Safe Browsing Practices for Windows Users (2025 Guide)

Introduction

Here’s something I learned after 10+ years in cybersecurity: most malware infections don’t happen because hackers found some sophisticated vulnerability in your system. They happen because you accidentally let them in while browsing the web.

Think about it—when was the last time you heard about someone getting hacked versus someone who clicked a sketchy download link or fell for a convincing phishing email? The web browser is the primary entry point for malware, not some mysterious backdoor exploit.

The good news? Safe browsing practices don’t require technical expertise. You don’t need to understand how DNS works or what a SQL injection is. You just need to develop a few consistent habits that become second nature.

In my security consulting work, I’ve seen the same patterns over and over: people who follow basic safe browsing practices almost never get infected with malware. Those who don’t? They’re in my office every few months dealing with cleanup.

This guide is part of our Windows Security & Protection Guide, covering malware defense, privacy controls, authentication, and safe browsing practices.

This guide will show you exactly what those safe browsing practices are—focused on the 2025 browser landscape and the modern threats you actually face today. No paranoia, no complicated procedures. Just practical habits that work.

---

Recognizing Malicious Websites

Let’s talk about the red flags that should immediately make you suspicious of a website. Once you know what to look for, malicious sites become surprisingly obvious.

URL Inspection: Your First Line of Defense

Think of the URL like an ID card. You wouldn’t trust someone whose driver’s license said “Johhn Smithh” instead of “John Smith,” right? Same principle applies to website URLs.

Watch for these URL red flags:

• Misspellings: microsfot.com instead of microsoft.com, paypa1.com instead of paypal.com
• Extra words or characters: secure-paypal-login.com, microsoft-support-center.net
• Wrong top-level domain: Known company using .net when their real site is .com
• Excessively long URLs: Legitimate sites don’t need 50-character URLs with random numbers
• HTTP instead of HTTPS: For any site where you log in or enter sensitive information

Pro tip: Hover over links before clicking them. The preview shows you the actual destination URL, which might be completely different from what the link text says.

Visual Warning Signs

Beyond the URL, malicious websites often have telltale visual indicators:

• Poor grammar and spelling throughout (legitimate companies proofread)
• Excessive pop-ups that appear immediately
• Urgent warnings (“Your PC is infected! Click here NOW!”)
• Too-good-to-be-true offers ($1,000 gift card for a 30-second survey)
• Requests for unusual information (why would a news site need your Social Security number?)

Browser Security Warnings: Don’t Ignore Them

Modern browsers (Microsoft Edge, Google Chrome, Firefox, Brave) all have built-in protection that warns you about known malicious sites. These warnings look like:

• “This site is not secure” or “Not Secure” in the address bar (HTTP site)
• “Deceptive site ahead” (Google Safe Browsing detected phishing)
• “This site has been reported as unsafe” (Microsoft SmartScreen warning)

My rule: If something feels off—URL looks weird, page has grammatical errors, offer seems too good—trust your instincts. Close the tab. There’s no penalty for being cautious, but there’s a big penalty for ignoring red flags.

---

Safe Download Practices

This is where most infections happen: downloading software from unsafe sources. Let me show you my download workflow that I’ve used for years without a single infection.

Download Only from Trusted Sources

Official developer websites are your safest bet. When you need software:

1. Google “[software name] official website”
2. Verify the URL matches the known domain (check carefully—scammers buy similar domains)
3. Download only from that official source
4. Scan the file before running it

Microsoft Store is another safe option. Apps are vetted before being listed, which significantly reduces malware risk.

Sources to Avoid

Here’s the thing about third-party download sites: some used to be reputable but have changed over the years. Others were never trustworthy.

Avoid these sources:

• Sites with multiple “Download” buttons (most are ads leading to malware, not your actual file)
• Torrent sites (piracy equals malware risk—you’re downloading from strangers)
• Third-party app stores (unvetted software)
• Softonic, Download.com (history of bundling unwanted software)

The Download Verification Process

After downloading, before running the file:

1. Check the file extension: Should be .exe or .msi for Windows programs, .zip for archives
2. Scan with Windows Defender: Right-click the file → “Scan with Microsoft Defender”
3. Read installer prompts carefully: Decline any bundled software, toolbars, or “recommended” offers

Common bundled malware types to watch for:

• Browser toolbars
• Search engine changers
• PC “optimizer” utilities
• Fake antivirus software

Here’s my download workflow in practice:

Let’s say I need 7-Zip (a file compression tool). I Google “7-zip official website,” verify I’m on 7-zip.org (not 7-zip-downloads.com or some variant), download from there, scan the file, and watch the installer carefully. That’s it. Simple, but effective.

