Quick security recommendations for your devices
Posted2024.11.28
Quick security recommendations for your devices
People often ask us where they can start, what are minimum steps they should consider taking in an effort to better protect their devices. In this post we share what we are recommending as the first, often most effective and most important items.
General
- Use unique and strong passwords for each account, using a password manager to safely store them.
- Use two-factor authentication (2FA) on supported accounts. As a first choice, consider using hardware devices (also called security keys). Otherwise you can also use apps or programs that generate time-based one-time passwords (TOTP). Avoid using SMS for 2FA if you can.
- Avoid using biometrics (face ID, fingerprint scan) as an authentication method. We explain why in the guide on passwords.
- Delete old files, documents, pictures, screenshots and chat history that you do not need on your device. Securely back up as necessary before removal.
- If you can, avoid installing social media apps: you can use them by accessing their website with your browser instead.
- Restart your device frequently. This ensures updates are applied properly and reduces the risk for cases of non-persistent malware.
2FA hardware token recommendations:
2FA TOTP recommendations:
Further reading:
- Creating Strong Passwords
- Privacy Guides - Threat modeling article
- Security Planner recommendations
- Open Brienfing - Digital security guidance
- Surveillance Self-defense - Security plan
Android
- Check that your Android is up to date and that both your version of Android and your device are still supported (check Samsung, Google Pixel, Nokia or Motorola. For other models, see C. Scott Brown's article on the phone update policies from every major Android manufacturer).
- Automatically update your apps.
- Enable Play protect.
- Review the permissions your apps have access to.
- Review installed apps and uninstall any unneeded/unknown ones.
- Ensure apps can only be installed from trusted sources.
- Set a longer password (not a PIN or a pattern) to protect access to your device.
Further reading:
iOS/iPhone
- Check that your iOS version and device are still supported and up-to-date.
- Automatically update your apps.
- Review the permissions your apps have access to.
- Review installed apps and uninstall any unneeded ones.
- Switch on the lockdown mode, which will also make it harder to compromise your device.
- Set a long passcode to protect access to your device.
Further reading:
Windows
- Ensure you are using a supported version of Windows with automatic updates enabled.
- Make sure that any software installed via the Microsoft store is set to automatically update.
- Ensure Windows Defender is turned on. Activate Microsoft Defender rather than using a third-party antivirus.
- Consider using Hardentools to disable some often abused features.
- Consider using Simplewall to monitor where you computer is connecting to.
- Ensure Bitlocker - or Device Encryption - is turned on.
- Ensure your computer requires a strong password to log in.
- Review installed programs and remove any that are no longer needed.
Further reading:
macOS
- Ensure macOS automatic updates are enabled and that you use a supported version of macOS.
- Consider using LuLu to monitor where you computer is connecting to.
- Make sure FileVault is enabled.
- Ensure your computer requires a strong password to log in.
- Review installed programs and uninstall any that are not needed.
Further reading:
Ubuntu Linux
- Ensure that your version of Ubuntu is still supported and that you are keeping it and the installed software up-to-date.
- Enable the Firewall or consider using OpenSnitch to monitor where you computer is connecting to.
- Ensure LUKS encryption is enabled when you install the operating system.
- Ensure automatic login is disabled and your account is set up with a strong password.
Further reading: