Because it is Safer Internet Day today I tweeted some security tips.
I’ll repeat them here:
1. You can’t lose what you don’t have. Only register an account for a website or app when you really need to. Use a throwaway email address (like Mailinator) and fake as much personal data as possible.
2. Never reuse passwords. Even not for “low value” accounts. Use a password manager or even a password book if that’s most convenient for you to support you in creating unique passwords.
3. Configure 2FA for your online accounts when possible, even if only SMS based 2FA is available. 2FA is always better than no 2FA. Configure a fallback (2FA backup codes or other recovery mechanism) for when the code cannot be received or generated.
4. Backup AND test your backups by restoring them. Make sure you have at least 2 backups at geographically different locations and consider encrypting them (anti-theft, privacy). Be careful with auto-sync as it might propagate deletion or encryption (ransomware).
5. Never click links in mails, chat, or SMS. Instead browse to the site directly by typing the legitimate URL. Don’t open attachments in mails from unknown senders. Even if the sender is known verify with them it the communication is legit.
6. Patch, patch, patch. Important to keep your OS and software up to date, including the latest security patches on your PCs, smartphones and tablets.
7. Uninstall software you don’t need, it limits your attack surface.
8. Check that (mobile) apps, browser extensions and third party applications (that you give access to another account) don’t have excessive rights.
9. Don’t use social logins. When they’re compromised attackers can get access to multiple accounts
10. Only install mobile apps from the official app stores.