---

Browser Security Settings

Your browser is your first line of defense online. Spending 5 minutes configuring security settings prevents hours of malware cleanup later.

Let me walk you through the essential settings for the major browsers in 2025.

Microsoft Edge Security Settings

1. Open Settings → Privacy, search, and services
2. Enable SmartScreen: Blocks malicious sites and downloads (should be on by default)
3. Enable “Block potentially unwanted apps”: Catches bundled software
4. Tracking prevention: Set to “Balanced” or “Strict”

Google Chrome Security Settings

1. Settings → Privacy and security
2. Enable Safe Browsing: Choose “Standard” or “Enhanced” protection
3. Enable “Use secure DNS”: Adds another layer of protection
4. Optional: Disable autofill for sensitive data (passwords, payment info)

Firefox Security Settings

1. Settings → Privacy & Security
2. Enhanced Tracking Protection: Set to “Strict”
3. Enable HTTPS-Only Mode: Forces secure connections when available
4. Enable “Block dangerous and deceptive content”: Uses Google Safe Browsing

Universal Browser Security Recommendations

Regardless of which browser you use:

• Keep it updated: Enable automatic updates (critical security patches)
• Use a strong master password: If your browser saves passwords, protect that database
• Review extensions quarterly: Remove ones you don’t actively use (more on this below)
• Configure Windows privacy settings: Browser privacy works alongside system-level privacy controls - see our Windows 11 privacy settings guide to configure what information Windows shares
• Enable Windows Defender: Your browser’s security features work best alongside comprehensive antivirus protection - see our Windows Defender setup guide for proper configuration

My browser security philosophy: Your browser is the gateway to everything you do online. Malicious sites, phishing attempts, drive-by downloads—your browser’s security settings are what stand between you and those threats. Configure it properly once, and it protects you automatically from that point forward.

---

Extension and Add-on Safety

Let me be direct: every browser extension is a potential security risk.

That doesn’t mean you shouldn’t use extensions—I use 3-4 essential ones myself. But you need to be selective about what you install and what permissions you grant.

Extension Security Checklist

Before installing any extension, verify:

• ✓ From official store (Chrome Web Store, Edge Add-ons, Firefox Add-ons)
• ✓ High rating (4+ stars minimum)
• ✓ Many users (10,000+ users suggests it’s been vetted by the community)
• ✓ Recent updates (actively maintained, not abandoned)
• ✓ Reputable developer (recognized name or verified publisher)
• ✓ Minimal permissions (does it really need to “read and change all your data”?)

Recommended Security Extensions

These are the ones I actually use and trust:

• uBlock Origin: Ad blocker that reduces malware exposure (malicious ads are a real threat). Note: Chrome users should verify uBlock Origin is compatible with Manifest V3 extensions—look for “uBlock Origin Lite” if the standard version isn’t available.
• HTTPS Everywhere: Forces HTTPS connections when available. Update: This extension has been deprecated by the EFF as of January 2022 since major browsers now have built-in HTTPS-only modes. Use your browser’s native HTTPS-only mode instead (Firefox: Settings > Privacy & Security > HTTPS-Only Mode; Edge/Chrome: Settings > Privacy and security > Security > Always use secure connections).
• Privacy Badger: Blocks trackers

Extensions to Avoid

• Free VPN extensions: Many sell your browsing data (ironic, right?)
• Unknown ad blockers: Some inject their own ads instead of blocking them
• Extensions requesting excessive permissions: If a simple calculator needs access to all your browsing data, that’s a red flag

Quarterly Extension Audit

Every 3 months, I review my extensions:

1. Remove ones I haven’t used
2. Check if any have been sold to new owners (this happens—extensions get bought and malware gets added)
3. Verify they’re still actively maintained
4. Research any that request new permissions

My extension rule: Only install extensions you truly need. Each one is another potential security risk. I keep 3-4 maximum and audit them quarterly.

---

Recognizing Phishing Attempts

Think of phishing like a con artist pretending to be your bank. They’re not hacking into your computer—they’re tricking you into giving them your information voluntarily. That’s why technical solutions alone won’t protect you. You need to recognize when something doesn’t look right.

