Security starts and — unforunately, more often than not — ends with password management.
- Use a password manager. 1Password > Keepass > LastPass.
- Memorize a master passphrase of five or so random words. In practice, several random words are better than a short password of esoteric special characters that you’ll likley forget.
- Don’t reuse passwords on different sites. Use your password manager to generate unique passwords for each site instead.
- Write your master passphrase down and put it someplace safe.
- Use multi-factor authentication when you can. At a minimum, protect your email. Google authenticator > YubiKey > SMS.
Everything done online should be considered permanent. Google, Facebook, and others profit by knowing everything they can about their users. Encryption helps keep the content of your communication private from people other than the recipient.
- Protect your calls and messages from eavesdropping by using end-to-end encrypted apps. Signal > WhatsApp > iMessage/FaceTime.
- Avoid Telegram, Snapchat, and normal SMS. Unencrypted copies of your communication live on their servers.
- Encrypted email (PGP/GPG) should be avoided. It’s too easy to get wrong, even for crypto nerds.
Besides employing common sense and caution, there are a few things one can do to stay safe while browsing the internet
- Keep your browser, and operating system updated. Enable automatic updates where possible.
- Use privacy protecting browser extensions like HTTPS Everywhere, Privacy Badger, and uBlock.
- Disable or remove Java, Flash, and Acrobat where possible.
- Use a VPN for privacy & Tor for anonymity. Don’t confuse anonymity with privacy.
If you want to learn more about security engineering, or cryptography, I highly suggest the following.