Steps:
Embrace a zero trust model. Don’t rely on reactive security practices. Never trust. Always verify. Never put all your eggs into one basket.
These are ~3 things you should absolutely be doing:
1. Better passwords:
- go change them all, seriously, right now!
- use strong/non-unique passwords (diceware)
- never mix or reuse them across services/accounts
- use a password manager (preferably offline, like KeePassXC)
- avoid sharing passwords and use something that notifies you of breaches (but don’t rely solely on reactive security)
- enable 2FA/MFA, possibly use hardware keys/tokens
- backup everything just in case
- update your OS with security updates and employ active IDS/IPS (it’s not as hard as it sounds)
- disable and/or avoid telemetry from your OS, browser and IoT devices
- don’t use browser storage for sensitive info including passwords
2. Better browsing:
- block ads at the host level (Pi-hole, DNSSEC/DNSCRYPT, /etc/hosts, router VPN)
- uBlock Origin, LibRedirect, Smart Referrer
- ensure website integrity (in Tor, you can verify a site’s /mirrors.txt)
- use a private search engine (SearXNG, DuckDuckGo, Brave)
- don’t use unnecessary extensions (cf. https://github.com/arkenfox/user.js/wiki/4.1-Extensions) - useless bullshit
- use HTTPS (default in your regular browser usually)
- DNS over HTTPS (DOH)
- containerize and/or sanitize browsing in-between sessions, (again, Arkenfox/user.js)
- minimize your footprint/fingerprint (Firefox RFP)
- plain-text emails only, question all attachments from all sources
3. Practice your OPSEC:
- don’t login on another person’s device and use privacy shields if you can
- avoid password hints or use answers that have nothing to do with them (confuse the enemy :))
- don’t use a 4-digit pin for your devices, use a strong password
- minimize or eliminate the SMS 2FA for services to avoid SIM swaps
- avoid using your password manager for OTP
- avoid face and biometric unlocks
- never reuse usernames
- use a mail forwarding service to combat spam (and further confuse the enemy)
- use security keys (YubiKey, etc.) for U2F/OATH/FIDO; they are resistant to phishing
- personal security checklist