Another year has come and gone. And with the new year upon us, let’s resolve to take some affirmative steps to improve our privacy and security! I’ve split the list up into three parts: Basics, Next Steps and Going Beyond.
New Year’s Resolutions: Basics
These are my top tips which I recommend all the time. I would recommend checking all of these off before proceeding to the “next steps” list.
- Use a password manager. Humans are horrible at picking secure passwords and the bad guys know it. You need long, strong, unique passwords for every account – and the best way to do that is by using a password manager to generate and store all your passwords. See last year’s article for more info. I recommend you use BitWarden or 1Password (and not LastPass).
- Use two-factor authentication. Strong passwords are necessary, but sadly not sufficient. Today, you need defense in depth – or, as I like to put it, you need a belt and suspenders. Most important sites today support two-factor authentication (2FA), sometimes called multi-factor auth (MFA). I would set up 2FA on financial, medical, social media and email accounts, at a minimum. If possible, use an authenticator app like Authy. But if only your only option is text-based 2FA, it’s way better than nothing.
- Use a privacy-protecting browser. Chrome is the most popular browser on the planet. It’s pretty secure, but not private. You should switch to a browser built to protect your privacy like Firefox or Brave. Safari for Mac is good, too. Beware popular browser plugins – they can also track you and steal information. However, I would install a tracking blocker like uBlock Origin or maybe Privacy Badger.
- Secure your devices. Modern computers and smart devices run software – and bugs are found in software all the time. As soon as those vulnerabilities are discovered, bad guys swoop in immediately to exploit them. You need to make sure your operating system and applications are kept up to date with the latest software, which often contains important bug fixes. You should also make sure your smart devices (particularly your Wi-Fi router), are updated and configured for maximum privacy and security. I have a whole series on this, but the software update part is here.
New Year’s Resolutions: Next Steps
Once you’ve completed the basics, there are many more things you could do. My book has over 200 tips in it. But here are some choice ideas for your 2024 to-do list.
- Use email aliases. Your online account credentials consist of two parts: a user name and a password. Today, most websites require you to use your email address as the user name. Because most of us only have one or two email accounts, that means the bad guys can pretty easily guess the first half of all your account credentials. But you can actually create unique email addresses without having to have multiple accounts. See this series of articles for details.
- De-Google your life. Google is an advertising company. They make money by knowing as much about you as possible and then feeding you targeted ads. This is a direct conflict of interest for privacy. Google has a ton of useful services, but almost all of them have privacy-respecting alternatives that are just as good. See how many you can replace.
- Try out passkeys. Passkeys have significant advantages over regular passwords. They’re very strong and they’re never stored outside your biometrically-locked devices. They aren’t perfect and support is still not widespread, but this is the year to learn how they work and try them out. You can learn more here.
- Plant your flag. There are many accounts that everyone has – including some you may not be aware of. If you don’t affirmatively claim these accounts for yourself, bad guys can do it on your behalf and cause you a ton of grief.
- Have an emergency plan. Using password managers and having two-factor authentication is great for security. But if you forget your password or lose your two-factor authentication device, you could be locked out. Or if you become incapacitated, your family may have no way to access crucial accounts or information. It’s crucial that you have a backup plan and that you share it with at least one other person close to you.
- Learn to communicate securely. I personally think we should communicate securely and privately all the time. But sometimes it’s less convenient and it usually requires the recipient to cooperate. Nevertheless, you should know how to send a private message or exchange sensitive files when the need arises. Encrypted email can do both.
If you’ve completed all of these tasks or if you just want some different options, never fear – I have a lot more ideas!
- Help others. We’re all in this together. Security and privacy aren’t just “me” things – they’re “we” things. If you have the time and patience, you should absolutely help your friends and loved ones to protect their devices and data, too. Again, my book has an exhaustive list of tips with complete instructions, but you can also take a look at this article for some great ideas. (If nothing else, you can just share this article others.)
- Vote & advocate. In the US, it’s a big election year. Security and privacy are important to each of us and to democracy in general. If you haven’t registered, do so. If you have, verify your registration well before the election. The Vote.gov site can help with both, or find your state’s election site here. Also, I strongly encourage you to reach out to your current elected representatives to voice your concerns and lobby for privacy protections. If you’ve never done this before, commit to doing it just once, so you know how it’s done. The Electronic Frontier Foundation has some great tips and tools here. (I recommend using an email alias and avoid giving out your phone number, if you can help it. These online contact forms will get you on many lists.)
- Donate to privacy orgs. There are many wonderful and highly effective civil liberties organizations out there. Most of them rely on donations. And if you can’t bring yourself to lobby directly with your representatives, these groups are working hard 24/7 to protect your rights. Check this article for suggestions.
- Try out my podcast. Every week, I bring you the security and privacy news you need to know. I also interview top experts with amazing insights. Check out my ‘best of’ episodes here and here to get a good sampling. And if you like them, share them with your friends and family, too.
- Other ideas & resources. If you want more ideas, start by reviewing my past New Year’s Resolutions articles: 2023, 2022, 2021, 2020, 2019. You might also check out my Data Privacy Checklist, which I update once a year around Data Privacy Week (which is coming up soon).
I’ve got some great new ideas for 2024 that I’ll be publishing soon as a two different series of articles. I don’t want to say much more right now, but if you subscribe to the newsletter, you’ll be sure to get them!
Need practical security tips?
Sign up to receive Carey's favorite security tips + the first chapter of his book, Firewalls Don't Stop Dragons.
Don't get caught with your drawbridge down!