4 easy ways I make Windows 11 more secure (but still usable)

Turning on Windows Hello

Plus a few related settings

If you're not already using Hello (Microsoft's biometric login tech), it may be because you're suspicious. Some people worry that they're handing over their face or fingerprints to Microsoft, or simply that it's all just for convenience, since the tech defaults to PIN entry if a bio scan fails. In reality, Hello is one of the better defenses you can enable on your PC, simply because it attaches authentication to your hardware. Your biometric data is stored locally in an encrypted space, usually on a Trusted Platform Module chip. It doesn't leave your PC, and that backup PIN is also local -- there shouldn't be any way to get into your PC remotely unless you've specifically allowed it.

In reality, Hello is one of the better defenses you can enable on your PC, simply because it attaches authentication to your hardware.

That's not to say Hello makes a PC bulletproof by any means, just a harder target to crack. In fact, it's important to combine Hello with some other security practices, such as setting a PIN that's at least six digits long and difficult to guess or brute-force. Indeed, you should also set Windows to sleep or lock automatically after a short amount of inactivity, since there's not much point to the feature if your computer is sitting exposed without your supervision. Go to Settings > System > Power & battery to change sleep settings.

Depending on the other devices you own, you might want to combine Hello with an option called Dynamic Lock. This auto-locks your PC if a paired phone falls out of Bluetooth range -- so, if someone grabs your laptop and runs, they're going to find themselves at the Hello login screen once they finally catch their breath. Go to Settings > Accounts > Sign-in options for this one.

Turning on all of Windows Security's real-time features

Catching problems before they start

It used to be that real-time antivirus tools were a huge burden on your PC if you were doing anything demanding at the same time, like playing a 3D action game. Now, though, any modern PC should be fast enough to handle real-time scanning without breaking a sweat, at least if it's using a recent AMD or Intel processor, and you've got 16GB or more of RAM. In fact, Windows Security's main option -- Real-time protection, under the Virus & threat protection settings menu -- can only be disabled temporarily or until a third-party app takes over. That makes sense, since a lot of malware will wreak havoc the second it bypasses your defenses.

I tend to classify a few other options under the "real-time" umbrella. Those include things like Tamper Protection, which prevents malware from disabling security features, as well as Ransomware Protection's Controlled folder access option. You may need to choose these folders manually, but that's a small trade-off given how serious ransomware can be.

I'd also suggest turning on all the firewalls listed under Firewall & network protection. You'll have to whitelist some apps for them to work properly, such as online games, but a firewall can block a lot of malware before it poses any serious danger.

Installing Windows and browser updates ASAP

Within reason, that is

It's bad practice to postpone manual Windows updates until there's no choice. Malware creators are constantly searching for new software vulnerabilities, so the longer you put off a big update, the more likely it is one of those vulnerabilities will impact you. Windows does install a lot of security-related patches automatically -- but that can only go so far if you're on an older version of Windows itself. As a rule, I tend to check Windows Update at least once per week, and install any major version updates within a day or two of their release. That gets me up to speed reasonably quickly while giving me the chance to scan forums and news sites for problems.

It's almost more important that you keep your web browser updated, since malicious websites are usually the main vector for malware. I'm so paranoid about this that I tend to check for Google Chrome update every few days. Really, you should frequently update any app that goes online, but the odds are very low that you're going to be attacked through PUBG or Adobe Photoshop. After your browser, the next most important app to keep current is probably your email client.

Using Find my device

Consider other tracking tools, too

This is a feature you never want to use, but PCs do get lost or stolen sometimes, and the only hope of recovery may be some form of device tracking. Windows 11's built-in option for this is found under Settings > Privacy & security > Find my device. When it's active, your PC will update its location whenever it connects to the internet, sharing that exclusively when you log into the Devices tab at account.microsoft.com. Any wise thief will immediately try to scrub your PC, if possible -- but all it takes is a brief window for your machine to deliver a rough location. If it's still online and using your Microsoft account, you can trigger a remote Lock command.

Get the best location data you can, and share it with local police, including any other details that might identify a suspect and where they went.

Should you not trust Microsoft, or you need more comprehensive tracking, third-party options are available. One affordable option is to insert a Bluetooth tracker into your laptop bag, or your tower if you've got a desktop PC. This does need to be well-hidden, but you'll get more precise location data as long as the tracker is within range of compatible devices that can echo its location. AirTags, for example, will automatically broadcast their location when they pass an iPhone, iPad, or Mac with Find My enabled. The better Android-based trackers support Google's Find Hub.

Remember, if your PC is stolen, it's important to act fast. Get the best location data you can, and share it with local police, including any other details that might identify a suspect and where they went. There's no guarantee that you'll get your machine back, but it is possible.