“Follow this 15 step security checklist and take control of your digital security. I use all the apps and software listed below on a daily basis and I recommend them all. Start slow. Check one box off at a time.”
V-Town Tech
* Disclosure: V-Town Tech is an affiliate of some products on this page and we may earn a commission through links on our site. Thank you for your support! Learn more.
Use a password manager
A password manager helps you create a unique password for each online service you use. Having a unique password ensures that if one service you use is hacked, the compromised password won’t allow access to all of your other accounts.
At the very minimum, you should have a unique password for high-value accounts like Google, Apple, email, and banking accounts.
RECOMMENDATION |
Bitwarden is a free and open-source password manager. It aims to solve password management problems for individuals, teams, and business organizations. Bitwarden is among the easiest and safest solutions to store all of your logins and passwords while conveniently keeping them synced between all of your devices. If you don’t want to use the Bitwarden cloud, you can easily host your own Bitwarden server. I would be lost without this app and browser extensions. Website // www.bitwarden.com Platforms // Windows / MacOS / Linux / Android / iOS / Firefox / Chrome / Safari / Brave / Vivaldi / Opera / Edge / Tor |
RESOURCES |
– How to use a password manager (and why you really should) – How Secure is My Password – How password managers work and why you should use one – Password managers compared – Have I Been Pwned: Find out if your passwords have been hacked |
Create a strong device passcode
A four-digit passcode for your phone or other devices is no longer considered secure. You should use a 6+ digit passcode at the very minimum, and for extra security use a 6+ character passcode containing both numbers and letters. TouchID and FaceID should be turned off when traveling internationally.
You should enforce a strict lock policy on your devices. Always require a passcode and ensure that a device is not left unattended for more than a minute or two.
RESOURCES |
– How long it takes to break a passcode – How to temporarily disable TouchID or FaceID – Changing your iOS passcode – Changing your Andorid passcode |
Use two-factor authentication
Two-factor authentication (2FA) adds an extra layer of security on top of passwords. It ensures that someone logging into an account is who they say they are by requiring an extra piece of information besides the account password.
This extra information is usually either something you know, something you have, or something you are – for example, a biometric signal like FaceID.
You should not use your phone number as a two-factor method.
At minimum 2FA should be installed on accounts that can lock you out of other accounts: e.g. a Google account, email applications, an Apple ID, and financial accounts. For stronger security, ensure that 2FA is enabled on every service you use that supports it.
Note: Be sure to back-up any recovery codes given to you during the 2FA setup processes, otherwise you risk locking yourself out of your accounts.
RECOMMENDATION |
Authy – Relying on just usernames and passwords to secure your online accounts is no longer considered safe. Data breaches occur daily and hackers are always inventing new ways to take over your accounts. Protect yourself by enabling two-factor authentication (2FA). This blocks anyone using your stolen data by verifying your identity through your device. Enable 2FA now to protect your accounts online. Authy also has easy to use Setup Guides for you. Website // www.authy.com Platforms // Andorid / iOS / Windows / MacOS |
RESOURCES |
– What is two-factor authentication? – Two-factor authentication: a little goes a long way – So hey, you should stop using texts for two-factor authentication – List of websites and whether or not they support 2FA – Step-by-step instructions: 2FA Guides – List of websites and whether or not they support One Time Passwords (OTP) or Web Authentication (WebAuthn) respectively FIDO2, U2F |
Set up a mobile carrier PIN
SIM hijacking is a process where a hacker socially engineers or bribes a mobile carrier to transfer your phone number to a SIM card they own.
If you use text messages as a two-factor authentication method, this gives hackers the ability to bypass 2FA and in most cases the ability to reset your passwords completely.
You should enable a carrier security PIN. This PIN will be used before a carrier can make changes to your SIM cards or mobile account settings.
RESOURCES |
– SIM swap attacks and what you need to know – SIM hijacking explained – Verizon FAQ – AT&T FAQ – T-Mobile FAQ |
Encrypt your devices
If your phone or computer is ever stolen, a thief may try to read or export your personal data. If your device is unencrypted, hackers will have access to anything stored on that device, including photos, emails, documents, and contacts.
You should enable encryption on every phone and computer you use. Encrypting your devices makes it nearly impossible for a thief to read your data without having your encryption password.
RECOMMENDATIONS |
VeraCrypt is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file or encrypt a partition or the entire storage device with pre-boot authentication. Website // www.veracrypt.fr Platforms // Windows / MacOS / Linux |
RESOURCES |
– Why you should encrypt your computer – Why you should be encrypting your devices, and how to easily do it – Encrypt your iOS backups – Encrypt your Android devices – Enable full-disk encryption on Windows PCs – Encrypt your Mac |
Use a VPN
A VPN, or virtual private network, is a useful tool to secure an internet connection. It guarantees that data you are sending and receiving is encrypted, preventing people from snooping on your traffic.
