Rev 20240208
Dominic Fahey
@domfahey
In an era where digital security is paramount, the "Risk Prevention - Not much in life is 100%" guide serves as an essential roadmap for average Apple users who seek to fortify their digital life without being overwhelmed by complex cybersecurity jargon or measures. Acknowledging that no security measure is foolproof, this guide pragmatically focuses on significantly reducing risk through accessible and effective strategies. It is tailored for individuals who may not be high-value targets like journalists or politicians but still recognize the importance of safeguarding their digital presence against common threats.
The cornerstone of the guide's advice is the strong endorsement of Two-Factor Authentication (2FA), with a clear hierarchy of preference that begins with hardware keys, followed by push-based and TOTP/token-based methods, and advises against the use of SMS-based 2FA due to its vulnerabilities. This is particularly emphasized for critical accounts such as email and financial services, where the risks of SIM-swap scams and related frauds are highlighted.
To complement 2FA, the guide advises on several other key security measures:
- Device Security: Recommendations include the purchase of hardware security tokens, the activation of Apple's Stolen Device Protection, and the use of unique, long, random passphrases managed via reputable password managers.
- Communication Security: The guide suggests securing cell phone accounts by setting up strong PINs/passcodes, requesting port freezes, and employing unique passcodes on mobile devices.
- Financial Security: A preference for credit over debit cards is advised to mitigate fraud risks, alongside the practice of shredding sensitive documents and implementing credit freezes to protect against identity theft.
- Privacy and Online Security: Strategies include using reputable DNS providers, monitoring for data breaches, opting out of unsolicited marketing, and employing tools like HTTPS Everywhere and VPNs to enhance online privacy and security.
The guide encapsulates a holistic approach to digital security, balancing the ease of implementation with the effectiveness of each measure. By adopting these practices, users can significantly enhance their digital security posture, protecting themselves against a wide array of common threats without needing to be cybersecurity experts.
This comprehensive set of recommendations underscores the importance of proactive measures in today's digital landscape. It is a testament to the achievable balance between accessibility for the average user and the implementation of robust security practices that can thwart the efforts of opportunistic attackers.
- Use Two-factor Authentication (2FA) for all accounts with a preference for non-SMS solutions. I recommend (in order) hardware key, push-based, and TOTP/token-based. Only use SMS if there is no other option.
- Especially do not use SMS 2FA for your email or financial accounts.
- Disable SMS / cell phone password recovery for your email and financial accounts.
- Why? If you become a victim of a SIM-swap or port-out scam, a fraudster can take over your email and then use it to take over other accounts.
- If you use a TOTP like Google Authenticator or Authy, never give anyone your one-time code if you didn’t request it.
- Consider purchasing two or more hardware tokens / security keys.
- Activate Apple Stolen Device Protection.
- Consider activating Apple end-to-end encryption.
- Ditch complex passwords; use unique, long, random passphrases for all accounts.
- Use a password manager to manage your unique, long passwords.
- Secure your cell phone: Make sure the password, pin, and security codes are long, secure, and unique.
- Call your cell phone provider and ask for a port freeze and ask to lock your account to your current SIM. Not all providers will do all of those things. If yours won’t, consider changing to one that will.
- Use a unique passcode on your mobile devices.
- Don't use debit cards, instead use ATM or credit cards.
- Shred documents.
- Add security/credit freezes.
- Use a reputable DNS provider.
- Register your email to monitor if it has been compromised in a data breach.
- Don’t reuse passwords!
- Don’t answer unknown numbers on your personal phone. If they need you, they will leave a message.
- Register for the National Do Not Call Registry.
- Opt Out of prescreened credit card and insurance offers via USPS.
- Opt out of direct marketing via USPS on DMA Choice.
- Use HTTPS Everywhere on your web browsers.
- Don’t Use public Wi-Fi and if you must, use a VPN.
- Use a reputable VPN provider.
Credit to Bryan VonCannon for seeding this list