Quick overview of some techniques to ensure your personal data is secured. I happily will accept suggestions, if anyone can think of other things, and am also happy to explain or help with any part.

personal_data_security.md

PERSONAL DATA SECURITY

Who Am I?

I'm a programmer with a personal interest in data-security. You can find me on github as konsumer.

Layers

Personal data-security is all about securing every layer, starting with the layers that enable other layers. Keep in mind the full path of things that are high-target items (money, devices - like apple/gmail, personal communication, social-networking) and keep in mind what each item allows access to. Do your best to secure every layer as well as you can, and quickly respond to indications of breach at every layer.

Physical

• locks on doors (make sure no one else has key/combo)
• physical access to computer (lock it in a room, don't let anyone use it unattended, physically check for USB devices, etc)
• router - no physical access to router/modem, check for alternate firmware
• make sure no one can physically touch your computers/devices without authorization

Device

• Turn off devices you aren't using until you have secured everything else
• Disable wifi on every device until you are sure your network is secured
• Secure your primary phone first, after basic physical security. It's used for 2FA and can be used with password manager.
• If possible, setup a new phone service-provider, and cancel all old accounts
• If not possible, at least make sure no one has admin rights to your phone's account other than you (call phone-company, lock it down)
• If possible, completely wipe your devices (phones, computers, etc)
• All devices should require at least a password/pin/biometrics to use
• If you use thumb/onscreen keypad: wipe your screen after you enter yor pin with your shirt
• For protection from cops/government: use a long pin over biometrics (face/thumbprint) They can't currently force you to tell them your pin, but they can use your fingerprints or face
• Disk encryption is very important if you can't protect against a bad actor having your device in their posession (cops, government, etc) It only protects against reading from the disk, directly

Network

• make sure no one can get something physically connected to your network, scan for devices on network
• Lock-down or disable your WIFI. Use a really good password and WPA2 (at the minimum.) Make it really long, and not easy to guess (password managers can help with this.)
• Disable default admin login on router
• If your wifi will stay enabled, setup a separate "guest" network with a separate password
• Optional: use a VPN, at computer level (not on router.) This isn't as important as VPN companies make it out to be, as all important traffic is over HTTPS, but it can stop snooping around what sites you use, and will stop your ISP from getting info about how you use your network
• If possible, factory-reset the router and install fresh firmware from the manufacturer/trusted-source

Account

• Use a password manager, don't write passwords down, don't install on devices that aren't secured. These will help you generate long secure passwords and store them securely. I like myki, because it's P2P (no central server) and it has integrated google-authenticator (2FA) but you can use lastpass, 1password, etc.
• Don't reuse passwords, ever
• Enable 2-factor auth on every account & ensure that every device that is used for 2-factor (phone, computer, etc) has already been secured. Prefer google-auth over a phone number (it's time-based single-use token system is more secure.)
• Use maximum-length passwords (I default to 33 random alpha/numeric/symbol characters)
• Start by changing passwords of accounts that are used as 2FA for other accounts (your primary email, gmail, apple, facebook, twitter, etc) and move on to lower-target accounts. Make sure no passwords are duplicated or simple (lots of random characters)
• If you're worried about government/cops: don't trust that facebook/gmail/microsoft/etc credentials are secure. These companies happily cooperate with them. Best to lock down your device, and keep your online presence (on that device) to an absolute minimum. Use services that don't cooperate with the law/government. On computers: use linux (tails is pretty good.) If you really want to use those services, use sockpuppet accounts that you cycle quickly.