You should use a VPN provider that you trust to not harvest and re-sell your data. The best VPNs often charge a monthly subscription – this is a good thing because it means their business model is not reliant upon reselling your data to advertisers.
RECOMMENDATIONS |
Private Internet Access* is the leading VPN Service provider specializing in secure, encrypted VPN tunnels which create several layers of privacy and security providing you safety on the internet. Their service is backed by multiple gateways worldwide with access in 29+ countries, 49+ regions. (Paid) Website // www.privateinternetaccess.com Platforms // Windows / MacOS / Linux / Android / iOS ProtonVPN* – Keep your browsing history private. As a Swiss VPN provider, they do not log user activity or share data with third parties. Their anonymous VPN service enables Internet without surveillance. (Free / Paid) Website // www.protonvpn.com Platforms // Windows / MacOS / Linux / Android / iOS |
RESOURCES |
– How does VPN work? – Why you should be using a VPN – What is a VPN and why you need one – Why you should use a VPN on a public Wi-Fi network – What’s the difference between a free VPN and a paid VPN? – A detailed VPN provider comparison chart |
Use a privacy-first browser
You should use a web browser that protects you from tracking, fingerprinting, and unwanted advertisements.
Modern browsers have made it simple to transfer your bookmarks and preferences in order to reduce switching pains.
RECOMMENDATIONS |
Firefox is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, Mozilla Corporation. Firefox uses the Gecko layout engine to render web pages, which implements current and anticipated web standards. Stay tuned for our instructions on how to configure Firefox for maximum privacy and security. Website // www.mozilla.org/en-US/firefox/ Platforms // Windows / MacOS / Linux / Android / iOS Brave is a free and open-source web browser developed by Brave Software, Inc. based on the Chromium web browser. The browser blocks ads and website trackers, and provides a way for users to send cryptocurrency contributions in the form of Basic Attention Tokens to websites and content creators. Website // www.brave.com Platforms // Windows / MacOS / Linux / Android / iOS Tor Browser is your choice if you need an extra layer of anonymity. It’s a modified version of Firefox ESR, which comes with pre-installed privacy add-ons, encryption, and an advanced proxy. Website // www.torproject.org/ Platforms // Windows / MacOS / Linux / Android / iOS (Onion Browser) DuckDuckGo Privacy Browser is an open-source web browser that has built-in ad and tracker blocking and utilizes ToS;DR to rate the privacy policies of the sites you visit. Website // www.duckduckgo.com/app Platforms // Android / iOS |
RESOURCES |
– Don’t expect privacy from Chrome – Google Chrome’s users take a back seat to its bottom line – What data of mine does Chrome send to Google – Firefox multi-account containers – How to protect yourself from browser fingerprinting – Browser fingerprinting, and why they are hard to erase – Who Tracks Me – Learn about tracking technologies, market structure and data-sharing on the web |
Use a privacy-first search engine
You should use a search engine that protects you from tracking, fingerprinting, and unwanted advertisements. DuckDuckGo is a privacy-first search engine that does not store your search history, has strict location and personalization permissions, and publishes regular content teaching people how to be safer on the web. STOP GOOGLING!
RECOMMENDATIONS |
DuckDuckGo is an internet search engine that emphasizes protecting searchers’ privacy and avoiding the filter bubble of personalized search results. DuckDuckGo distinguishes itself from other search engines by not profiling its users and by showing all users the same search results for a given search term. Website // duckduckgo.com |
RESOURCES |
– DuckDuckGo Privacy – About DuckDuckGo – DuckDuckGo: No, we’re not using fingerprinting to track you – Everything Google knows about you |
Use a privacy-first email provider
You should use an email provider that doesn’t read your email or gather data about your conversations to target you with ads.
Signup for a free Protonmail or Tutanota account and send your first end-to-end encrypted email to me. See for yourself how easy it is! You can also tryout Fastmail for 30 days. I have stopped using Gmail and all Google services and have made the switch to Fastmail for my email, contacts, and calendar.