Email Phishing Red Flags

Sender analysis:

• Email address doesn’t match company domain (paypal@gmail.com instead of @paypal.com)
• Odd sender name (“PayPal Security Team” from a personal email account)
• First-time sender claiming to be a company you’ve worked with for years

Message content:

• Urgent language (“Act now or your account will be closed!”)
• Threats (suspension, legal action, locked account)
• Requests for password, credit card, or Social Security number
• Generic greeting (“Dear Customer” instead of your actual name)
• Grammatical errors and awkward phrasing

Link and attachment warnings:

• Unexpected attachments (especially .zip, .exe, .js files)
• Links that don’t match the stated destination (hover to preview the URL)
• Shortened URLs hiding the actual destination

What to Do If You Receive a Suspicious Email

1. Don’t click any links
2. Go to the company’s website directly (type the URL or use your bookmarks)
3. Call the company using the official number from their website (not a number in the email)
4. Report it as phishing (Outlook has a “Report Phishing” button)

Real-world example: You get an email saying your Amazon account has suspicious activity. Instead of clicking the link in the email, you open a new browser tab, go to Amazon.com directly, and check your account. If there’s really an issue, it will show there.

---

Social Media and Public WiFi Safety

Let’s cover two areas where safe browsing practices are especially important.

Social Media Risks

Social media platforms are prime targets for scammers because of the trust factor. You’re more likely to click a link from what appears to be your friend.

Common threats:

• Fake friend requests (someone clones your friend’s profile and friends all their contacts)
• Malicious links in messages (“Is this you in this video?”)
• Quizzes and apps requesting excessive permissions (access to your contacts, posts, messages)
• Scam ads (especially prevalent on Facebook—fake product ads, fake celebrity endorsements)

Safety practices:

• Verify friend requests (check mutual friends, account creation date, profile history)
• Don’t click links from unexpected messages (even from friends—their account might be compromised)
• Review app permissions regularly (Settings → Apps on most platforms)
• Use privacy settings to limit what’s publicly visible

Public WiFi: Be Cautious, Not Paranoid

Here’s my take on public WiFi: it’s fine for general browsing, but not for sensitive activities.

Think of public WiFi like speaking in a crowded coffee shop. General conversation? Fine. Discussing your bank account details? Probably not the best place.

Risks of public WiFi:

• Unencrypted traffic can be intercepted
• Fake WiFi hotspots (someone sets up “Starbucks_Free_WiFi” to steal data)
• Man-in-the-middle attacks

Safe public WiFi practices:

1. Only use HTTPS sites (look for the padlock icon)
2. Avoid banking, shopping, or sensitive work on public WiFi
3. Use a VPN if available (encrypts all your traffic)
4. Forget the network after use (don’t auto-connect in the future)
5. Disable file sharing (Settings → Network → turn off file/printer sharing)

My public WiFi rule: Public WiFi is fine for reading news, browsing social media, or general research. For banking, shopping, or anything involving passwords and sensitive data, wait until you’re on a trusted network or use a VPN.

Firewall protection on public networks: When connecting to public WiFi, ensure Windows Firewall is configured properly to block unauthorized incoming connections. See our Windows Firewall configuration guide for step-by-step instructions on setting network profiles and security rules.

---

Password and Account Security While Browsing

Safe browsing extends to how you handle passwords and account access online.

Never Do These Things

• Use the same password across multiple sites (if one gets breached, all are compromised)
• Save passwords in browser on shared or public computers (anyone can view them)
• Click “Forgot password” links in emails (go to the site directly instead)
• Share passwords via email or chat (these are usually unencrypted)

Best Practices

• Use a password manager - We recommend Bitwarden for free password management with excellent security features. Read our Bitwarden review for detailed analysis of its features and security.
• Enable two-factor authentication (especially for email, banking, social media) - see our two-factor authentication setup guide for step-by-step instructions
• Use unique passwords for each site (password manager generates these)
• Use your browser’s password generator for strong random passwords

For a comprehensive comparison of password managers including features, security, and pricing, see our best password managers guide.

My password philosophy: Reusing passwords is like using the same key for your house, car, and office. If someone steals that key, everything is at risk. Password managers solve this by generating and storing unique passwords for every site.

