markdown guide
 
  1. I keep my software up to date. If you do nothing else on this list, do that.
  2. I use Signal.
  3. For Windows before 10, I used to use EMET. It blocked a few Firefox crashes that were either non-reproducible bugs or active exploits over the years. :)
  4. For Linux, I use the grsecurity kernel patches. (I run Debian with the dotdeb repositories for PHP 7.)
  5. I do most of my casual Internet browsing with Tor Browser (via torbrowser-launcher) inside of a virtual machine. Once a site is trusted, I'll actually visit it in my host OS.
  6. I use password managers. Mostly LastPass (for casual use) and KeePass (for high-security use).
  7. I encrypt my hard drives (with a 64-character passphrase) and smartphones (with a passphrase, not a PIN).
 

What do you store in Keepass that falls under high security use? Why not just use KP for everything?

 

Maybe he just prefers the UI of LastPass over KeePass, and is willing to compromise on some security for usability?

 
 

One of the biggest measures is not exposing it online like that :)

 

To take it even one step further, Even I did not exposing anything should I write a comment for questions like this at all?!
Some sort of Privacy Paranoia! :D

 

I've had to increase my laptop security on two different occasions two totally different ways - I'm looking forward to this thread to fill in some gaps.

~5 years ago someone got into and locked me out of several of my social media and email accounts by 1) me not logging myself out at the end of my session (on their computer), and b) successfully guessing my security questions. This was before MFA was near-standard, so I at least implemented my own version with notifications/email. I then set MFA up as soon as it was available. I've beefed up my security questions and use LastPass as a PW manager (that never remembers me). I also only use my own laptop, or another computer I strongly trust. I also have a backup email and phone contact number.

The second time my laptop was physically stolen from my apartment. Luckily I'm confident my password was strong enough, and there was very little data stored on the machine - everything was backed up and also stored in 'the cloud.' Since then I've moved out and encrypted my HDD. I hope to get a kensington lock soon to try and bolt down the machine if I have to leave it at home. The laptop webcam is also covered.

 
  • Password manager (1Password)
  • 2FA wherever possible
  • Disk encryption (FileVault)
  • Network filter (Little Snitch)
  • File access filter (Little Flocker)
  • Micro/Webcam access warning (Micro Snitch)
  • Persistent install warning (BlockBlock)
  • Being careful when installing software (Brew if available)
  • Block ads (uBlock/1Blocker)
 

All the normal stuff (password manager, encryption), plus I unsubscribe from every online service that gets pwned, or is otherwise using bad security practices (like, sends forgotten passwords over email). And yes, that means I can no longer have a Tumblr, LinkedIn, or Adobe account, but these are the breaks.

 

Two tier network at home: DMZ for consumer stuff, "critical" for work. iPhone over android. Moving to yubikey for auth and code signing. Make sure that second-hand cars we buy don't come with adobe flash.

Still vulnerable to leakage of personal data from many sites, and wilful actions of installed phone apps like airline check in ones. Run 1+ of: Maven, apt-get or brew every single day on that critical development laptop

If I consider where I am most vulnerable, it is in that automated download and execution of developer tools and application libraries, To put it another way: the code I've written over the years runs on thousands of developer boxes every day. These people are relying not just on my competence, but my goodwill and the quality and detail of the peer review process in those OSS projects.

Video: youtu.be/tcRjG1CCrPs

 
  1. Keep up to date
  2. Don't do stupid
  3. Backups
  4. Backups
  5. Backups
  6. Backups
  7. Password Manager
  8. Using the Password Manager
  9. Catch-All Emails to detect and pinpoint leaks (I recommend using a suffix like "-ca" to filter out any spam from Catch-All, google is f.e. "google.com-ca@example.com")
  10. U2F
  11. In case 10 fails, 2FA using Google Auth or similar apps
  12. Don't use SMS or DIY-2FA (looking at you Steam)
  13. uMatrix for Malware Domains (not ads)
  14. ABP to block almost malicious ads (enabled acceptable ads because personal reasons)
  15. Backups
  16. Encrypting the important stuff (I don't see the usefulness of fulldisk encryption on anything but portable devices)
 

I've physically removed the webcam, microphone, hard disk, and bluetooth/wifi chip out of my laptop. I boot the machine with a USB Tails w' persistent encrypted volume. I will be disabling Intel's Management Engine firmware a la hackaday.io once my Beagleboard arrives.

 
  1. All software updated. Work windows laptop protected with AV/ Firewall/ Host IDS/Disk Encryption. Home MBP always updated with disk encryption.
  2. Always use HTTPS
  3. I use iPassword to manage and generate passwords.
  4. Always logout at the end of session from any website.
 
