/personal-security-checklist

Personal security checklist for securing your devices and accounts.

Personal Security Checklist

Take the following steps to secure your devices and accounts.

Laptop or computer security

  • Use a strong complex password to login to your computer
  • Configure your computer to require a password after 5 minutes of inactivity
  • Configure your computer to require a password on wake
  • Learn the keyboard shortcut to lock your computer - Windows logo + L (Windows), control + shift + power/escape (Mac), or ctrl + alt + L (Linux)
  • Mac: add keychain status to your menu bar (open /Applications/Utilities/Keychain\ Access.app/Contents/Resources/Keychain.menu/) for easy screen locking
  • Make a habit of locking your computer when you step away from it
  • Encrypt your hard drive via FileVault (Mac), BitLocker (Windows), or LUKS (Linux)
  • Enable your operating system's firewall
  • Mac: Enable stealth mode
  • Enable a device tracking and recovery program like Find My Mac or Prey
  • Securely store and encrypt your physical backups
  • Update your operating system to the latest version
  • Update your applications to the latest versions
  • Mac: Don't use your Apple ID to login to your computer, if hacked, it can be used to remotely wipe your Macbook. Instead use a regular Macbook login.
  • Mac: Don't forget to frequently brew update && brew upgrade for Homebrew

Smartphone security

  • Use a long passcode on your phone - 12+ characters, preferably alphanumeric
  • Require a passcode immediately after sleep
  • Enable Find My iPhone or Android Device Manager to use remote wipe if your phone is stolen or lost
  • iPhone: Enable erase data after 10 bad passcode attempts (take good backups!)
  • iPhone: If you're really, really paranoid don't enable Touch ID
  • iPhone: Install and enable Ka-Block! for mobile Safari to enable content blocking (ad blocking) on your phone. Use Safari with Ka-Block! instead of the Chrome iOS app for safer mobile web browsing.
  • iPhone: Install and use Firefox Focus to enable tracking protection and make it easy to delete your browsing history
  • Android: Don't use common and predictable lock patterns
  • Android: Encrypt your hard disk
  • Android: Install and enable the uBlock Origin add-on for Firefox on Android for safer mobile web browsing
  • Frequently update your operating system and apps, especially security patches
  • Frequently backup your phone and encrypt your backups

Network security

  • Find a reputable VPN service with a laptop & mobile phone client to use for hostile networks (e.g. unencrypted wifi) or as an everyday privacy guard
  • Install the HTTPS Everywhere extension in your browser to prevent inadvertent HTTP connections
  • Install an ad blocker like uBlock Origin (Firefox, Chrome or Ka-Block! (Safari) - internet ads are a common malware vector
  • Enable plugin click-to-play on all your browsers, not just your default browser, to protect against Adobe Flash vulnerabilities

Account security

A strong complex password is at least 16 characters long (the longer the better) and has several special characters (!@#$%^&*()). Two factor authentication (2FA) protects your account even more than a strong password.

  • Use a password manager like 1Password or Encryptr
  • Use a diceware passphrase as the encryption passphrase for your password manager
  • Add all of your account usernames and passwords to your password manager
  • Rotate all of your old or insecure passwords with strong passwords generated automatically via 1Password
  • Make sure every password for every account is unique
  • Replace any accurate questions to security question with false answers (store false answers in 1Password)
  • Download a 2FA app on your smartphone like Google Authenticator
  • Enable 2FA or two step verification on every account where available (see 2FA audit section) - add the software token to both your smartphone and 1Password
  • Immediately store your 2FA backup and recovery codes in 1Password

2FA Audit

Make sure 2FA or two step verification is enabled on all of the following accounts:

  • Google
  • Amazon
  • Facebook - enable Login Approval
  • GitHub
  • Dropbox
  • Apple ID
  • Slack - all of your Slack teams!
  • Twitter - two step verification with SMS
  • Yahoo! - two step verification with SMS
  • LinkedIn - two step verification with SMS

This is an incomplete list! For more information about two factor authentication, see twofactorauth.org, Turn It On, and #LockDownURLogin.