{"id":13827972,"url":"https://github.com/alulsh/personal-security-checklist","last_synced_at":"2026-03-02T02:31:14.908Z","repository":{"id":47739388,"uuid":"71611042","full_name":"alulsh/personal-security-checklist","owner":"alulsh","description":"Personal security checklist for securing your devices and accounts.","archived":false,"fork":false,"pushed_at":"2019-10-02T09:23:11.000Z","size":7,"stargazers_count":274,"open_issues_count":5,"forks_count":41,"subscribers_count":14,"default_branch":"master","last_synced_at":"2025-01-08T08:46:58.305Z","etag":null,"topics":["infosec","personal-security","security"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/alulsh.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-10-22T02:13:22.000Z","updated_at":"2024-12-07T17:50:03.000Z","dependencies_parsed_at":"2022-09-23T03:02:41.778Z","dependency_job_id":null,"html_url":"https://github.com/alulsh/personal-security-checklist","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alulsh%2Fpersonal-security-checklist","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alulsh%2Fpersonal-security-checklist/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alulsh%2Fpersonal-security-checklist/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alulsh%2Fpersonal-security-checklist/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/alulsh","download_url":"https://codeload.github.com/alulsh/personal-security-checklist/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":240738092,"owners_count":19849546,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["infosec","personal-security","security"],"created_at":"2024-08-04T09:02:23.151Z","updated_at":"2026-03-02T02:31:09.827Z","avatar_url":"https://github.com/alulsh.png","language":null,"funding_links":[],"categories":["Others","\u003ca id=\"Personal-Security\"\u003e\u003c/a\u003ePersonal Security"],"sub_categories":["\u003ca id=\"Web-App\"\u003e\u003c/a\u003eWeb App"],"readme":"# Personal Security Checklist\n\nTake the following steps to secure your devices and accounts.\n\n## Laptop or computer security\n- [ ] Use a strong complex password to login to your computer\n- [ ] Configure your computer to require a password after 5 minutes of inactivity\n- [ ] Configure your computer to require a password on wake\n- [ ] Learn the keyboard shortcut to lock your computer - [Windows logo + L](https://support.microsoft.com/en-us/help/12445/windows-keyboard-shortcuts) (Windows), [control + shift + power/escape](http://www.macworld.co.uk/how-to/mac/how-lock-mac-3639053/) (Mac), or [ctrl + alt + L](https://askubuntu.com/questions/126782/keyboard-shortcut-for-lockscreen-not-working) (Linux)\n- [ ] Mac: [add keychain status to your menu bar](http://osxdaily.com/2011/02/10/lock-mac-desktop-via-menu/) (`open /Applications/Utilities/Keychain\\ Access.app/Contents/Resources/Keychain.menu/`) for easy screen locking\n- [ ] Make a habit of locking your computer when you step away from it\n- [ ] Encrypt your hard drive via [FileVault](https://support.apple.com/en-us/HT204837) (Mac), [BitLocker](http://www.windowscentral.com/how-use-bitlocker-encryption-windows-10) (Windows), or [LUKS](http://www.pavelkogan.com/2014/05/23/luks-full-disk-encryption/) (Linux)\n- [ ] Enable your operating system's firewall\n- [ ] Mac: Enable [stealth mode](http://osxdaily.com/2015/11/18/enable-stealth-mode-mac-os-x-firewall/)\n- [ ] Enable a device tracking and recovery program like [Find My Mac](https://support.apple.com/explore/find-my-iphone-ipad-mac-watch) or [Prey](https://preyproject.com/)\n- [ ] Securely store and encrypt your physical backups\n- [ ] Update your operating system to the latest version\n- [ ] Update your applications to the latest versions\n- [ ] Mac: Don't use your Apple ID to login to your computer, [if hacked, it can be used to remotely wipe your Macbook](https://www.wired.com/2012/08/apple-amazon-mat-honan-hacking/). Instead use a regular Macbook login.\n- [ ] Mac: Don't forget to frequently `brew update \u0026\u0026 brew upgrade` for Homebrew\n\n## Smartphone security\n- [ ] Use a long passcode on your phone - 12+ characters, preferably alphanumeric\n- [ ] Require a passcode immediately after sleep\n- [ ] Enable [Find My iPhone](https://www.apple.com/icloud/find-my-iphone.html) or [Android Device Manager](https://www.google.com/android/devicemanager) to use remote wipe if your phone is stolen or lost\n- [ ] iPhone: Enable erase data after 10 bad passcode attempts (take good backups!)