  • Don't install Flash (or any browser plugins), disable it if a browser comes with it preinstalled (Chrome)
  • Full disk encryption for all devices.
  • Password manager (1Password) with unique passwords for every service.
  • Use devices that have biometric login (e.g. Fingerprint) so people don't see you typing in your password, and it's not recorded by a security cameras (may sound silly but think this will become a new attack vector in the future).
  • Try to point computer screens away from windows (as in the glass kind, not the OS). All it takes is a competitor renting an office opposite yours, and armed with a high powered telescopic camera.
  • Use an AdBlocker.
  • Try to get all my software from official app stores (Mac App Store)
 

Sorry to answer with a question, but how does encrypting your hard drive affect your software development environment, VMs etc.? Does it make things slower?

Recently started using Tor/Signal/ProtonMail, 2FA.

 

AFAIK it has no effect on read speed, and very slightly slows down write speed, but not noticeably.

 
  • Private VPN on all devices <------ !!! (I use PIA, but really: they're all so cheap, you're crazy not to use one.)
  • Password Safe for storing/generating passwords (Handy and works on all devices.)
  • Minimum password length 12 characters
  • Don't do business with or give PII to unverifiable sites. Seriously, know who you're doing business with!
  • Whole disk encryption on my linux box (and it is built in on my work laptop)
  • Periodically review list of devices connected to my network, and make sure I can identify who/what they are
  • For streaming accounts, periodically change password and/or kick off any registered devices that I can't identify
  • Set PIN's for online purchases when possible (e.g., Amazon)
  • Hushmail (I don't use this much, but I keep an active paid account just because I want to be able to send encrypted mail sometimes.)
  • Webcam unplugged when I'm not using it
  • My financial information and will, &c are on a hidden VeraCrypt volume. My wife has a poop sheet on how to find it and get into it. The volume itself is on a USB drive.
 
 

I got a aluminum baseball bat in my room, althought i think its for softball. Two-step verification and secondary email account and phone number. Linux (Debian) my main OS. Is it weird that i don't trust password managers? i mean, i rather memorize the passwords, even if there are a lot. I use AdBlock, but im guilty of whitelisting some of my favorite content creators.

 
  • Password manager (1Password)
  • 2FA on all supporting sites
  • Network filter (Little Snitch)
  • Micro/Webcam access warning (Micro Snitch)
  • AdBlocker on laptop/phone (1Blocker)
  • VPN that automatically connects on all untrusted WiFi networks
  • Periodic review of connected devices, security/privacy settings and deletion of unused accounts
  • Separate browsers for work/private browsing

All in all pretty average, could be better, could be worse.

 

I do almost nothing, and it's terrible. I should know better.

I've recently started using uBlock Origin. I used Adblock Plus before that, but that was to avoid seeing & loading ads, not to protect myself. Installing uBO was intended as a security & privacy measure.

 
  1. Use different passwords for each service

  2. Keep software up-to-date

  3. Only use a single card for online purchases, hidden behind Paypal

  4. Use Single Sign On (SSO) for a secondary social media account, rather than my primary email address

  5. Do not use public computers for access

  6. Encrypt hard drives

  7. Do not put anything online that I do not want there

  8. Notifications on accounts so that I know what is going on with my account at all times

  9. 2 factor authentication where possible

 

Lie uniquely when forced to answer security questions. But, record those lies in a safe place (encrypted password manager works). (Bonus: It's always fun to tell a service rep. that your high school mascot was the cockroach.)

 
  1. Keep my software up to date.
  2. I encrypt files with gpg
  3. I use Signal
  4. I use Tor
  5. Different passwords
  6. I use MiniKeePass on iOS
  7. I use 2FA where possible
 
  1. Update software regularly
  2. Use 2FA wherever possible
  3. Use complex passwords generated by 1Password
  4. I have an interactive firewall on my Macs (HandsOff!)
  5. All the security features of macOS enabled
 
  1. I created a small program to save my passwords using algorithm of combination of some words and site link.
  2. I use TOR.
  3. I use 2FA.
  4. I Tapped Webcam and microphone.
 
  • 2FA wherever I can
  • LastPass & randomized passwords everywhere
 

I use a password manager, I think my phone's encrypted.

 
  1. Stay logged out of Facebook. No idea how it's secure, but f*ck it.
  2. 1Password! DUDURU DUUUU
  3. Private Internet Access! DUDURU DUUUU

  4. Body Guard.... Just kidding I'm not the queen.

 

I don't know most of my passwords. Password manager to keep, and autogen.
Keep updated software. Ad Block. NO FACEBOOK GAMES!

 

I use LastPass (it helps me to keep not forgetting credentials of both my personal stuffs and at work stuffs).

 
 
  1. Updates, always updates
  2. Password manager and long passwords, very long passwords. Passwords you will never want to enter by hand.
  3. Two Factor Auth anywhere I can.
  4. Ad Blocker.
 
Classic DEV Post from Dec 12 '18

Describe Your Job With a GIF!

Describe Your Job With a GIF!

Ben Halpern profile image
A Canadian software developer who thinks he’s funny.