1)Don't set the same password for all your websites and apps.
Once one of those accounts is hacked, all your other accounts could be bumped and the damage could be huge.I know a lot of people who use strong passwords for asset-related apps and uniform weak passwords for unrelated ones, which is very wrong.Every day companies leak security information, which could then contain information about one of your infrequently used accounts, which in turn could be used for phishing or social work, exposing you to endless risks.
You can use a paid tool like 1Password / LastPass to generate random passwords each time and manage account information, or you can use a free open source tool like KeePass that works pretty much the same.Our aim is clear, to keep the damage caused by hacking of individual accounts to a minimum.
2)Don't let your phone run naked.
Set a screen-on password, fingerprint recognition or facial recognition, back up the whole phone in time, and turn on the switch that automatically destroys data on the phone when you continuously enter the wrong password. Don't Root your phone, whether you use an iPhone or an Android phone, update to the latest system at the first opportunity and don't let security vulnerabilities in your old system become vulnerable to attack.
3)Do not save sensitive photos in your phone album.
Such as passport information page, front and back of ID card, etc. Credit cards can be charged as long as they have card number, expiry date, name and CVV code, so don't take photos to store in your phone either. Be careful with any third party 'cloud albums' and don't trust the so-called privacy protection clauses, they will 100% analyze every single photo you take.
4)Don't swipe your credit card while traveling abroad.
Most of our credit cards are magnetic stripe cards without a security chip. The magnetic stripe information and PIN code are likely to be recorded by the merchant's machine during payment. In theory, Alipay and WeChat payments are safer than credit cards.
5)Don't use free 'internet tools'.
They come under the banner of free, but in reality they are highly likely to intercept your communications and steal data. If you have the energy, buy your own VPS and build it, if you don't have the time, rent a flyer from an old vendor.
6)Don't use shared network apps like Tencent Mobile Manager, WiFi Master Key...etc.
Once used, your router SSID and password are uploaded to the server, and other users can use it once they search for a matching signal. You wouldn't want your own WiFi network to be available to anyone, would you?
7)Don't use their WiFi in public places (including but not limited to airports, train stations, coffee shops, hotels...etc).
Often people use malicious nodes with names close to the official SSID to lure you to connect, these WiFi signals are usually named "Airport_Free_WiFi_5G", ""Coffee_Free "" and so on, which is very tempting and makes it hard for you to tell if it's the actual WiFi provided by the venue.
To avoid having your accounts and privacy stolen while you're communicating over the internet, play it safe and use your own phone as a hotspot. Dealing with important matters usually doesn't take too long, and besides, traffic isn't expensive these days.
8)Don't download apps from sources of unknownorigin.
iOS can only be downloaded from the Appstore, while Android can be downloaded from its own official app store or a well-known third-party store. Be especially cautious of all kinds of 'cracked' software, as you can't be sure if there's a backdoor in it or how many times it's been 'repackaged'.
So don't be cheap, if this software is really useful for you, then you should spend money on the genuine version and avoid the hassle. If you can't, go to the official website and download the genuine installer then go to Taobao and buy the registration code from a legitimate channel, which is also much safer than you going to download the cracked version.
9)Do not use any third party input methods.
Input methods from vendors such as a certain dog, a certain degree... will explicitly upload all your input and system pasteboard information for analysis, and some people even copy and paste private keys with a third party input method open. You never know in what way your information will flow to the black market and why the private key is copied once and stolen, instead, use the system's own input method.
10)Don't just open your screen recording permissions to a third party app unless you know it insideand out.
11)Do not enter your password in areas where there are cameras in the vicinity.
Use fingerprints or facial recognition instead, and if you can't, hide in the dead center of the camera and go back to the original place after you're done, which is how a famous bigwig in the circle got his coins stolen.
12)Do not discuss private or sensitive topics in QQ or WeChat.
Choose end-to-end encrypted communications software like Telegraph and Signal.
13) Set upall your accounts that can set up secondary authentication 2FA, giving preference to Google Authenticator over SMS authentication.
You can use Authy instead of the official Google one, as it has both desktop and mobile and can back up in real time.
14)Tape the camera on your laptop with opaque tape.
When it is called maliciously, it can access a lot of information about you, and hackers can even find traces of your address, where you store your offline private keys, through constant detection.
15)Browsers can install the AdGuard plugin.
It filters website ads and cookie tracking.
16) If you have to pass your account password to another person remotely in certain situations, I'll show you a way: split your account password into two segments, A and B, and send them to each other in two separate communications programs.
For example, I can send the first half of my password in WeChat and then send the second half of my password by telegram. By doing this, even if your Wechat chat is being listened to, the eavesdropper cannot know the entirety of the content.
17) When using Chrome, turn off "Send Do Not Track requests with browsing traffic" in "Settings - Privacy & Security - More".
Unless there is a need to log in to your account, it is recommended that you often use anonymous mode to browse the web.
18) macOS users turn on "File Safe" in "System Preferences - Security and Privacy".
This way, even if the computer is stolen, the other party cannot read the data on the hard drive. If you are sure that the stolen device cannot be recovered, log in to iCloud and wipe all the data from the device.
19) Hotels generally have safes, so be sure to lock your valuables in the safe if you can't take them with you.
The housekeeping staff's 'universal house card' can be easily stolen, so you should default to them being untrustworthy and sleep with the house safety lock fastened at night.
20) The sender of an email can be forged.
In any case, you should give priority to logging in to the corresponding website to confirm the information, rather than directly clicking the link in the email. For example, in the case of a confirmation email such as "Request for withdrawal", you should give priority to entering the verification code in the email at the website to complete the operation (if supported).
