Take the following steps to secure your devices and accounts.
- Use a strong complex password to login to your computer
- Configure your computer to require a password after 5 minutes of inactivity
- Configure your computer to require a password on wake
- Learn the keyboard shortcut to lock your computer
- Make a habit of locking your computer when you step away from it
- Encrypt your hard drive via FileVault (Mac), BitLocker (Windows), or LUKS
- Enable your operating system's firewall
- Mac: Enable stealth mode
- Enable a device tracking and recovery program like Find My Mac or Prey
- Securely store and encrypt your physical backups
- Update your operating system to the latest version
- Update your applications to the latest versions
- Mac: Don't forget to frequently
brew update && brew upgrade
for Homebrew
- Use a long passcode on your phone - 12+ characters, preferably alphanumeric
- Require a passcode immediately after sleep
- Enable Find My iPhone or Android Device Manager to use remote wipe if your phone is stolen or lost
- iPhone: Enable erase data after 10 bad passcode attempts (take good backups!)
- iPhone: If you're really, really paranoid don't enable Touch ID
- Android: Don't use common and predictable lock patterns
- Android: Encrypt your hard disk
- Frequently update your operating system and apps, especially security patches
- Frequently backup your phone and encrypt your backups
- Find a reputable VPN service with a laptop & mobile phone client to use for hostile networks (e.g. unencrypted wifi) or as an everyday privacy guard
- Install the HTTPS Everywhere extension in your browser to prevent inadvertent HTTP connections
- Install an ad blocker like uBlock Origin - internet ads are a common malware vector
- Enable plugin click-to-play to protect against Adobe Flash vulnerabilities
A strong complex password is at least 16 characters (the longer the better) and has several special characters (!@#$%^&*()
). Two factor authentication (2FA) protects your account even more than a strong password.
- Use a password manager like 1Password or Encryptr
- Use a diceware passphrase as the encryption passphrase for your password manager
- Add all of your account usernames and passwords to it
- Rotate all of your old or insecure passwords with strong passwords generated automatically via 1Password
- Make sure every password for every account is unique
- Replace any accurate questions to security question with false answers (store false answers in 1Password)
- Download a 2FA app on your smartphone like Google Authenticator
- Enable 2FA or two step verification on every account where available (see 2FA audit section) - add the software token to both your smartphone and 1Password
- Immediately store your 2FA backup and recovery codes in 1Password.
Make sure 2FA or two step verification is enabled on all of the following accounts:
- Amazon
- Facebook - enable Login Approval
- GitHub
- Dropbox
- Apple ID
- Slack - all of your Slack teams!
- Twitter - two step verification with SMS
- Yahoo! - two step verification with SMS
- LinkedIn - two step verification with SMS
This is an incomplete list! For more information about two factor authentication, see twofactorauth.org, Turn It On, and #LockDownURLogin.