If You Clicked a Phishing Link

Don’t panic. Here’s what to do:

1. Don’t enter any information (if you already did, that’s when damage occurs)
2. Close the browser immediately
3. Run a malware scan (Windows Defender Quick Scan)
4. Change your password (if you entered it anywhere—use a different device if possible)
5. Monitor your accounts for unusual activity over the next few weeks

Clicking a link alone usually isn’t harmful. It’s entering information that causes problems.

---

Conclusion

After years in cybersecurity, I’ve learned that safe browsing isn’t about perfect security—it’s about consistent habits.

The practices that prevent the vast majority of browser-based threats:

• Verify URLs before clicking (especially for banking, shopping, email)
• Download only from official sources (and scan before running)
• Configure browser security settings (SmartScreen, Safe Browsing, HTTPS-Only Mode)
• Be skeptical of urgent emails and messages (phishing relies on urgency)
• Use HTTPS sites, especially on public WiFi
• Use a password manager and enable two-factor authentication
• Keep your browser updated (automatic updates enabled)

You don’t need to be paranoid about online threats. You just need to be aware.

Think of it like driving—you don’t live in fear of accidents, but you wear a seatbelt, check your mirrors, and follow traffic rules. Safe browsing practices are the same: simple, consistent habits that dramatically reduce your risk.

Start with the basics I’ve outlined here. Make them routine. That’s the foundation of staying safe online.

For more security strategies including antivirus configuration and privacy controls, explore our comprehensive Windows Security Guide.

---

Frequently Asked Questions

How can I tell if a website is safe?

Check for several indicators:

HTTPS: Look for the padlock icon in the address bar (means traffic is encrypted)

Correct URL: Verify there are no misspellings, extra words, or suspicious characters. Be especially cautious of “typosquatting”—domains like microsfot.com instead of microsoft.com or paypa1.com instead of paypal.com.

Professional design: Legitimate companies invest in professional website appearance and proper grammar

Contact information: Real businesses provide support details, physical address, phone number

No excessive pop-ups: Legitimate sites don’t bombard you immediately with warnings or offers

If you’re unsure about a site, Google the site name + “scam” or “safe” to see what others have reported. Reviews and discussion forums often expose fraudulent sites quickly. Trust your browser’s security warnings—if Edge SmartScreen or Chrome Safe Browsing displays a warning, take it seriously.

Is it safe to use browser password managers?

Modern browsers (Chrome, Edge, Firefox) have decent password managers with encryption. They’re significantly better than using the same password everywhere or writing passwords down.

However, dedicated password managers offer better security:

• Cross-platform sync (works on phone, tablet, computer)
• Better encryption (AES-256 standard with master password protection)
• Regular security audits (companies like Bitwarden publish third-party audit results)
• Password breach monitoring (alerts you if your passwords appear in data breaches)
• More features (password generator, secure notes, 2FA support, security analysis)

For convenience plus security, I recommend a dedicated password manager like Bitwarden or 1Password over your browser’s built-in option. But if you’re currently reusing passwords, even your browser’s password manager is a huge improvement. Note that NIST now recommends passwords of 16-20 characters minimum for better security in 2025.

Should I enable browser autofill for payment methods and addresses?

Browser autofill is convenient but comes with security trade-offs you should understand.

Security risks of autofill:

• Hidden form fields: Malicious sites can create invisible form fields that your browser automatically fills, exposing your data without your knowledge
• Physical access: Anyone who gains access to your device can view all saved autofill information in browser settings
• Malware targeting: Some malware (like RedLine Stealer or Raccoon Stealer) specifically targets browser autofill data
• Public/shared computers: Never enable autofill on computers others have access to

Safer approach:

• Disable autofill for sensitive data (credit cards, Social Security numbers, addresses)
• Type payment information manually when making purchases (or use PayPal/Apple Pay as intermediaries)
• Enable autofill only for non-sensitive data (shipping addresses for low-risk purchases)
• Use a password manager instead for login credentials (they only fill on verified domains, not spoofed sites)

One security benefit: If your device has a keylogger installed, autofill prevents the keylogger from capturing what you don’t type. But the malware risk to stored data usually outweighs this benefit.

My recommendation: Disable autofill for credit cards and sensitive personal information. The few seconds you save aren’t worth the security risk, especially if you browse on public WiFi or shared devices.

What should I do if I think I clicked a phishing link?

First: don’t panic. Clicking a link alone usually isn’t harmful. The damage happens when you enter information.

