Basic Security Guide

This guide outlines basic steps for securing your digital life, assuming you're already convinced that privacy and security are important. Focus is on harm reduction - It’s like putting on your digital seat belt.

Notes:

• I’m not an expert! Please do your own research. These are my personal recommendations.
• This guide is intended to be paired with a conversation. Explanations are omitted to keep things as brief & manageable as possible.
• This guide is not exhaustive, but it's a good starting point.
• This is going to be a challenge, and probably won’t be particularly fun. This is a new skill to work on!
• A few steps have a financial cost to them. Free alternatives are usually available. This guide aims to minimize cost and maximize impact.
• For folks who are more of an expert than me, please feel free to free to submit a pull request with your suggested changes.
• You don’t need to do everything at once!

Summary:

1. Secure your computer & phone
2. Set up password manager
3. Set up automated backups

—

Physical Safe Storage (Emergency Binder)

• CRITICAL: Identify your physical safe storage space. This step is critical. Your entire identity will rely on this being secure, so please take your time with this. (Fireproof home safe, safe deposit box, etc.)
• Set up emergency access protocols for your safe storage space. (Give a key to a trusted person, etc.) Again, trust this with your life.
• Consider setting up a duplicate backup safe in another trusted location. (Family members home, bank, etc.)
• Find a physical binder that fits in your safe. This will be your “emergency binder” - used to hold your most important information.

Computer Initial Setup (Mac)

• If your computer was purchased by anyone other than you, buy your own computer. (Do not use a work computer for anything other than work.)
• Set a login password for your account. (See https://www.eff.org/dice)
• Consider disabling face ID or fingerprint login. (You can be forced to touch or look at something, but not give out your password.)
• Update your operating system to the latest version and turn on automatic updates.
• Enable FileVault disk encryption, print the recovery key in your emergency binder.
• Turn on screen lock for both time-out and when lid is closed.
• Turn on Find My.
• Install Firefox (or Librewolf) and set as default browser
• Set DuckDuckGo as the default search engine
• If you loan your computer to anyone else, enable guest account.

Phone Setup

• If your phone was purchased by anyone other than you, buy your own phone. (Do not use a company phone for anything other than work.)
• If you installed apps from your workplace, factory reset your phone and do not install them.
• Install the latest OS updates and turn on auto-update.
• Download apps:
  • Bitwarden
  • Bitwarden Authenticator
  • DuckDuckGo browser
• Set Bitwarden as your default password manager (system settings)
• Download the DuckDuckGo app, and use this as your web browser.
• Set up face ID, but do NOT set it to unlock your phone. (You will use face ID to further secure apps later.)
• Set a 6+ digit pin as your login.
• If you use financial apps on your phone, enable face ID for them.

Password Manager

• CRITICAL: Generate a long passphrase and memorize it. (Share with no one. See https://www.eff.org/dice)
• Write your passphrase it in your secure notebook.
• Create a Bitwarden account: https://bitwarden.com/ (For the hint, write that it’s in your secure location, but do not say the location. Anyone can see this.)
• Set up two-step login. (Authenticator app is preferred, but any is ok.) Print the recovery codes in your emergency binder.
• Add/import all your passwords into Bitwarden.
• Install Bitwarden browser plugin
• Set up family account & configure sharing groups (optional)
• Set up Bitwarden emergency access https://bitwarden.com/help/emergency-access/ (optional, but highly suggested)
• Review the reports in Bitwarden and correct as many issues as you’re able.

Computer Backups

• Buy (or find) a small portable drive at least 2x your computer drive size. (Suggested: Samsung T7 Shield.)
• Set up automatic backups (Mac: TimeMachine, Windows: Backup and Restore.) on the portable drive. Be sure to enable encryption and use a long passphrase. See https://www.eff.org/dice.
• Write down your encryption key in Bitwarden or your emergency binder.

—

Improve Security Over Time

• Update any passwords used on multiple sites or that are obviously insecure, e.g. “abc123”. Use a unique, randomly-generated password for each site.
• Enable two-step login (two-factor authentication, 2FA) everywhere you can, starting with the most important sites.
• Replace insecure apps and services with more secure ones. This is a life-long process.

Regular Maintenance (scheduled)

• Put repeating reminders into your calendar for these regular maintenance items.
• Back up Bitwarden https://bitwarden.com/resources/guide-how-to-create-and-store-a-backup-of-your-bitwarden-vault/
• Review Bitwarden reports and correct as many issues as you’re able.
• Review which apps have location services turned on for them (computer & phone)
• Review if you can move away from insecure systems to more secure options.

Review & Confirm

• Your computer and phone are up to date, have encryption enabled, and have log-in passcodes.
• You have an emergency binder in a secure physical location.
• You have your Bitwarden master password in your emergency binder.
• You have recovery codes for all encryption & two-step authentication in your emergency binder.
• You have all your passwords in Bitwarden, and are working to update insecure items.

Further Reading

• Lots of good information & recommendations: https://www.privacyguides.org/en/
• A good guide: https://ssd.eff.org/
• Lots of FAQs: https://www.reddit.com/r/privacy/wiki/index/
• Emergency sheet example: https://passwordbits.com/password-manager-emergency-sheet/