This guide provides simple, age-inclusive instructions for improving online security in 2024. We’ll update it regularly based on expert feedback.

Key Terms

  • OPSEC (Operations Security): Techniques to protect private data and devices.
  • 2FA (Two-Factor Authentication): An extra security layer for your accounts, beyond just the password.

Bare Minimum Security Steps

  • Restart your computer, mobile phone, and tablet once per week
  • Enable automatic updates for:
    • Mobile phones and apps.
    • Computers and tablets.
    • Web browsers.
  • Set a reminder every 3 months to check in case auto-update fails.
  • Use a password manager like 1Password or Bitwarden .
  • Enable 2FA on your password manager.
  • Create unique, 18+ character passwords for each site.
  • Use non-SMS based 2FA for email.
  • Activate number lock or SIM swap protection with your mobile provider.

Prioritizing Your Security Risks

Once you’ve covered the basics, assess and address your other security risks. Here’s how I prioritize:

Risk Categories

  • Critical Risk: Email, mobile phone carriers, iCloud, password vaults.
  • High Risk: Social media, messaging, financial sites, home security vendors, Amazon, online games.
  • Medium Risk: Entertainment platforms, other shopping sites.

Two-Factor Authentication (2FA) Levels

  • SMS Codes (Level 0): Basic but vulnerable to SIM-swap attacks.
  • Brand App’s 2FA (Level 1): In-app confirmation button or code generation.
  • Dedicated 2FA App (Level 2): Apps like Authy that generate 2FA codes.
  • Physical Security Key (Level 3): Physical devices like YubiKey or Google Titan for 2FA.

Scam Protection Tips

With the rapid advancement of AI, these scams are becoming easier to pull off and harder to detect. Most scammers create a sense of urgency to heighten emotions and make you more susceptible to falling for the scam.

For your mobile phone, I like the RoboKiller app, which helps block spam and phishing calls automatically. It costs about $7/mo and is well worth it.

Inform your close friends and family members about the risks of impersonation attacks, and let them know if they ever receive an urgent request from you for money, to ask a question only you would know.

Common Scams

  • 2FA Retrieval or Password Reset: Attempts to access your accounts.
  • Catfishing/Blackmailing: Impersonation scams on social media.
  • Phishing: Suspicious emails or texts directing you to contact or click a link. Always verify through official channels.

FAQ

Here are questions friends and family have asked about this post, with answers included:

  • What is a more secure method of 2FA if you should not use SMS?
    • A more secure alternative to SMS for two-factor authentication (2FA) is the use of an authenticator app, like Authy . These apps generate time-sensitive codes on your device, providing a higher security level as they are not susceptible to interception like SMS messages.
  • What is a sim swap attack?
    • A SIM swap attack is a type of fraud where a hacker convinces a mobile carrier to switch a victim’s phone number to a SIM card in the hacker’s possession. Once done, the attacker gains control over the victim’s phone number, including incoming calls, texts, and potentially access to accounts secured by SMS-based 2FA.