4 quick security upgrades I always do on a new PC

Put a brand-new laptop or desktop PC in front of most people, and they’ll begin installing their favorite programs. Me? I check out its security setup.

That’s not just making sure basics like antivirus is active. I also look at Windows and installed apps to make sure the whole computer is configured to cover my butt while I’m online. Sure, I’m still careful while on the web. But having safeties in place is smart, too.

So here are the four things I always poke at—and you should, too.

Antivirus software

The very first thing I look over is the antivirus app settings on the new PC. In some instances, this may be Microsoft’s own built-in app, Windows Security. Other times, it’s independent antivirus software, usually a trial of one of the paid subscriptions we review for our best antivirus roundup.

The main difference between the two are the interface and feature sets—Windows Security lives silently in the background, with notifications only popping up if something is amiss or needs attention. The interface is also very simple and doesn’t explain the different features in depth. Meanwhile, third-party software tends to bulk up its software plans with extra features (some extraneous, even), and more attractive, better explained user interfaces. You also tend to get more control over settings, too.

Because new PCs often come with paid antivirus trials, I try immediately to settle on the best antivirus program for the person using the machine most. Don’t like a lot of nag screens or busy interfaces—or alternatively, don’t want to get stuck paying for AV continually? Windows Security is fine. I will however tweak the settings to turn on ransomware protection and the various app & browser protections, plus also verify that core isolation is already active.

Prefer a specific set of features (like robust parental controls), more explanation for what’s happening with scans, or additional security tools (like a password manager and/or VPN) in one interface? A third-party AV option will be best, and with all the options available, there should be one that fits both the feature set and budget desired.

Password manager

Alaina Yee / Foundry

The next thing I like to set up is a password manager. You can use the built-in password management in a browser like Edge or Chrome, but I recommend an independent service like Bitwarden or Dashlane (or even a local app like KeePassXC, if you’re willing to manage your own backups).

Using the password manager in Edge or Chrome is typically tied to a Microsoft or Google account, respectively—so if the account is ever hacked or the password stolen, you run the risk of losing access to not just your email and files, but also all your passwords, too. Keeping those things separate helps prevent damage from being too harsh. 

(That said, for folks who can’t manage too many accounts, then Microsoft, Google, or Apple’s password management is fine. They don’t have as many features as dedicated services, but the basics are in place.)

I tend to prefer installing a desktop app whenever possible, for a bit of heightened security. A browser extension of course does make using passwords far simpler and faster, but it can be riskier, as they’re a bit more vulnerable to attack. But again, whatever helps you use unique, strong, and random passwords across different sites is best. Be mindful of what other extensions you install on your browser, apps you download, sites you visit, and links you click on, and you should be fine.

For some services, you can log in via web interface, but that’s not as seamless as either a desktop app or browser extension.

Biometric login

Mark Hachman / Foundry

Third, I enable biometric login for Windows when possible. On desktop PCs, this can be harder, since you’ll need to obtain your own Windows Hello–compatible webcam and/or fingerprint reader. But on a laptop, there’s a decent chance the built-in webcam will support Windows Hello face recognition.

Unless you have concerns about your system falling into the hands of government officials (like if you travel to sensitive areas), a biometric login will generally be more secure than using a password or PIN to regularly unlock your PC. For example, someone can’t watch over your shoulder to see what you’re typing in while in a public area. It also can reduce the difficulty for login for less tech-savvy users. Save the password in a secure manner (you don’t want to forget it!), then use biometric login for simpler access. That’s much better than no password or a very weak password to secure the PC.

Disk encryption

Chris Hoffman / Foundry

Finally, I verify a new computer’s encryption settings. This is a quick two-step process: First, I like to ensure encryption is enabled in Windows, especially if the machine is a laptop or even a mini-PC, as they’re easier to steal. If the data on the PC is encrypted, then that can’t be searched through easily (and no sensitive files are immediately at risk). The encryption key would be required to make use of the data.

If you log into a Windows PC using a Microsoft account, it should automatically enable Disk Encryption. Windows Home users won’t be able to tweak the settings, while Windows Pro users can through BitLocker. However, I’ve found that the encryption isn’t always automatically activated, so it’s worth double-checking.

Next, if disk encryption is active, I also check the Microsoft account (or have the PC’s owner check their account) to see if the encryption key is saved. You can do so by heading to https://aka.ms/myrecoverykey in a browser. Alternatively, if you’re a Pro user, you can just open BitLocker on your PC, where you back up your recovery key. This will give you more control where it’s stored—so you can save it to a different cloud account or on a local backup drive, etc.