Personal security checklist for securing your devices and accounts.
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
README.md

README.md

Personal Security Checklist

Take the following steps to secure your devices and accounts.

Laptop or computer security

  • Use a strong complex password to login to your computer
  • Configure your computer to require a password after 5 minutes of inactivity
  • Configure your computer to require a password on wake
  • Learn the keyboard shortcut to lock your computer - Windows logo + L (Windows), control + shift + power/escape (Mac), or ctrl + alt + L (Linux)
  • Mac: add keychain status to your menu bar (open /Applications/Utilities/Keychain\ Access.app/Contents/Resources/Keychain.menu/) for easy screen locking
  • Make a habit of locking your computer when you step away from it
  • Encrypt your hard drive via FileVault (Mac), BitLocker (Windows), or LUKS (Linux)
  • Enable your operating system's firewall
  • Mac: Enable stealth mode
  • Enable a device tracking and recovery program like Find My Mac or Prey
  • Securely store and encrypt your physical backups
  • Update your operating system to the latest version
  • Update your applications to the latest versions
  • Mac: Don't use your Apple ID to login to your computer, if hacked, it can be used to remotely wipe your Macbook. Instead use a regular Macbook login.
  • Mac: Don't forget to frequently brew update && brew upgrade for Homebrew

Smartphone security

  • Use a long passcode on your phone - 12+ characters, preferably alphanumeric
  • Require a passcode immediately after sleep
  • Enable Find My iPhone or Android Device Manager to use remote wipe if your phone is stolen or lost
  • iPhone: Enable erase data after 10 bad passcode attempts (take good backups!)
  • iPhone: If you're really, really paranoid don't enable Touch ID
  • iPhone: Install and enable Ka-Block! for mobile Safari to enable content blocking (ad blocking) on your phone. Use Safari with Ka-Block! instead of the Chrome iOS app for safer mobile web browsing.
  • iPhone: Install and use Firefox Focus to enable tracking protection and make it easy to delete your browsing history
  • Android: Don't use common and predictable lock patterns
  • Android: Encrypt your hard disk
  • Android: Install and enable the uBlock Origin add-on for Firefox on Android for safer mobile web browsing
  • Frequently update your operating system and apps, especially security patches
  • Frequently backup your phone and encrypt your backups

Network security

  • Find a reputable VPN service with a laptop & mobile phone client to use for hostile networks (e.g. unencrypted wifi) or as an everyday privacy guard
  • Install the HTTPS Everywhere extension in your browser to prevent inadvertent HTTP connections
  • Install an ad blocker like uBlock Origin (Firefox, Chrome or Ka-Block! (Safari) - internet ads are a common malware vector
  • Enable plugin click-to-play on all your browsers, not just your default browser, to protect against Adobe Flash vulnerabilities

Account security

A strong complex password is at least 16 characters long (the longer the better) and has several special characters (!@#$%^&*()). Two factor authentication (2FA) protects your account even more than a strong password.

  • Use a password manager like 1Password or Encryptr
  • Use a diceware passphrase as the encryption passphrase for your password manager
  • Add all of your account usernames and passwords to your password manager
  • Rotate all of your old or insecure passwords with strong passwords generated automatically via 1Password
  • Make sure every password for every account is unique
  • Replace any accurate questions to security question with false answers (store false answers in 1Password)
  • Download a 2FA app on your smartphone like Google Authenticator
  • Enable 2FA or two step verification on every account where available (see 2FA audit section) - add the software token to both your smartphone and 1Password
  • Immediately store your 2FA backup and recovery codes in 1Password

2FA Audit

Make sure 2FA or two step verification is enabled on all of the following accounts:

  • Google
  • Amazon
  • Facebook - enable Login Approval
  • GitHub
  • Dropbox
  • Apple ID
  • Slack - all of your Slack teams!
  • Twitter - two step verification with SMS
  • Yahoo! - two step verification with SMS
  • LinkedIn - two step verification with SMS

This is an incomplete list! For more information about two factor authentication, see twofactorauth.org, Turn It On, and #LockDownURLogin.