Habits that prevent the most common account and device compromises.
Password manager
Stores/generates unique passwords so you do not reuse them across sites.
Multi-factor authentication (MFA)
A second proof beyond a password; blocks many account takeovers.
Phishing
Messages that trick you into giving secrets or installing malicious software.
Least privilege
Give accounts/apps the minimum access needed; reduce blast radius.
3-2-1 backups
3 copies, 2 different media, 1 offsite/offline copy.
Unique passwords
One password per site prevents one breach from becoming many breaches.
Passkeys
Passwordless login using device keys; resistant to many phishing attacks.
Software updates
Patch known vulnerabilities quickly (OS, browser, apps).
Device lock
Use a strong PIN/biometrics and auto-lock to protect physical access.
Full-disk encryption
Protects data at rest if your device is lost or stolen.
Recovery codes
Store account recovery codes securely (offline) for emergencies.
SMS vs app MFA
App/hardware MFA is safer than SMS, which is vulnerable to SIM swap.
SIM swap
Attackers hijack your phone number.
Mitigation: carrier PIN + avoid SMS MFA.
Public Wi-Fi caution
Assume public networks are hostile; avoid sensitive actions or use trusted protections.
HTTPS
Encrypts traffic in transit; verify for sensitive logins and payments.
Browser extensions risk
Extensions can read pages and data. Install few; remove unused.
Permissions audit
Review app permissions periodically; revoke what you do not need.
Backup testing
A backup is only useful if restore works; test restores occasionally.
Ransomware
Malware that encrypts data. Best defense: offline backups + updates.
Social engineering
Attackers exploit trust and urgency. Slow down and verify via a second channel.
Password reset safety
Treat reset emails/links as high risk; verify the sender and domain.
Account alerts
Enable login and security alerts to detect compromise early.
Security key (FIDO2)
Hardware keys provide strong phishing-resistant MFA for critical accounts.
Data breach monitoring
Monitor for breaches and rotate passwords when an account is exposed.