Increase Your Personal Security

It’s Tricky
Tricking people is much easier than actual hacking, security professionals like to call this Social Engineering.
Their best trick is to convince websites or companies to reset your password.
Everyone forgets their password. We’ll cover safe places to write them later.
To reset your password, websites collect some personal information that only you should know (ie mothers maiden name) This is called Knowledge-based authentication and it has a few problems. Using Facebook or other social media its easy to find family ties such as your uncle, who would have the same last name as your mother’s maiden name. Secondly you can’t change your mother’s maiden name if it becomes public. Also unchangeable are your birthday and bio-metrics like fingerprints, face geometry or DNA. So once the cat is out of the bag, you are vulnerable forever.

Mitigations:
Generic Social Media:
On Facebook and other social media sites, set your birthday to 1 day before your real birthday. You prob don’t care if your friends wish you HB a day in advance.

Avoid posting your Maiden name; Facebook knows who all your children are. By posting your Maiden name you shouting the answer to your Children’s password reset question.
Use a short-form of your first/given name.
Set your Brothers/Uncles to Friend, so as not to have a direct link to your maiden-name.

Never post your full address

Never post your middle name when your middle initial will do.

Google yourself; The google brief often exposes some of your linked-in and Facebook information.

Be careful which pictures you post; never pictures of your keys or expensive items in your home.

Facebook earned $10.3 billion 2017q3, they employ 25000 people, but they give away accounts for free? Facebook makes money through advertising, they can charge a premium because they monitor your likes and conversations to target you with ads that are tailored to your preferences. Basically Facebook makes billions by spying on you. All of those chain posts to “Find out which Superhero you are” you are giving away your personal information for free, to a stranger.

Facebook specific;
Recommend you don’t use Facebook for games or as a Federated login service.
Disable the sharing platform (section labelled Nuke It) https://www.pcmag.com/feature/359951/how-to-prevent-facebook-from-sharing-your-personal-data
apps will stop working
you won’t be able to login with Facebook; which was a bad idea anyway
Top right down arrow, settings
General
Contact; change to Something+facebook@gmail.com
Security and Login
Don’t choose friends to contact if you get locked out; moving the Social Engineering to your friends doesn’t solve the problem
Turn off Log in with your profile picture
Look in Authorized Logins; remove all your old smartphones, leaving only the most recent record. (check here whenever you break a close relationship)
Privacy
Your Activity
Who can see your future posts; This should never be PUBLIC!
Limit The Audience for Old Post
This will change any old posts to your current setting.
Change every instance of Public to Friends of Friends
Apps and Websites
Expired
Remove anything you don’t use anymore (+data)
Your Profile
Photos
Make sure you have no Public Albums

Email;
Tell me where you have heard this before;
Don’t click on links in emails. EVER. Not even just this once.

Setup an Email account dedicated to password recovery. Turn 2FA/MFA on. when setting up 2FA you will be shown a QR code (a dotty square) take a picture of that and save it to a USB key that normally stays unplugged.

When possible use Gmail Tags
Gmail can automatically add tags to received emails when the format is RegularEmailAddress+TagName@gmail.com Since this creates a unique email address per service, it becomes very easy to trace where anyone acquired your email address.

Be Skeptical; Scams often use relative dates Ie yesterday, last week etc to allow their emails to circulate for as long as possible. Look for email to “occupant”, legit companies will use your real name in the email body.

Real companies never send un-requested password reset emails. If you need to reset your password, use google to search for the website.

Turn off auto-download attachments in Outlook.

Passwords;
haveibeenpwned.com allows you to enter your email address and it will search through a ton of recent security leaks, telling you if your email address was found. Most Websites identify you by your email address because its an easy way to reset your password when you forget it.

This is why using the same password for every website is insecure; if 1 site leaks your password its easy for a bad guy to check your email+pw at many other sites.
Best Mitigation: use a password manager (LastPass) let it generate a long password.
Alt Mitigation:
Create a secure base password (8chars, Upper, Lower, Special Char) and add 2 characters from the domain name. So your Facebook password could be Ba$ePsw0FK (the FK comes from the Facebook url), Ba$ePsw0LN for LinkedIn etc.
Recommend 2 factor authentication for banking and other high security purposes. SMS based 2fa is weaker than time based

Browser;
Replace IE with Chrome or Firefox. (Edge will soon use Chrome engine)
Recommended add-ons; uBlock Origin, (or Ghostery), BitDefender Trafficlight, LastPass (or Blur) password mgr
Recommended Uninstall Adobe Flash and Java; they are being replaced by HTML5

