiles and personal information.

From time to time, make sure you check every single app that you allowed to access your account and remove the ones that you don’t use anymore.

Here’s how you can remove access to external apps from every major social network:

Third party apps on Facebook

Do a security check-up

Google and Facebook are among the networks that offer the possibility to do a security check-up. They will take you through the steps you need to check or activate in order to enhance your account’s protection.

Facebook security checkup

Other communicating tools

Here are other communicating tools that are focused on anonymity and encryption:

  • Signal – free mobile app that you can use for encrypted communications (phone calls and messages). They also have a partnership with WhatsApp and helped them integrate end-to-end encryption.
  • Off The Record – encrypted app used for instant messaging.
  • Safe Pad – an online notepad that is encrypted end-to-end.



Keeping vulnerable software under control

There are some major software apps that are buggy and expose you to cyber attacks. “Software” and “buggy” might just be pleonasms for the moment, as all softwares have bugs and vulnerabilities.

What you should bear in mind is that you can reduce your odds of being infected just by keeping those buggy apps up to date. Or disabled until you really need them and activate them punctually. Or uninstalled, if they aren’t vital to your work.

By “apps” we mean browsers, plug-ins, add-ons. Chrome, Firefox, Flash Player, Java and Adobe Reader, just to name a few of them, but you should take a look over the infographic published here to find out more about the top most vulnerable apps.

8 software apps make 99 percent of computer vulnerable heimdal security

Here’s how you can reduce your odds of getting infected:

  1. Keep those vital apps up to date. You can use an automated patching tool that will take care of that for you, silently (Heimdal FREE does that).

  2. Use a tool that will scan your traffic and restrict your access to infected web pages (our product also does that, and also makes sure that none of your data goes out to the bad guys).

  3. No clicking on suspicious links or attachments, short links that you don’t know where they’ll lead you, nothing that you never requested or sounds fishy (even if it’s coming from your online buddies). Staying away from dangerous web locations also is vital (that means no websites that host illegal content, such as torrents).

  4. Keep activated a good, trustworthy antivirus. Here’s how to choose it.

  5. Use an app that will block those plug-ins and apps.

Here’s a simple ransomware infection chain:

simple ransomware infection chain

Some tools that will come in handy:

  • AdBlock – you’ll get rid of annoying ads, but you’ll also reduce your chances of ending up with a ransomware infection from malvertising.
  • NoScript – add-on for Firefox that allows plugins to be executed only by trusted web sites of your choice.
  • Script Safe – same as NoScript, but for Chrome.
  • Flashblock – Firefox add-on that blocks Flash
  • Flashcontrol – Chrome add-on that lets you take more control over Flash

Extra Encryption, Privacy and Anonymity

If you want extra anonymity, here is a list of tools that are focused on encryption and privacy:

  • Tor Project – we’re sure you already know about this one. You can use Tor to browse the web while staying anonymous.
  • Comparison VPN – the name is pretty much self explanatory, right? “VPN” comes from “Virtual Private Network” and it’s used to encrypt your outgoing and ingoing traffic. This tool will help you compare between different VPN services.
  • Duck Duck Go – it’s a free search engine but, unlike others, it doesn’t track you, doesn’t collect or share any of your personal information.
  • Disconnect – the basic version will block trackers from websites.
  • uBlock – a lightweight free and open source browser extension that will help you filter our annoying or unwanted content, such as tracking cookies and ads (available for Mozilla, Chrome, Safari and even Microsoft Edge).
  • Https everywhere – it’s an extension for your browser that encrypts your communications with major websites; resulted as a collaboration between The Tor Project and the Electronic Frontier Foundation.
  • Ghostery – a free browser extension that lets you control trackers from the websites that you visit.

Puzzle chaos

Redirect checkers

If you want to avoid any phishing or malware infection, it’s best that you don’t click on any links that you don’t know where they’ll lead you. They might be links shortened using services such as, or links that look similar to perfectly legitimate ones but use a variation in spelling or domain.

Use one of these services to check where a link will redirect you:


Remote screenshots

As an alternative to remotely check where a short link will take you, you can also use a service that remotely takes screenshots of a given website.

This kind of services are usually used by developers, to see how a website will look on different resolutions and browsers used by users, but they can also come in handy when it comes to security.

This way, you’ll see how a website looks like and where you’ll end up if you click on that link, without actually visiting it.

You can use one of these services:

Scan for threats

There are services that will help you check if a website has been reported for phishing, malicious code, unwanted software or has a poor reputation. This way, you’ll know to avoid it.

