- This will be expanded text describing why you should do the above, in more detail. + Password reuse should always be avoided. If one website gets hacked and you use the same password for everything, then hackers can use your information to login to other services.
- This will be expanded text describing why you should do the above, in more detail. + Proton has email, VPN, cloud storage, a password manager, and more. +
++ Using a password manager makes it very easy to create strong and unique passwords. +
++ You should change any passwords you use for the services that show up here. You can also sign up to be notified if you are in a new data breach.
- This will be expanded text describing why you should do the above, in more detail. + Many websites support 2FA and it should be enabled when possible, especially for your bank and email.
@@ -564,16 +582,16 @@ Avoid using social logins (Google, Facebook).- This will be expanded text describing why you should do the above, in more detail. + Using social logins creates a single point of failure. If Google gets hacked and you use Google to login to everything, then all of your accounts are comprimised.
-- This will be expanded text describing why you should do the above, in more detail. + Use pseudonyms or alternate email addresses to create separation between different things that you do online. For example: One identity for shopping, and one for activism.
- This will be expanded text describing why you should do the above, in more detail. + Fully separating identities (e.g., using distinct browsers, devices, and accounts for different activities) is difficult to do without any crossover, but it can greatly reduce tracking risks.
+ Enabling 2FA makes it significantly harder to hack your accounts. Even if someone has your password they would also need to be able to authenticate with your 2FA device to login. +
- This will be expanded text describing why you should do the above, in more detail. + While SMS or email is better than nothing, these methods are vulnerable to SIM swap attacks or email account takeovers. For stronger protection use a TOTP app.
- This will be expanded text describing why you should do the above, in more detail. + Aegis is an open-source app available on Android.
- This will be expanded text describing why you should do the above, in more detail. + These are physical devices and not all services support them.
@@ -622,21 +643,15 @@+ VPNs are NOT a tool that make you more private. Rather they shift who can look at what you are doing. Without a VPN your ISP can see what websites you visit. With a VPN, your ISP can see that you are connecting all of your traffic to one server (VPN), and your VPN can see what websites you visit. This is important because many VPN sellers claim that they make you more private or secure which is NOT the case. If you just want to be more private or secure you do NOT need a VPN. However, VPNs are useful for bypassing censorship. If something is banned or blocked in your country, you may be able to bypass the block with a VPN. +
- This will be expanded text describing why you should do the above, in more detail. -
-- This will be expanded text describing why you should do the above, in more detail. + Choosing a VPN with no logs is important because any logs could be handed over if requested. Having your service in a country with strong privacy laws reduces this risk, but remember the VPN can see your traffic.
- This will be expanded text describing why you should do the above, in more detail. + If you don't trust any VPN company, you do have the option of renting a server somewhere and making your own with Wireguard. Renting a server with your own identity will lead to less anonymity though.