Security is not a product you buy; it's a process. You can't just install antivirus software and call it a day. The modern threat landscape requires a Defense in Depth strategy: overlapping layers of security that ensure if one layer fails, another catches the attack.
Use this interactive checklist to audit your current digital security posture. Go through each section, and check the boxes as you complete the steps.
Note on Progress
This checklist relies on your browser's local storage to save your progress. We do not track your answers on our servers. If you clear your browser data, your checklist progress will be reset.
Level 1: Core Accounts & Passwords
Install a Password Manager
You cannot memorize 100 unique, complex passwords. Use Bitwarden, 1Password, or KeePassXC to generate and store your credentials. Stop using your browser's built-in password manager.
Never Reuse Passwords
Password reuse is the #1 way accounts are hacked in credential stuffing attacks. Ensure your email, banking, and social accounts all have unique, random passwords at least 14 characters long.
Test your password strengthEnable Two-Factor Authentication (2FA)
Turn on Authenticator App (TOTP) or Hardware Key (YubiKey) 2FA for all critical accounts. Avoid SMS (Text Message) 2FA as it is vulnerable to SIM-swapping attacks.
Check for Data Leaks
Verify if your current email addresses have been exposed in recent data breaches, and change the passwords for any compromised services immediately.
Check email for leaksLevel 2: Privacy & Compartmentalization
Stop using your primary email for junk
Your bank and your doctor should have your real email. Forums, newsletters, and random web apps should not. Get comfortable using disposable or alias email addresses.
Open Temp Mail ToolLie on unnecessary forms
When an app demands a residential address or phone number for no valid reason, provide fake data to ruin their data brokering efforts.
Open Fake ID GeneratorLock down social media
Set Instagram, Twitter, and Facebook profiles to private. Remove your phone number from your bio, hide your birthday, and decline to share your contacts/address book with the apps.
Level 3: Browsers & Devices
Install uBlock Origin
The single most important browser extension. It blocks malicious ads (malvertising) and thousands of tracking scripts across the web.
Automate Updates
Turn on auto-updates for your Operating System, Browser, and all apps. The vast majority of malware exploits known vulnerabilities that have already been patched by developers.
Enable Full Disk Encryption
Ensure BitLocker (Windows), FileVault (Mac), or LUKS (Linux) is enabled. If your laptop is stolen, the thief will not be able to read your files without your login password.
Use a trusted VPN on public Wi-Fi
Never log into bank accounts or transmit sensitive data on unpaid, public Wi-Fi (airports, cafes) without a reputable, paid VPN like Mullvad or ProtonVPN securing your traffic.