[DRAFT]
I recently sent my Mom a link to “Exposing The Flaw In Our Phone System” by Veritasium. I wanted her to know that phones aren’t strong 2FA devices. I forgot that I have a good foundation of security and didn’t really think how I was now gifting her unforgettable knowledge, paranoia and anxiety.
Embed video
Cybersecurity interview questions
Matt's discord brain dump
Realistically the fundamentals should be all most people need.
Use MFA (on a separate device, not SMS or phone) everywhere,
use a password manager and have all of your passwords be impossible to guess, difficult to brute force and distinct from eachother,
Keep your devices up to date with the latest security updates, if a device is EOL then get a new one
Don’t share any remotely sensitive information with anyone who isn’t verified. Trust nothing until you verify it yourself. If someone asks for something on the phone or on the internet assume they’re malicious and find your own way to contact who they’re claiming to be should it be necessary (ex they say they’re your bank, hang up and call your bank to see if theyre legit)
Keep default securities on, such as windows defender
Post as little sensitive information online as possible. Any info which must remain on the internet should be made private if possible. (stop posting everything on social media)
Something you know + something you have.
Essentials:
-
Password manager
-
TOTP manager, ideally separate, but offline will suffice.
-
Research TOTP options for IOS users.