Despite the existence of millions of popular apps and services today, the humble little web browser keeps on trucking. However, online security and privacy has gotten a lot trickier over the years, and both Google Chrome and Mozilla Firefox arguably need a few tweaks to their settings to help you stay safe on the web. Let's get you up to speed on password management, Google account management, two-factor authentication, spyware, virtual private networks, and more.

Google Chrome settings

1. Disable Chrome's built-in password manager and use a dedicated password manager instead. Dedicated managers have tools to randomly generate strong passwords, and they generally have good tools for importing from and exporting to other managers. With cloud-based managers, you don't have to worry about losing access to the device that contains your password database (and log-in security can be reinforced with two-factor authentication). However, keeping a manager offline greatly limits the number of people who could get their hands on your log-in info.

Bitwarden and 1Password are two well-regarded cloud-based password managers, and KeePass is a trusted offline manager.

With a dedicated manager, instead of having to remember all of your passwords (which inevitably leads to creating ones that are reused and/or easily guessed by a computer), you need only the manager's master password. Once that's provided, you can copy and paste your username and password for the account that you want to access. Password manager browser extensions can also integrate into your browser's right-click menu to automate the pasting process.

To tell Chrome to stop asking if you want to save a password, click the button in the upper right-hand corner with three horizontal dots on it, then click Settings. Type "passwords" into the search field and tap on Manage Passwords when it appears in your search results. In this next window, you can toggle "Offer to save passwords" on and off by tapping on the slider to the right. When the slider turns blue, it's enabled. If Chrome previously saved passwords for you, you'll find the list here. You can delete them -- just make sure that the entries are in your password manager first.

chrome password settings

For higher security, we also recommend disabling the browser's Auto Sign-In feature, especially if this is a laptop or other mobile device. Otherwise, if the device gets stolen, the thief may be able to get access to the accounts that you've previously added to Chrome's built-in password tool.

2. Separate your personal and business accounts. If you're using a device provided by your employer, they may have created a corporate Google account for you, which you want to keep separate from your personal bookmarks, documents, and other cloud data.

To do that, open Chrome, go to, and click the Sign In button in the upper-right hand corner (if you aren't signed in already). Enter your work email address, click the Next button, enter the password for that account, and click Sign In. If your employer hasn't introduced additional security checks, you should be redirected to Google's search page, and now your work account name appears in the upper right-hand corner of the screen.

If you add a personal account in addition to your work account, anyone who's using this browser can toggle between the two at any time, which is probably not something that you want to have on a work device. It's also not worth the hassle anyway, because logging out of one Google account logs you out of all of them. So you have to log in to your work account a second time to regain access to your work-provided Google services like Docs and Gmail.

3. Adjust a few settings for more privacy. At the bottom of the Settings window, click Show Advanced Settings and look at the Privacy and Security section. If you have enabled the prediction service, it will send whatever you type to Google's servers. Disable that for better privacy. Lastly, disabling Autofill can make its saved information unavailable to someone else if your device gets lost or stolen.

chrome prediction settings

4. Protect your Google account with app-based two-factor authentication (2FA). This isn't exclusive to the Chrome browser, but since we're on the subject of your Google account: You should be protecting it with a 2FA app. With 2FA enabled, you'll enter a six-digit code after logging in to your Google account with a username and password. It's an extra step, but the codes only exist on your device, which makes it very difficult for an unauthorized user to gain access, unless they're pretty much looking over your shoulder. Google provides its own free authenticator app, and you can set it up to give you 2FA codes pretty easily. This official support page will walk you through the process.

5. Delete your browser activity history at any time with Ctrl+Shift+Delete. This keyboard shortcut opens up a menu where you can decide what the browser remembers. You can tap the Clear Data button to just nuke everything, or you can set a specific time frame, or you can click on the Advanced tab and pick out what you want to keep, if anything: download history, browsing history, cached images, passwords, and more.

deleting chrome browser history

Mozilla Firefox settings

1. Disable the built-in password tool. The same rules about passwords apply to the Firefox browser; grab a dedicated manager like 1Password, Bitwarden, or KeePass, instead of using the browser's built-in tools. To disable it, click on the hamburger menu in the upper right, select Options, click on Privacy & Security in the left-hand pane, and uncheck the box next to "Remember logins and passwords for websites."

2. Tweak your Firefox history settings. By default and for your convenience, Firefox will keep a record of the websites you visit and the files you download. It can also remember all the searches that you enter into the address bar, and text that you've entered into online forms. All of this is controlled in the section just below the password settings that we just discussed. With a click, you can delete all of this data, set up exceptions for things that you never want deleted, and browse through the activity that Firefox has logged.

3. Surfing in a Private Window. Of course, you can also leave these settings alone and just surf in a Private Window by pressing Ctrl+Shift+P when you don't want to leave traces. This mode won't let Firefox remember where you go, what you search for, or what site cookies you collect. Unlike Chrome, all of your browser extensions will remain active in this mode, so you don't need to manually re-enable them.

firefox private browsing

Keep in mind that if you accidentally close your browser window while in Private Mode, you won't be able to pick up where you left off. This mode will open to a blank page. However, you can still restore a closed tab like usual, with Ctrl+Shift+T.

And as with Chrome, you can delete all activity history by pressing Ctrl+Shift+Delete and clicking on the Clear Now button.

Private web connections

A virtual private network (VPN) creates an encrypted tunnel between your PC and a website that even your Internet service provider can't snoop on; your ISP can only see that you're connecting to the VPN, not what website you're using the VPN to connect to. There's usually some loss in speed, so it's not ideal for streaming 4K video or downloading big games. But if you're transmitting sensitive info like tax returns or legal documents, more encryption is always welcome.

We don't recommend free VPNs, however. When the app is free, it's usually the customer who ends up becoming the product. Free VPNs also tend to be pretty slow due to high demand. If you need something like a VPN but you need to stretch your dollar, we recommend the free Tor Browser Bundle. It's based on Firefox and connects to Tor, which is a network of volunteer servers around the world that will bounce your connection around to increase your anonymity by the time you reach a website.

Check our guide about choosing a VPN and our shortlist of premium VPN providers.

Cleaning up spyware

If you install sketchy software -- like password crackers, product-key generators, or some network-penetration tools -- malicious or undesirable code may sneak its way into your browser. Some legit-looking programs also sneak spyware onto your PC during the installation process. For example, some browser toolbars appear harmless but secretly track all the websites that you visit.

Even if you're running antivirus software that constantly guards your activities, it's a good idea to periodically run a manual malware scan of your computer. Some malware targets and disables specific antivirus software, and antivirus apps may not search for all the threats that an antimalware app scans for. So an antimalware app is an excellent second line of defense . Popular choices include Malwarebytes Anti-Malware, Spybot Search & Destroy, and Trend Micro HijackThis.

Ad blockers

Some ad banners are avenues to getting malicious code on your computer, so a filter like Ghostery, AdBlock, or Adblock Plus isn't a bad idea. Much of the web runs on ads, though, so we encourage you to not block them on the sites that you trust and find useful.

Further reading

Tom McNamara is a Senior Editor for CNET's He mainly covers Windows, mobile and desktop security, games, Google, streaming services, and social media. Tom was also an editor at Maximum PC and IGN, and his work has appeared on CNET, PC Gamer,, and He's also unreasonably proud that he's kept the same phone for more than two years.