\n- [ ] iPhone: If you're really, really paranoid don't enable Touch ID\n- [ ] iPhone: Install and enable [Ka-Block!](https://itunes.apple.com/us/app/ka-block!-block-ads-tracking/id1037173557?mt=8) for mobile Safari to enable content blocking (ad blocking) on your phone. Use Safari with Ka-Block! instead of the Chrome iOS app for safer mobile web browsing.\n- [ ] iPhone: Install and use [Firefox Focus](https://itunes.apple.com/us/app/firefox-focus-privacy-browser/id1055677337?mt=8) to enable tracking protection and make it easy to delete your browsing history\n- [ ] Android: Don't use [common and predictable lock patterns](http://www.androidauthority.com/lock-pattern-predictable-636267/)\n- [ ] Android: Encrypt your hard disk\n- [ ] Android: Install and enable the [uBlock Origin add-on](https://addons.mozilla.org/en-US/android/addon/ublock-origin/) for Firefox on Android for safer mobile web browsing\n- [ ] Frequently update your operating system and apps, especially security patches\n- [ ] Frequently backup your phone and [encrypt your backups](https://support.apple.com/en-us/HT205220)\n\n## Network security\n- [ ] Find a reputable VPN service with a laptop \u0026 mobile phone client to use for hostile networks (e.g. unencrypted wifi) or as an everyday privacy guard\n- [ ] Install the [HTTPS Everywhere](https://www.eff.org/Https-everywhere) extension in your browser to prevent inadvertent HTTP connections\n- [ ] Install an ad blocker like [uBlock Origin](https://github.com/gorhill/uBlock) ([Firefox](https://addons.mozilla.org/firefox/addon/ublock-origin/), [Chrome](https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm?hl=en) or [Ka-Block!](https://github.com/dgraham/Ka-Block) ([Safari](https://safari-extensions.apple.com/details/?id=com.kablock.osx-UYW4V22L7E)) - internet ads are a common malware vector\n- [ ] Enable [plugin click-to-play](http://arstechnica.com/information-technology/2016/04/edge-to-follow-chromes-lead-make-flash-ads-click-to-play/) on all your browsers, not just your default browser, to protect against Adobe Flash vulnerabilities\n\n## Account security\nA strong complex password is at least 16 characters long (the longer the better) and has several special characters (`!@#$%^\u0026*()`). Two factor authentication (2FA) protects your account even more than a strong password.\n\n- [ ] Use a password manager like [1Password](https://1password.com/) or [Encryptr](https://spideroak.com/solutions/encryptr)\n- [ ] Use a [diceware passphrase](http://world.std.com/~reinhold/diceware.html) as the encryption passphrase for your password manager\n- [ ] Add all of your account usernames and passwords to your password manager\n- [ ] Rotate all of your old or insecure passwords with strong passwords generated automatically via 1Password\n- [ ] Make sure every password for every account is unique\n- [ ] Replace any accurate questions to security question with false answers (store false answers in 1Password)\n- [ ] Download a 2FA app on your smartphone like [Google Authenticator](https://en.wikipedia.org/wiki/Google_Authenticator)\n- [ ] Enable 2FA or two step verification on every account where available (see 2FA audit section) - add the software token to both your smartphone and [1Password](https://support.1password.com/one-time-passwords/)\n- [ ] **Immediately store your 2FA backup and recovery codes in 1Password**\n\n## 2FA Audit\nMake sure 2FA or two step verification is enabled on all of the following accounts:\n\n- [ ] [Google](https://myaccount.google.com/security/signinoptions/two-step-verification)\n- [ ] Amazon\n- [ ] Facebook - [enable Login Approval](https://www.facebook.com/settings?tab=security\u0026section=approvals)\n- [ ] [GitHub](https://github.com/settings/security)\n- [ ] [Dropbox](https://www.dropbox.com/account/#security)\n- [ ] Apple ID\n- [ ] Slack - all of your Slack teams!\n- [ ] Twitter - two step verification with SMS\n- [ ] Yahoo! - two step verification with SMS\n- [ ] LinkedIn - two step verification with SMS\n\nThis is an incomplete list! For more information about two factor authentication, see [twofactorauth.org](https://twofactorauth.org/), [Turn It On](https://www.turnon2fa.com/), and [#LockDownURLogin](https://www.lockdownyourlogin.com/).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falulsh%2Fpersonal-security-checklist","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Falulsh%2Fpersonal-security-checklist","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falulsh%2Fpersonal-security-checklist/lists"}