Home › Security Tools

Complementary stack

Security tools to use alongside a VPN

A VPN is only part of a privacy stack. Combined with a password manager, 2FA, encrypted email, browser extensions and an antivirus, it forms a meaningful layer of protection. Here are the complementary picks.

Important note: This page isn't subject to our independent VPN-testing framework; the picks are based on public sources, audit reports and industry practice. Verify current features and pricing on each tool's official site before buying. This page contains no affiliate links.

Password manager

A VPN doesn't protect your password. Reusing the same password across sites is still the most common cause of account takeover (Verizon DBIR 2024). You need a password manager to generate and store a unique, strong password per account that you don't have to remember.

Bitwarden

Open source

Open-source password manager that can be self-hosted. The free plan is enough for most users.

Per provider reports, regular third-party audits are published.

Free / $10/year PremiumOfficial site

1Password

Closed source

A commercial product with a polished UX on family/team plans. Not open source, but security audits are public.

$2.99/month (individual)Official site

KeePassXC

Open source

Local, open source, offline password manager — for users who don't want cloud sync.

FreeOfficial site

Two-factor authentication (2FA)

Even if your password is stolen, 2FA prevents account access. SMS-based 2FA is weak against SIM-swap attacks; prefer TOTP (app-based) or a hardware key.

Aegis Authenticator (Android)

Open source

Open-source TOTP app. Encrypted backups, biometric lock.

FreeOfficial site

2FAS (iOS / Android)

Open source

Open-source, cross-platform TOTP app. iCloud backup option.

FreeOfficial site

YubiKey (hardware key)

Closed source

A physical USB key. The strongest form of 2FA; recommended for critical accounts (email, banking).

$25-$70 (one-time)Official site

Encrypted email

Gmail, Outlook and similar providers read your email on their servers (content scanning, ads, AI training). For sensitive communication, prefer end-to-end encrypted email.

Proton Mail

Open source

Swiss-based, open-source clients, end-to-end encrypted email. The free plan starts at 1 GB.

The same company also offers Proton VPN, Proton Drive and Proton Pass.

Free / €4/monthOfficial site

Tutanota

Open source

German-based, open-source email. Sign-up does not require a phone number.

Free / €3/monthOfficial site

Browser and extensions

Browser fingerprinting, cookies and tracking pixels follow you in places a VPN can't see. The right browser + extension combo blocks most of that tracking.

Firefox + uBlock Origin

Open source

Open-source browser + the industry-standard ad/tracker blocker. Not affected by Chrome's Manifest V3 restrictions.

FreeOfficial site

Brave

Open source

Chromium-based with built-in ad/tracker blocking and optional Tor integration.

There's an in-house ad-network model; it can be turned off if you don't want it.

FreeOfficial site

uBlock Origin (extension)

Open source

For Firefox, Chrome (MV2) and Edge. Arguably the single most effective browser privacy tool.

FreeOfficial site

Privacy Badger (EFF)

Open source

A behavioural tracker-blocker built by the Electronic Frontier Foundation.

FreeOfficial site

Antivirus / malware protection

A VPN doesn't stop malware from being downloaded. You need a separate layer of protection for downloaded files, email attachments and phishing sites.

Microsoft Defender (built into Windows)

Closed source

Ships with Windows 10/11 and consistently ranks well in AV-TEST reports. Enough for most users.

Free (built-in)Official site

ClamAV (Linux / CLI)

Open source

Open-source, mostly used for server-side file scanning. Also useful for Linux home users.

FreeOfficial site

Malwarebytes (second-opinion scan)

Closed source

Not a replacement for your AV, but a "second opinion" scan. The free version scans manually.

Free / $39.99/yearOfficial site

Encrypted storage / backup

Google Drive, OneDrive and iCloud can read your content on their servers. For sensitive files, prefer end-to-end encrypted cloud storage or local encryption.

Proton Drive

Open source

End-to-end encrypted cloud storage. Swiss jurisdiction.

Free 5 GB / PlusOfficial site

Cryptomator

Open source

Turns your existing cloud storage (Google Drive, Dropbox, etc.) into an encrypted vault. Open source.

Free (desktop) / paid on mobileOfficial site

Veracrypt

Open source

Local disk/file encryption. Open source, the heir to TrueCrypt with regular audits.

FreeOfficial site

Complementary security stack — practical recommendation

If you're starting from scratch, set them up in this order:

Install a password manager and move all your existing passwords into it, then change them to unique/strong ones. Bitwarden's free plan is enough for most users.
Turn on 2FA on critical accounts (email, banking, social media). Prefer a TOTP app or hardware key over SMS.
Install uBlock Origin in your browser. On its own, it's the highest-impact privacy step you can take.
Add a VPN. For public Wi-Fi, ISP surveillance and geo-bypass. Our quiz can help you find the right pick.
Consider encrypted email for sensitive communication. You don't have to move all your inboxes; it's enough for critical flows like bank password resets and crypto-exchange accounts.
Encrypt your backups. Tools like Cryptomator or Proton Drive keep your existing cloud storage safe.

What to avoid

Browsers' built-in "save password" features — most operating systems can sync them, but they're not as safe as a dedicated password manager.
SMS-based 2FA — weak against SIM-swap attacks; move to TOTP when you can.
Free antivirus ads — "You have a virus!" pop-up freebies typically carry malware themselves. Microsoft Defender is enough for most users.
Web-based "free proxies" — traffic isn't encrypted and ownership is unclear; not a substitute for a real VPN.

Next step

Start picking a VPN What is a VPN?VPN security checklist