First of all:
I think "privacy" and "security" should be separated into separate lists.
Ergo:
Security = To prevent hackers and unauthorized parties from accessing your data or similiar.
(Example: Using two-factor authentication falls into this category)
(Example2: Locking your door is security)
Privacy = To prevent legitimate tracking made by authorized individuals or government, or the site you are visiting for example.
(Example: Disabling third-party cookies falls into this category as cookies have no security implication, same with "protecting yourself from CCTV" and such)
(Example2: Covering your peep hole is privacy)
Second, let me go through points that I think should be changed:
"Shield your Password/PIN" --> I think CCTV Should be left out. CCTVs in trusted locations like banks, stores and such can be trusted.
"Avoid using your PM to Generate OTPs" --> Good, but then you should NOT run a separate authenticator app on your desktop either.
That gives the same security risks as using the PM to generate OTPs but with the inconvience of having 2 softwares to keep track of.
Instead, if you are afraid of someone compromising the password manager, then you should use a separate DEVICE (either a separate OTP token, or phone or separate computer) to handle your OTPs.
"Don’t use a 4-digit PIN" --> Good, but without FDE on a computer, a password is TOTALLY WORTHLESS. Its childs play to pick out the drive and plug into another computer and gain full access to all files. All it takes is a screwdriver, or not even that, a little pocket knife will suffice. Some laptops might have integrated disk drive and/or tamper-resistant screws for security - some apple laptops have this, and also certain medium-grade business laptops have this. But otherwise, dont.
Its better to not have any protection at all - and KNOW its open, than be in a false sense of security and think that windows password will protect anyone from looking at your photos.
On phone its more secure even if your phone doesn't support encryption, because you would have to desolder the flash chips to gain access.
ADD:
Email:
For self-hosted email servers, consider using IP Whitelisting for endpoints requiring login (SMTP relaying outside of hosted mailboxes, IMAP access, POP3 access).
This will prevent all password-cracking bots out there.
This will ensure a correct IP AND username AND password is required.
For some mailservers, this might require you to tell the software to append the client's IP to the password, and then set your password to your password + IP.
(thus login will be impossible if you don't connect from the correct IP - basically, if you connect with the wrong IP - your password will be invalid even if you supply the correct password)
First of all: I think "privacy" and "security" should be separated into separate lists. Ergo:
Security = To prevent hackers and unauthorized parties from accessing your data or similiar. (Example: Using two-factor authentication falls into this category) (Example2: Locking your door is security)
Privacy = To prevent legitimate tracking made by authorized individuals or government, or the site you are visiting for example. (Example: Disabling third-party cookies falls into this category as cookies have no security implication, same with "protecting yourself from CCTV" and such) (Example2: Covering your peep hole is privacy)
Second, let me go through points that I think should be changed:
"Shield your Password/PIN" --> I think CCTV Should be left out. CCTVs in trusted locations like banks, stores and such can be trusted.
"Avoid using your PM to Generate OTPs" --> Good, but then you should NOT run a separate authenticator app on your desktop either. That gives the same security risks as using the PM to generate OTPs but with the inconvience of having 2 softwares to keep track of. Instead, if you are afraid of someone compromising the password manager, then you should use a separate DEVICE (either a separate OTP token, or phone or separate computer) to handle your OTPs.
"Don’t use a 4-digit PIN" --> Good, but without FDE on a computer, a password is TOTALLY WORTHLESS. Its childs play to pick out the drive and plug into another computer and gain full access to all files. All it takes is a screwdriver, or not even that, a little pocket knife will suffice. Some laptops might have integrated disk drive and/or tamper-resistant screws for security - some apple laptops have this, and also certain medium-grade business laptops have this. But otherwise, dont. Its better to not have any protection at all - and KNOW its open, than be in a false sense of security and think that windows password will protect anyone from looking at your photos.
On phone its more secure even if your phone doesn't support encryption, because you would have to desolder the flash chips to gain access.
ADD: Email: For self-hosted email servers, consider using IP Whitelisting for endpoints requiring login (SMTP relaying outside of hosted mailboxes, IMAP access, POP3 access). This will prevent all password-cracking bots out there. This will ensure a correct IP AND username AND password is required.
For some mailservers, this might require you to tell the software to append the client's IP to the password, and then set your password to your password + IP. (thus login will be impossible if you don't connect from the correct IP - basically, if you connect with the wrong IP - your password will be invalid even if you supply the correct password)