21) Use a search engine that protects privacy
- Remove your IP address from communications
- Remaining anonymous while browsing web content
- Stop third-party advertising systems from tracking your personal information
- Stop building a user profile based on your personal web activity
I only use Google back when I can't find the content I want.
22) Encrypt your data
If you can't live without online drives like iCloud, Google Drive, DropBox, then be prepared for your data to be hacked one day. While large corporations will invest a lot of budget in encryption, data security, you still can't deny that.
As long as the data is still on the other server, then it is effectively out of your control.
Most online storage providers only encrypt data during transmission, or they keep their own keys for decryption. These keys can potentially be stolen, copied or misused. Therefore, give yourself the benefit of the doubt and use an open source, free tool likeCryptomatorto encrypt your data.
This way, even if your internet service provider is hacked, the odds are that your data will still be safe.
23) Input method
It is better not to use any third party input method and use only the one that comes with the system.
Now I'm going to add an option, and that's the "rattle tube", which has many advantages.
- Excellent performance and low resource usage
- Rarely does the page get stuck when you hit the first word
- Fully open source, no backdoors, no uploading of content
- Powerful traditional characters
- Extremely high freedom of customization
I'm usingplaceless's duplex configuration and think it's pretty good, so if you're a duplex user, try his configuration.
24) Access only HTTPS sites
- Install the pluginHTTPS-EVERYWHERE.
- It automatically activates HTTPS encryption protection for all known supported parts of the website you visit, preventing information about your interactions with the website from being eavesdropped or tampered with.
- When accessing the site, there is a clear alert if the transmission is in clear text.
25) Open suspicious attachments using Google Drive
You often receive various emails with attachments, and while email service providers will pre-scan and block suspicious content, many attachments are cleverly disguised and are risky to download locally.
In this case, I recommend previewing directly in the web page, or storing it in a temporary Google Drive folder, which effectively isolates the virus.
26) Niche platforms can significantly increase the likelihood of fighting virus Trojans
Think about this question: if you were a hacker ready to develop a virus (Trojan) for profit, which platform would you choose to target that which?
Obviously the platform with the larger user base.
Compared to Windows, the following platforms have a smaller user base.
While they are not significantly more secure than Windows, they are at much less risk.
- Other Linux distributions
27) Be careful what you write about security
- "What's the name of your college?"
- "Who's your girlfriend?"
- "What's your favorite band?"
Stop putting your real information up honestly, as your information is archived on a large number of social platforms and can easily be used by social workers, which can give hackers an opportunity to take advantage of it.
Instead, use a random password generated by your password management software as the answer to these security questions, which is much safer.
28) Don't log into your core account on a temporary device
Core accounts refer to your Google, Apple, and other main accounts that are tied to a bunch of devices, credit cards, passwords, and more.
Internet companies usually store Session cookies locally in your browser for convenience. Once this cookie is stolen, hackers can even bypass the platform's 2FA and other checks, in which case, no 2FA is useful.
29) Always second confirmation
- Memory is unreliable.
- Verify the wallet address is complete, not just the first/last few digits
I logged on to an exchange I don't use much last year and was ready to clean up some broken coins.
I saw a few familiar ones in the address book when I mentioned the coins, but couldn't remember when they were created for a while.
Since it was only a fraction of a bitcoin, I just transferred it and couldn't find the private key corresponding to that address afterwards.
Kind of regret that I wouldn't have made this cheap mistake if I had confirmed it one more time.
30) Empty all disk data before selling used equipment
Two tools are recommended.
The former can completely empty the hard drive.
The latter can replace the "safe emptying of the waste paper basket" operation, which can overwrite the file storage 35 times per operation and is basically difficult to recover.
31) Download the wallet only from the official website
Recently, we have encountered very many users who have downloaded wallets that have been 'secondarily packaged' by hackers, with Android being the worst hit, as many wallets offer APK installations that are hard to distinguish from the real thing.
I recommend checking the product's official website before downloading any wallet, and if not, a trust chain on Twitter can help you confirm the authenticity of the official website.
Don't click on links from unknown sources, and don't go directly to download the installers from these links.
Second, for open source projects, downloading from the official open source Github repository's Release, checking the Commit, and verifying the signature is a safer way to ensure that the installation package you download is basically the code corresponding to the current repository, which is very safe.
32) Identifying bogus contracts
- Confirm the authenticity of the cryptocurrency contract from at least 2 sources,RainbowandOneKeyboth have multiple checks from multiple Tokenlist
- Twitter follower counts are not trustworthy, followers and trust chains are more practical, be wary of fake tweeters, contract addresses found fromCGKandCMCare usually more reliable
33) Use of more secure operating systems and devices
Purismwas created in 2014 by Todd Weaver, whose biggest motivation for creating Purism was to remove Intel's management engine from laptops, whichElectronic Frontier Foundation(EFF),Librebootdeveloper and security expert Damien Zammit has accused critics of: 'ME hasbackdoorand privacy issues'.
Because the ME has access to memory and full access to the TCP/IP stack, it can send and receive network packets independently, bypassing firewalls.
The benefits of Purism are obvious.
- The camera, WiFi, Bluetooth, cellular network all have separate hardware switches that can be turned off completely when needed
- PureOS is simple and easy to use (it's a free Linux distribution based on Debian)
- Disabled Intel ME
Anyway, if you want to try out a Linux system and want a computer that works out of the box, try Purism.
A much less costly way is to run Whonix (with VituralBox) on your current computer.
Whonixis also a privacy and security-oriented Linux system that is completely free and open source and has several advantages.
- It has been in stable operation for 10 years
- Hide IP Address
- Hide the identity of the user
- No information is recorded
Interested in trying it out.