If you are talking to someone who is not currently using:
* A password manager
* MFA on most or all accounts that allow it
* An up to date operating system on all of their devices
Please stop yourself from recommending:
* A VPN
* Tor
* Tails (or any variations/equivalents)
Just… rewind a bit and help with the first items first.
It often feels like tech geeks love to recommend solutions to the avant garde horrors of Pringles cans (ht James Mickens), ICANN, and ISPs (who hate retaining data unless forced to do so) while ignoring the threats posed by password reuse, depending on passwords for security in the first place, or keeping your system patched.
It's like telling someone whose last oil change was five years ago all of the user-accessible parts they can swap out to make their car run better.
@hrefna
Ugh I *almost* got my dad to start using password manager, and then he read about the LastPass hack. I've personally since switched to Bitwarden but he went back to his file of passwords made from variations on a theme.
They're not the worst passwords, and that's a big step up from using the exact same password everywhere, but I'd really like to get him on something more secure. I'll try again on hardware keys for email and the financial accounts.
@hrefna The other day I was at the grocery store and the checkout person was chatting to me about work. When I mentioned what I do she was like "wow I bet you never get hacked!"
It was great when I told her "actually, somebody tried to access my amazon account the other day. I learned about it because I set up text notifications and MFA. I recommend it!"
So many people think that to have good security you need to be super smart or have niche knowledge, when the best answers are so often the simplest
(and yes I know SMS MFA isn't perfect, but I'm really not in a high enough position to be at risk of SIM spoofing)
Hrefna (DHC)
smolwaffle
Tom
Dio9sys