Immediate steps:

1. Don’t enter any information (if you haven’t already)
2. Close the browser tab immediately
3. Run a malware scan (Windows Security → Quick Scan)
4. Change your password (if you entered it—use a different device if possible)
5. Monitor your accounts for unusual activity over the next few weeks
6. Enable two-factor authentication (if you haven’t already)

If you entered sensitive information:

• Contact your bank immediately (if you entered card/banking info)
• File a fraud alert with credit bureaus (if you entered Social Security number)
• Document everything (screenshots, dates, what information was compromised)

Most phishing attempts can be stopped with quick action. The key is recognizing it quickly and changing passwords before the attacker can access your accounts. If you suspect malware was downloaded, see our guide on how to identify and remove malware for comprehensive cleanup steps. For additional account security, enable two-factor authentication on all critical accounts.

Are popup warnings saying my computer is infected legitimate?

No. These are scams 99.9% of the time. These fake virus alerts (also called “scareware”) are designed to frighten you into calling fake tech support or downloading actual malware.

How to recognize fake virus warnings:

• Popup windows (not from your actual antivirus software)
• Audio warnings (“Your computer is infected!” with alarm sounds)
• Phone numbers to call (legitimate antivirus software never provides support numbers in warnings)
• Countdown timers (“You have 5 minutes to fix this!”)
• Grammar and spelling errors
• Won’t let you close the window (appears to hijack your browser)

What to do if you see one:

1. Don’t call any phone numbers provided
2. Don’t download any “fix” tools they recommend
3. Close the browser tab (Ctrl+W or click X)
4. If the window won’t close: Force quit your browser (Ctrl+Shift+Esc → Task Manager → End Task)
5. Run a legitimate scan with Windows Defender to verify your system is actually clean
6. Clear your browser cache (Settings → Privacy → Clear browsing data)

Real antivirus warnings look different:

• Appear in Windows notifications (bottom-right corner of screen)
• Come from Windows Security or your actual installed antivirus
• Never include phone numbers or countdown timers
• Provide specific malware names and file locations

If you see a popup claiming your computer is infected, it’s the popup itself that’s the threat—not your computer. Just close it and run a real scan with Windows Defender to confirm you’re safe.

Are all HTTP sites dangerous?

Not dangerous, but not secure. There’s an important distinction.

HTTP means traffic isn’t encrypted—anyone on the network can see what you’re viewing and any information you enter. Think of it like sending a postcard instead of a sealed letter.

HTTP is acceptable for:

• Reading public information (news articles, blog posts)
• General browsing with no login required
• Viewing content that isn’t sensitive

Avoid HTTP for:

• Banking or shopping (entering payment information)
• Logging into any accounts
• Entering personal information (name, address, phone number)
• Anything you wouldn’t want visible to everyone on your network

Most legitimate sites use HTTPS now. If a banking site or shopping site uses HTTP in 2025, that’s a major red flag—avoid it entirely. Enable HTTPS-Only Mode in your browser (available in Firefox, Edge, and Chrome) to automatically enforce secure connections whenever possible.

Can I get malware just by visiting a website?

Rarely, but yes. These are called “drive-by downloads,” where malicious code exploits browser vulnerabilities to install malware without your interaction.

Here’s the thing: Modern browsers (Chrome, Edge, Firefox, Brave) with security features enabled block the vast majority of these attacks. Browser makers patch vulnerabilities quickly, which is why keeping your browser updated is critical.

To stay protected from drive-by downloads:

• Keep your browser updated (enable automatic updates—this is crucial)
• Don’t allow sites to run plugins without verification (Flash, Java, etc.—mostly obsolete now)
• Enable SmartScreen or Safe Browsing (blocks known malicious sites)
• Avoid high-risk websites (piracy, illegal streaming, gambling sites have higher malware risk)

If your browser is up to date and SmartScreen/Safe Browsing is enabled, drive-by downloads are extremely rare. The bigger threat remains clicking malicious download links and running files yourself. According to current statistics, nearly 80% of malware infections come from user actions (downloading and running files) rather than automatic drive-by exploits.

How often should I update my browser and why does it matter?

Enable automatic updates and let your browser update itself. You shouldn’t need to think about this—it should happen in the background.

Why browser updates are critical for security:

• Security patches: Browser updates fix vulnerabilities that hackers actively exploit. Many cyberattacks target out-of-date browsers with known weaknesses.
• Protection against drive-by downloads: Updated browsers can defend against malicious code on compromised websites.
• Improved phishing detection: Updates enhance Safe Browsing/SmartScreen databases to recognize more phishing sites.
• Bug fixes: Updates resolve crashes and performance issues that could be exploited.

