Skip to content
Breachfolio
Hero illustration for: Cybersecurity acronyms, decoded.
FAQ RESOURCES

Frequently asked questions.

Direct answers about Breachfolio itself, and quick answers to the security questions people ask most.

7 min read Breachfolio Research

Two kinds of questions land here: what people ask about Breachfolio itself, and the handful of security basics that come up over and over, in slightly different words, everywhere else on the internet. Short, direct answers to both, with links to the longer version where one exists.

About Breachfolio

Is Breachfolio free to use?

Yes. Every guide, lab, and comparison is free to read, with no paywall, no account, and no email required to access the content itself.

How does Breachfolio make money?

Through a free newsletter and clearly-labelled display advertising sold via a third-party network. Vendors cannot pay for a rating, a quadrant position, or an editorial mention — that's stated on the Disclosures page, and it applies on every page, not just the ones about it.

Does Breachfolio sell my data or track me across the newsletter?

No trackers are placed in the newsletter emails themselves, and the subscriber list isn't sold. See the Privacy page for the full policy.

Are the hands-on labs legal and safe to follow?

Yes, as written. Every lab on Breachfolio targets intentionally vulnerable software — Metasploitable 2, DVWA, and similar — that you download and run yourself on an isolated, host-only network you control. Nothing in a lab reaches outside that network. What turns the exact same techniques illegal is running them against a system you don't own and don't have explicit authorization to test — that line doesn't move, regardless of intent.

Is Breachfolio affiliated with any vendor, government agency, or security company?

No. Breachfolio is independent, and that independence is what the Disclosures page exists to make concrete rather than just claim.

How often is content updated?

Comparisons carry a version number, and when a test plan changes, prior comparisons are re-run and the diff is published rather than silently edited — that's covered on the Methodology page. News and guide content is added on an ongoing basis as new scams and tools become worth covering.

Quick security answers

Do I really need antivirus software?

On Windows, yes at minimum — Microsoft Defender ships built-in, is enabled by default, and performs well in independent testing, so there's rarely a reason to turn it off even if you don't add anything else. On Mac, the built-in protections (XProtect, Gatekeeper) cover a meaningful amount, but on both platforms, safe browsing habits and prompt updates matter more than which specific product's logo is in your taskbar.

Is it safe to use public Wi-Fi?

Safer than it used to be, but not risk-free. Most sites and apps now use HTTPS by default, which encrypts traffic even on an untrusted network — but avoid logging into banking or other sensitive accounts on open, unencrypted Wi-Fi (the kind with no password) when you can wait for a trusted connection instead, and be skeptical of a Wi-Fi network named to look official at a cafe or airport.

What is two-factor authentication (2FA), and should I use it?

2FA means logging in requires something beyond just your password — usually a code from an app or a physical security key. Use it everywhere it's offered, especially on email and banking, since it's one of the single highest-value security habits available and blocks the large majority of account-takeover attempts that rely on a stolen or guessed password alone.

My computer says I have a virus and shows a phone number to call — is that real?

Almost certainly not. This is a well-known scam pattern, not a real antivirus alert — see the full guide on the fake antivirus renewal scam for exactly what to do if you're looking at one right now.

I clicked a phishing link — what do I do now?

It depends on how far you went. If you only opened the page without entering anything, close it and don't reuse that link. If you entered a password, change it immediately on the real site, and change it anywhere else you reused it. If you entered payment card details, contact your card issuer right away. Several Breachfolio guides walk through this for specific platforms — start with PayPal phishing or fake Amazon order texts if either matches what happened.

What's the difference between a scam and a data breach?

A scam is someone actively tricking you in the moment — a fake email, call, or text designed to get you to act. A data breach is a company's own systems being compromised, exposing information (like your email or password) that was already stored there, sometimes with no action from you at all. The two connect often: breached passwords get reused in follow-up scams, which is a large part of why reusing passwords across sites is risky even if you've never personally clicked anything suspicious.

Frequently asked questions

Is Breachfolio free to use?
Yes. Every guide, lab, and comparison on Breachfolio is free to read, with no paywall or account required.
How does Breachfolio make money?
Through a free newsletter and clearly-labelled display advertising sold via a third-party network. Vendors cannot pay for a rating, a quadrant position, or an editorial mention, and that's disclosed on every page.
Are the hands-on labs on Breachfolio legal and safe to follow?
Yes, as written. Every lab targets intentionally vulnerable software you install yourself on an isolated network you control, such as Metasploitable 2 or DVWA. What's illegal is running the same techniques against systems you don't own or don't have authorization to test.
Do I really need antivirus software?
On Windows, yes — built-in Microsoft Defender is genuinely solid and enabled by default, so at minimum keep it on. On Mac, built-in protections (XProtect, Gatekeeper) cover a lot, but safe browsing habits still matter more than which product you install.