You don’t have to spend a lot of money for online security tools. In fact, you don’t have to spend a single cent to stay secure. There are a lot of great security tools that we recommend — features built into Windows, trustworthy free downloads, and protection practices that won’t cost you anything at all.
We do recommend a variety of premium antivirus software, password managers, VPN services, and Windows backup tools. But you don’t need any paid offerings to stay safe online — you can get all the security you need for free.
Antivirus software is an essential security tool on any PC. Even if you’re careful, applications you trust could have security flaws that open your PC to attack. Malware could get onto your PC due to a flaw in your web browser or even a developer’s account falling prey to criminals on a platform like Steam.
If you’re using a modern Windows PC running Windows 10 or Windows 11, good news: You already have an antivirus program installed, even if you’ve never thought about it. It’s called Microsoft Defender and is part of the Windows Security suite of software. It works well as baseline protection, but it’s not particularly feature-packed. Still, it’s nice that it doesn’t try to upsell you to a paid antivirus tool.
Chris Hoffman/IDG
Chris Hoffman/IDG
Chris Hoffman/IDG
Want to try a different antivirus? We can recommend quite a few other high-quality free antivirus programs, including Avast Free Antivirus. Paid antivirus suites pack in additional features — they may bundle their own password manager, VPN, and even backup tools — but free antivirus programs will scan your PC for malware in the background and keep it safe.
You don’t have to pay for capable antivirus software. That’s an antivirus myth.
We often recommend premium password managers that cost money, and those paid password managers often have more polished interfaces. But you can get a free, high-quality, secure password manager so you can generate, store, and access all your passwords on all your devices.
Our top choice for a free password manager is Bitwarden. It’s not just free — it’s open-source. You get browser extensions for all popular browsers, apps for everything from Windows PCs and Android phones to Linux systems and iPhones, cloud syncing, sharing with one other person, and two-step authentication to protect your passwords — all for free.
Bitwarden’s Premium plan adds some nice-to-have features like file attachments, emergency access to your account, and security reports — but they’re not essential, and they’re just $10 a year if you decide you want them in the future.
There are other options, too. KeePassXC is free, open-source, and a very traditional experience. It stores your password database locally on your own device so there’s no cloud syncing. It’s not what we’d recommend to most people, but some people will prefer this type of thing.
Also, web browsers now often have solid password managers built in — and they’re free. For example, Google Chrome has a capable password manager that doesn’t require installing any extra software. If it feels right to you, you shouldn’t feel bad about using your web browser’s password manager.
Two-factor authentication, also known as two-step authentication, is an important tool for keeping your accounts safe — even if you use a password manager. If an attacker gets your password somehow, they still won’t be able to sign in with your two-factor authentication code.
Paid password managers often have built-in code generators as a convenience feature. But you don’t need that kind of feature built into your password manager of choice.
To generate app-based 2FA codes, you can use an app like Google Authenticator, which is our favorite 2FA authentication app. It’s completely free and available for both Android phones and iPhones. Just use it when setting up two-factor authentication with your accounts.
Ransomware is one of the most dangerous threats out there. While you can get expensive tools that promise ransomware protection, you can also turn on the ransomware protection built into Windows.
This feature may be a little annoying to use. You’ll have to go out of your way to allow apps access to locations like your Documents folder when they need it. That’s the tradeoff you make if you want to control which apps have access to these sensitive locations.
Of course, your antivirus already protects against known ransomware — but antivirus software isn’t perfect.
Backups are a critical part of any online security strategy. They won’t just protect you if ransomware locks up your files or malware takes over your PC and you have to wipe it — they’ll protect your important data if you lose your laptop or your PC stops working for whatever reason.
While there’s a lot of paid backup software we like — and cloud backup tools that automatically back up to a remote server — there are lots of good free backup tools, too.
We recommend Fbackup 9 as our favorite free backup tool here at PCWorld, and you can also use the File History feature built into Windows 10 and Windows 11. You’ll just need a location to back up to — an external hard drive, for example, or a network share on a network attached storage (NAS) device.
If you’re looking to get some peace of mind from cloud backups, you can also use the OneDrive storage Microsoft provides for free — you get 5GB of storage for free with every Microsoft account. Additionally, if you pay for a Microsoft 365 subscription, you get a whopping 1TB of storage you can store files in.
Chris Hoffman/IDG
Chris Hoffman/IDG
Chris Hoffman/IDG
People always say that “the best things in life are free.” Likewise, the best ways to beat phishing and other scams are also free.
Yes, you can pay for security suites that provide phishing protection, attempting to warn you when you visit scam websites and see phishing emails. But you already have a lot of these protections: Your web browser has built-in protection against phishing websites, for example, and the email service you use attempts to file away all the phishing emails you can into your spam folder so you never see them.
Be sure to watch out for scams and avoid clicking links in suspicious emails. If your boss contacts you via text and asks for a pile of gift cards on the company card, be suspicious! Don’t provide sensitive personal details to anything that isn’t trustworthy.
A password manager can help you avoid phishing sites, too: If you always use a password manager to enter your online banking password, for example, you’ll know something is up if you somehow end up on a phishing website impersonating your bank’s website. Your password manager won’t auto-fill those details on an imposter website.
VPNs aren’t the ultimate, one-step solution to online security — despite some of the marketing you may see online. Still, they can provide some extra privacy and are useful in certain situations. For example, public Wi-Fi isn’t as dangerous as it once was, but you may still want a VPN for public Wi-Fi networks that you don’t fully trust.
Free VPNs are easy to find, but you shouldn’t trust most of them. Free VPNs have drawbacks. Many free VPNs may sell your data or do other sketchy things to pay the bills. Even the best free VPNs may not provide enough bandwidth to stream another country’s Netflix library, for example. Or, they may limit you to a certain amount of data each month. Still, they should be great for using public Wi-Fi in a pinch.
We’ve got a list of free VPNs PCWorld trusts. You don’t have to pay to use a decent VPN, but be sure to pick a trustworthy one.
The complete package of useful security tools we recommend above are all available for a grand total of zero dollars and zero cents.
Of course, you can spend money on security software if you like! The premium applications we recommend often have extra features, sleeker interfaces, and other goodies. But you can get a complete layer of online protection without shelling out a single cent.