vtowntech [at] protonmail.com
vtowntech [at] tutanota.com
vtowntech [at] fastmail.com
RECOMMENDATIONS |
ProtonMail* is the world’s largest secure email service, developed by CERN and MIT scientists. They are open source and protected by Swiss privacy law. (Free / Paid) Website // www.protonmail.com Platforms // Web / Android / iOS Tutanota is a free and open-source end-to-end encrypted email software and freemium hosted secure email service. (Free / Paid) Website // www.tutanota.com Platforms // Web / Android / iOS FastMail* is an email service offering paid email accounts for individuals and organisations. (Paid) Website // www.fastmail.com Platforms // Web / Android / iOS |
RESOURCES |
– Gmail vs Fastmail – Stop the paranoia: it doesn’t matter if Google reads our email – How Google is destroying privacy and collecting your data – Privacy-friendly alternatives to Google that don’t track you – Opt out of global data surveillance programs like PRISM, XKeyscore and Tempora – Tools and knowledge to protect your privacy against global mass surveillance – We should have a different email for each website |
Review location, camera, and other sensitive device permissions
You should review all applications that have access to your photos, camera, location, and microphone. Ensure that you trust apps with sensitive permissions.
Review and remove metadata attached to photos you share
Geotagging is the process of adding geographical identification to media files (photos and videos, for example). Anyone who has access to these tagged media files can read this data and learn where the photo was taken. Most social media sites strip the EXIF data from photos, but if you’re hosting your own photos, be aware that the geolocation can give away your exact location.
You should understand how location metadata is attached to your media and take steps to ensure you are not uploading sensitive information with your files.
Review your social media privacy settings
Over the years social media companies are able to gather staggering amounts of data about you, your interests, who you talk to, where you go, what you buy, and so much more.
If you‘re not ready to give up social media quite yet, you should take the time to review your security and privacy settings. Visualizing the amount of information that social media companies know about you may be enough to curb that unhealthy newsfeed obsession.
RECOMMENDATIONS |
Jumbo – Take back control of your personal data. Ever wanted to delete old tweets or old Facebook posts? Stop location tracking or simply secure your personal data? Protecting your online privacy and personal data is getting more complicated each day. Jumbo will help. Website // www.jumboprivacy.com Platforms // Android / iOS |
RESOURCES |
– Facebook privacy settings – Facebook ad personalization settings – Facebook location history – Facebook face recognition settings – Your Facebook information – Facebook security settings – Twitter personalization settings – Twitter privacy and safety settings – Google activity – Google location history – Google ad personalization settings – Google purchase history – Google subscription history – Google reservation history – re:consent browser extenstion gives you more privacy control on the web – How to stop Amazon from listening to what you say to Alexa – Opt out of all the data sharing you wouldn’t op in to |
Use encrypted messaging apps when sharing sensitive information
When sharing sensitive information over chat, you should be using a secure, end-to-end encrypted messaging service. End-to-end encryption ensures that only you and your intended recipient are able to view messages. Your messages will appear scrambled (and will be nearly-impossible to unscramble) to anyone else, including app developers and ISPs.
RECOMMENDATIONS |
Signal is a mobile app developed by Signal Messenger LLC. The app provides instant messaging, as well as voice and video calling. All communications are E2EE unless you choose to send as SMS. Its protocol has also been independently audited. (Free) Website // www.signal.org Platforms // Desktop / Android / iOS mySudo offers users safety and security in the digital world. Create and manage Sudos for privacy protection online, on the phone, or wherever technology takes you. (Free / Paid) Website // www.mysudo.com Platforms // iOS Wire provides the strongest security for organizations and individuals looking to protect their communications and document sharing. End-to-end encryption gives you the confidence to talk, message, and share across teams and with clients, through a single app that’s available on all of your devices. (Free [Personal] / Paid [Business]) If you choose Wire, find me @vtowntech Webiste // www.wire.com Platforms // Windows / MacOS / Linux / Andorid / iOS |
RESOURCES |
– What is end-to-end encryption? – Hacker lexicon: end-to-end encryption – Encrypted messaging isn’t magic – Why you need a better handle on WhatsApp, Signal and Telegram – The best and worst encrypted messaging apps |
Educate yourself about phishing attacks
Phishing is an attempt to obtain sensitive information (like an account password) by disguising as a trustworthy person or company. Phishing often occurs via email where a hacker will use social engineering to convince someone to click a link that goes to a fake login page. The fake login page then sends anything the victim types (including usernames and passwords) to the hacker.
In recent years phishing attacks have become increasingly sophisticated and hackers are learning to use data that people put on the web to create highly specific and targeted attacks.
Smart people are not immune to phishing.
You should learn the basics of phishing and how to identify a phishing attempt.
Keep your devices up to date
Many of the most damaging hacks in recent history were only possible because someone failed to update software. While update notifications delivered by your smartphone, computer, and other internet-connected devices can be disruptive, applying those updates in a timely manner is the single-most effective action you can take to protect yourself from these types of attacks.
You should apply software updates to every device you own as soon as they are made available, and develop a habit of checking for updates on devices that do not notify you of available patches to ensure their security.