You can check using one of these:

Safety first
Photo credit


How valuable are the work documents that you keep on your desktop, your email or in the cloud?

What about your collection of photos or private conversations? Would you miss them if they were ever deleted or lost?

What if they were stolen? Or, even worse, encrypted in a ransomware attack?

Stop telling yourself “it can’t happen to me”. The odds for ending up with malware are against you.

And most of these attacks are automated, nobody hand picks you as a victim. It’s enough for you to have files and outdated browsers, plugins or apps. You don’t even have to click or download anything to end up infected – nowadays you can be compromised even on perfectly legit websites.

For example, BBC, The New York Times and AOL were recently hit with a malvertising campaign that delivered ransomware to users.

Bad news is that even if you pay the ransom, there’s no guarantee that you’ll receive the encryption key to gain back access to your files. Or the encryption might have gone wrong and corrupted the files. It’s one of the reasons why the FBI advises against paying the ransom.

No matter how many security layers you have in place, always have backup. Set in place at least two automatic backups. If everything else fails, at least you’ll be covered.

It’s not complicated to set them up, you don’t need advanced tech skills. My colleague Andra explained in a separate blog article how you can easily backup your data.

And here are two more tools that will help you out:

  • Best Backup – helps you choose the backup solutions suited to your needs
  • Spider Oak – backup solution focused on encryption and security

Cloud backup


Although ignored by most people, this step is also important to cyber security. Take your time and file a report if you run into anything that looks fishy.

If you have a hunch that something is wrong and you might have fallen into a trap, immediately contact your bank or credit card institution and close the accounts you believe they may have been compromised.

If this is not the case and you simply ran into spam, scams or phishing attempts, it’s best that you report them to government organisations or even cyber security companies.

Here are some of the places where you can do that:


A few tools that didn’t fit into any other major category, but we also wanted to mention them.

For the ones with advanced technical skills, here are some tools that show vulnerabilities in software:


In the cyber security game, the good guys and the bad ones constantly try to outrun each other.

That’s why you should always remember that no tool is bulletproof. Don’t rely exclusively on a software or an app to keep you safe, as they all have flaws and vulnerabilities.

Instead, try to think and act like a journalist. Question everything that you receive or run into in the digital world, even if it only looks slightly suspicious. Triple check it before you act on it, be sure that you don’t throw yourself into anything fishy.

Continue to improve your cyber education. In time, you’ll train your intuition and it will become increasingly easier to spot potential compromises.

It’s essential that you never give up on healthy security habits. Add as many security layers as possible – onion style – in order to decrease the impact of a potential attack.

Hope for the best and prepare for the worst, right?

2016.10.05 QUICK READ

Ransomware Decryption Tools – Unlock Your Data for Free

Free Encryption Software Tools
2016.06.02 SLOW READ

9 Free Encryption Software Tools To Protect Your Data [Updated]

Free PC Security Hacks
2015.04.15 SLOW READ

13 Free PC Security Hacks to Build Your Online Protection


[…] – Beware of links that you don’t know where they lead. They might be short links or IP addresses. If you don’t know what’s on the other end of the link, don’t click on it. You can check them first with a tool that shows you where they redirect (here’s a list of such security tools). […]

[…] You need to remember to log out from your online account. If you don’t do this, especially if you are in a public location, the next person who opens Facebook in the browser will access directly your Facebook profile. I recommend you use a virtual browser for your financial operations to keep your online banking secure (the ones mentioned on point number 6). Also, if you want to avoid authentication credentials (or cookies) from being stored in the browser, try solutions such as or uBlock or others from this list we made. […]

[…] in ransomware attacks. Just don’t click them. And if you’re unsure of a link, there are a lot of tools you can use to verify if a link is safe or not. But don’t rely on those verifications alone. […]

A very important topic in these terrible times (Ransomeware)

[…] risk when there are so many protection mechanisms and tools – some even free – that will keep you […]

A very good and detailed article. many thanks, fav’ed!

[…] That’s why you need to make sure we use strong passwords, which contain different character types, like uppercase and lowercase letters and numbers, and are more than 15 characters long. There are even several ways you can test if your passwords are strong enough. […]

[…] major article, that we’ve been working on for a veeery long time, is this list of tools that you can use to enhance your security and privacy. Last time we counted there were more than 50 free tools – and I’m sure we’ll […]

Leave a Reply

Your email address will not be published. Required fields are marked *