Your Phone;
Your cellphone automatically pulls new email & messages whenever it is connected to the internet. It needs to send your password to get those updates. If someone intercepts this exchange, they could decrypt your password. Having your email password, they could reset every other password for every website you visit.
Ask your cellular provider to add a Passcode to your SIM. Record the passcode somewhere safe (Lastpass) This prevents a SIM-swap attack
don’t root/jailbreak your phone
only install apps from the google/apple store
make sure your phone has a lock-screen to get in. I find fingerprint convenient, and i can’t forget it.
Treat all non-home wifi as untrusted; (coffee-shop, hotel, airport etc)
untrusted=don’t use sensitive apps (banking) without a VPN. I like NordVpn as it starts automatically when needed.
Install HiYa / Truecaller / Mr# / Nomorobo to filter RoboCalls & Scams
Turn off auto-connect to Open Wifi here

Backups
Windows has built in backup software but it will ONLY store to NTFS volumes.
Check out Duplicati2 which is Free and open source, it stores to anything using industry standard AES encryption and Zip compression. It’s backup service creates a webpage that can be made accessable to your entire Private network so you can check backups remotely. To protect against Ransomware make sure you have Point-In-Time, offline or read-only backups.

Cloud Storage:
Consider replacing Dropbox, iCloud, Google drive with Sync.com or pCloud. Both offer strong encryption by default.

Credit/Debit Cards:
Recommend GooglePay to pay tap/debit with your Phone!
Your phone has the processing power to do virtual debit cards, your real credit card information is never transferred over the air. And your phone requires your fingerprint/unlock code. The only downside is you are now susceptible to malware.
Options here https://www.pcmag.com/roundup/358553/the-best-mobile-payment-apps

Don’t write your Credit/Debit Cards pin # and store it in your wallet! Recommend a cell phone contact NOT labelled PIN. Need your fingerprint/passcode to see it.
Credit/Debit Cards Tap to pay;
disable OR make sure your per transaction limit is low (aka <$50)
If T2P is enabled, put something metal in your wallet.
Online payment;
Use PayPal (aka 1 throat to choke) it is accepted on the majority of sites
If you can’t PayPal use a virtual credit card from PayPal Key (US only), Security.com, or your bank (Capital One Eno, Citi Virtual, TD, Bank of America etc), Blur is the only non-US option that links to your credit card ($40/y) MySudo.com offers virtual Credit Cards (+virtual phone#’s) but currently only offered to U.S. on iOS.
Photograph ALL your ID & cards and make sure the pictures are OFFline; ie on an unplugged USB drive OR on some encrypted storage.

Physical Security:
Never post that you are going away on vacation and will be back in two weeks. 65.1% of burglars know their victim

Power your Cable/DSL modem thru a timer; so it turns off for 1 hour at 2am. Backdoors & Default passwords allow botnets to use your hardware for distributed attacks, they are kicked out by a simple reboot.
Post an alarm system / beware of dog sign
Adopt a dog with a deep bark
Put a stick in the track of your sliding door before bed
Install motion lights; make sure they work
Don’t hide a spare key under the mat/above the door frame
Buy Pepper spray and a bright flashlight
Buy a Ring video doorbell, if it’s in your budget
If you find a USB drive on the ground, DON’T plug it into your PC. BadUsb and RubberDucky keys rely on curious users plugging them in.

IoT = any gadget that connects to Wifi or indirectly thru a hub
buy your IoT gadgets from a manufacturer that does frequent updates. (Google, apple) Chinese gadgets are cheap because they skimp or skip security entirely.

Router / Wifi Access Point / Firewall
If it doesn’t work securely, it won’t work for long.
Make sure your Wifi isn’t “Open” aka it needs a password. Your router isn’t just a gateway to the internet, its a gateway into your home.
Make a Guest wireless in a DMZ for Guests.
Change your router password from the default.
Ensure router management is not enabled on the WAN interface.
Upgrade your firmware; if possible enable automatic firmware updates.
Don’t cheap out here, if your router is underpowered it will slow down all your internet access. If it doesn’t support newer Wifi Frequencies you will be sharing the 2.4GHz range with everyone on your city block.
Recommended Synology Wifi Router $200 supports security plug-ins https://www.amazon.com/Synology-RT2600AC-Wi-Fi-Gigabit-router/dp/B01N5MPTG1/ref=sr_1_3?ie=UTF8&qid=1533926407&sr=8-3&keywords=synology
or
Asus RT-AC88U $230 which has AiProtect software
https://www.amazon.com/Dual-Band-supporting-AiProtection-security-Accelerator/dp/B016EWKQAQ
or if your home is all metal / wifi saturated a mesh router may be for you
Eero makes security conscious mesh routers $180/310 for 2/3 hubs
https://www.amazon.com/Dual-Band-supporting-AiProtection-security-Accelerator/dp/B016EWKQAQ

Tested by a different source:
Linksys WRT32X
Netgear R7000

Wifi:
use QR codes https://qifi.org/ or https://qrcode-monkey.com
Why? Changing passwords is a pain, but if its quick and well documented you can use longer passwords, and change them more frequently. WPA enterprise pw is domain password, prevents users from sharing passwords.
iOS has support native since v11, Android added native support in v8-ish