How to verify automatic updates are enabled:

Microsoft Edge: Settings → About Microsoft Edge (updates automatically when you check)

Google Chrome: Settings → About Chrome (updates automatically when you check)

Firefox: Settings → General → Firefox Updates (select “Automatically install updates”)

How often do browsers update? Major browsers release security updates every 1-2 weeks when vulnerabilities are discovered, with major version updates every 4-6 weeks. You don’t need to track this manually—automatic updates handle it.

If you see “Update available” or “Restart to update”: Do it immediately. That update likely includes critical security fixes. Delaying updates leaves your browser vulnerable to known exploits.

My recommendation: Check your browser’s “About” section right now to verify automatic updates are enabled. Then forget about it and let the browser maintain itself.

Should I use a VPN for safer browsing?

VPNs encrypt your traffic, which adds privacy but doesn’t necessarily add security from malware or phishing.

VPNs are useful for:

• Public WiFi (hides your traffic from others on the network)
• Hiding browsing from your ISP (they can’t see which sites you visit)
• Accessing region-locked content (appears you’re browsing from a different country)
• Countries with internet censorship

VPNs do NOT protect against:

• Phishing (you can still click a phishing link through a VPN)
• Malware downloads (a malicious file is still malicious through a VPN)
• Social engineering (VPNs don’t stop you from giving away information)
• Complete anonymity (VPN provider can still see your traffic)

My recommendation: If you regularly use public WiFi, a VPN is valuable. If you’re mostly browsing from home on HTTPS sites, your money is better spent on a password manager and a good backup solution.

VPNs add privacy (hiding your activity), not security from threats. For safe browsing, the habits I’ve outlined in this guide matter far more than a VPN.

How often should I review my browser extensions?

Every 3 months (quarterly). Extensions pose ongoing risks that require monitoring.

Why quarterly reviews matter:

Extensions can get sold to new owners who add malware or data collection. An extension that was safe when you installed it might not be safe now.

Extensions can get compromised through security vulnerabilities or account takeovers.

Extensions may request new permissions that expand what data they can access.

Even safe extensions can slow down your browser over time, especially if you accumulate many.

My quarterly extension audit process:

1. Review all installed extensions (Chromium browsers: chrome://extensions, Firefox: about:addons)
2. Remove extensions I haven’t actively used in the past 3 months
3. Check if any have been sold (Google the extension name + “sold” or “acquired”)
4. Verify they’re still maintained (recent update within the past year)
5. Research any requesting new permissions (decline if it seems excessive)

I keep only 3-4 essential extensions and review them every quarter. This balance minimizes security risk while keeping the functionality I actually need.

Note for Chrome users: Google Chrome transitioned to Manifest V3 in 2024, which changed how extensions work. Some popular extensions like uBlock Origin have “Lite” versions for Manifest V3 compatibility. When reviewing extensions, verify they’re compatible with your browser’s current version.

What should I do when using a shared or public computer?

Public computers (libraries, hotels, internet cafes) require extra caution since you can’t control their security or who used them before you.

Essential safety practices:

• Never save passwords (uncheck “Remember me” on login forms)
• Always log out (don’t just close the browser—explicitly log out of accounts)
• Use private/incognito mode (Ctrl+Shift+N in Chrome/Edge, Ctrl+Shift+P in Firefox)
• Clear browsing history before leaving (Ctrl+Shift+Delete → Clear All)
• Avoid sensitive activities (banking, shopping, accessing work accounts)
• Don’t enter credit card information (assume keyloggers might be present)
• Check for shoulder surfing (people watching your screen)

After using a shared computer:

• Change passwords on your own device if you logged into important accounts
• Monitor accounts for unusual activity over the next few days
• End active sessions (most services like Gmail have “sign out all devices” options)

Better alternatives:

• Use your smartphone with mobile data instead of public computers when possible
• Bring your own device (laptop, tablet) and use public WiFi with a VPN
• Use your phone as a hotspot rather than public WiFi if you need to use your laptop

My rule for shared computers: Only use them for general browsing (reading news, looking up information). Never use them for anything that requires a password or involves personal information. If you must log in, treat those passwords as compromised and change them as soon as you get home.