Habits that prevent the most common account and device compromises.
Stores/generates unique passwords so you do not reuse them across sites.
A second proof beyond a password; blocks many account takeovers.
Messages that trick you into giving secrets or installing malicious software.
Give accounts/apps the minimum access needed; reduce blast radius.
3 copies, 2 different media, 1 offsite/offline copy.
One password per site prevents one breach from becoming many breaches.
Passwordless login using device keys; resistant to many phishing attacks.
Patch known vulnerabilities quickly (OS, browser, apps).
Use a strong PIN/biometrics and auto-lock to protect physical access.
Protects data at rest if your device is lost or stolen.
Store account recovery codes securely (offline) for emergencies.
App/hardware MFA is safer than SMS, which is vulnerable to SIM swap.
Attackers hijack your phone number.
Mitigation: carrier PIN + avoid SMS MFA.
Assume public networks are hostile; avoid sensitive actions or use trusted protections.
Encrypts traffic in transit; verify for sensitive logins and payments.
Extensions can read pages and data. Install few; remove unused.
Review app permissions periodically; revoke what you do not need.
A backup is only useful if restore works; test restores occasionally.
Malware that encrypts data. Best defense: offline backups + updates.
Attackers exploit trust and urgency. Slow down and verify via a second channel.
Treat reset emails/links as high risk; verify the sender and domain.
Enable login and security alerts to detect compromise early.
Hardware keys provide strong phishing-resistant MFA for critical accounts.
Monitor for breaches and rotate passwords when an account is exposed.