Take the following steps to secure your devices and accounts.
- Use a strong complex password to login to your computer
- Configure your computer to require a password after 5 minutes of inactivity
- Configure your computer to require a password on wake
- Learn the keyboard shortcut to lock your computer - Windows logo + L (Windows), control + shift + power/escape (Mac), or ctrl + alt + L (Linux)
- Mac: add keychain status to your menu bar (
open /Applications/Utilities/Keychain\ Access.app/Contents/Resources/Keychain.menu/) for easy screen locking - Make a habit of locking your computer when you step away from it
- Encrypt your hard drive via FileVault (Mac), BitLocker (Windows), or LUKS (Linux)
- Enable your operating system's firewall
- Mac: Enable stealth mode
- Enable a device tracking and recovery program like Find My Mac or Prey
- Securely store and encrypt your physical backups
- Update your operating system to the latest version
- Update your applications to the latest versions
- Mac: Don't use your Apple ID to login to your computer, if hacked, it can be used to remotely wipe your Macbook. Instead use a regular Macbook login.
- Mac: Don't forget to frequently
brew update && brew upgradefor Homebrew
- Use a long passcode on your phone - 12+ characters, preferably alphanumeric
- Require a passcode immediately after sleep
- Enable Find My iPhone or Android Device Manager to use remote wipe if your phone is stolen or lost
- iPhone: Enable erase data after 10 bad passcode attempts (take good backups!)
- iPhone: If you're really, really paranoid don't enable Touch ID
- iPhone: Install and enable Ka-Block! for mobile Safari to enable content blocking (ad blocking) on your phone. Use Safari with Ka-Block! instead of the Chrome iOS app for safer mobile web browsing.
- iPhone: Install and use Firefox Focus to enable tracking protection and make it easy to delete your browsing history
- Android: Don't use common and predictable lock patterns
- Android: Encrypt your hard disk
- Android: Install and enable the uBlock Origin add-on for Firefox on Android for safer mobile web browsing
- Frequently update your operating system and apps, especially security patches
- Frequently backup your phone and encrypt your backups
- Find a reputable VPN service with a laptop & mobile phone client to use for hostile networks (e.g. unencrypted wifi) or as an everyday privacy guard
- Install the HTTPS Everywhere extension in your browser to prevent inadvertent HTTP connections
- Install an ad blocker like uBlock Origin (Firefox, Chrome or Ka-Block! (Safari) - internet ads are a common malware vector
- Enable plugin click-to-play on all your browsers, not just your default browser, to protect against Adobe Flash vulnerabilities
A strong complex password is at least 16 characters long (the longer the better) and has several special characters (!@#$%^&*()). Two factor authentication (2FA) protects your account even more than a strong password.
- Use a password manager like 1Password or Encryptr
- Use a diceware passphrase as the encryption passphrase for your password manager
- Add all of your account usernames and passwords to your password manager
- Rotate all of your old or insecure passwords with strong passwords generated automatically via 1Password
- Make sure every password for every account is unique
- Replace any accurate questions to security question with false answers (store false answers in 1Password)
- Download a 2FA app on your smartphone like Google Authenticator
- Enable 2FA or two step verification on every account where available (see 2FA audit section) - add the software token to both your smartphone and 1Password
- Immediately store your 2FA backup and recovery codes in 1Password
Make sure 2FA or two step verification is enabled on all of the following accounts:
- Amazon
- Facebook - enable Login Approval
- GitHub
- Dropbox
- Apple ID
- Slack - all of your Slack teams!
- Twitter - two step verification with SMS
- Yahoo! - two step verification with SMS
- LinkedIn - two step verification with SMS
This is an incomplete list! For more information about two factor authentication, see twofactorauth.org, Turn It On, and #LockDownURLogin.