editione1.0.0
Updated October 9, 2023What I do to protect my information and accounts will look similar to what you’ll be doing:
For every account I create, I have my password manager auto-generate and store it for me using password manager browser plugins. If I find myself creating a password without it, I pick five random words and string them together so I can easily remember how to store it later.
Before I start putting more data into these accounts, I enable 2FA. I aim to always do push notifications or one-time passwords where I can, and settle for SMS where I can’t use any other options. A good example here is Twitter, which only updated their two-factor options in 2019.
I often hear about password breaches at websites and online services via social media or email, and I respond quickly with a password reset. Since I work in security, my news and Twitter feed are littered with news like this. This news can also come via email, but I often do a quick check to make sure that email is legitimate before acting on it, in case it is just a phishing email in disguise. I do this by going directly to the account’s website myself, and checking if there is any news about a breach.