-
Notifications
You must be signed in to change notification settings - Fork 0
/
README.md~
62 lines (33 loc) · 2.76 KB
/
README.md~
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
A website for general infosec tips and guidelines, freely avaliable for any who want to learn.
# Information Security Best Practices
### Recommendations
- **Keep software up to date.**
Don’t use an unsupported version of macOS, Windows, (8.1 and earlier), or anything else (iOS, Android, Linux). Don’t use a version of Android which is no longer receiving monthly security patches.
If your device does not support a new version, try Linux on desktops or laptops, and LineageOS (if supported) on your Android phone. You don’t really have alternatives for iPhone, but one thing Apple does quite well is providing long software support, so it is likely you are due for an upgrade for other reasons too.
- **Use a (secure) password manager**
Bitwarden 1Password KeePass (various clients)
KeePass XC Windows/macOS/Linux
KeePass DX Android
KeePassium iOS (paid)
Do not use LastPass
Evaluate password managers based on their handling of sensitive data, transparency with regular third-party audits, cryptography, and competency in response to security incidents when the happen. (These guidelines are also helpful with vpns
- **VPNs are not a security or privacy tool. They are for circumventing censorship.**
They can be useful tools, however. Mullvad is one of the best, Firefox vpn is based off of that. ProtonVPN is also good.
- **Use two-factor authentication (2fa)**
Time-based One Time Password (TOTP, the one with 6 numbers that rotate on a timer) is the most common standard. If something says it supports Google Authenticator or Authy this is what it supports. Aegis for Android, Ravio on iOS.
Only use sms for two factor when there is no other option, and even then use a VOIP number such as…
- **Google Voice**
Yes, they’ll use the data to advertise you, but you might trust them more than your cell provider and you can prevent someone else from getting your cell number by bribing an underpaid cell service employee.
- **Use a privacy-respecting open source browser such as Firefox or Brave**
- **Full volume encryption on your computer(s)**
(Your phone will have this by default btw)
- **Secure open-source text/voice messaging**
Such as [Signal](https://signal.org) or [Session](https://getsession.org)
- **Use Cloudflare’s 1.1.1.1 DNS on your routers and devices**
- **Use a secure email address from a provider for whom you are not the product (ie usually paid).**
ProtonMail and Tunatoa are good
- **Monitor your accounts to see when (not if) they get compromised.**
https://haveibeenpwned.com/ A Firefox account & Firefox Monitor makes this easier.
- **If you don’t need it, don’t install it. If you’re not using it, uninstall it. If you didn’t ask for it, don’t click on it.**
### Explainers and how-tos for the above
### Miscellaneous useful resources