Table of contents

Intro

In today's world, your personal information is constantly under threat. Identity theft, financial fraud, and privacy violations can have devastating consequences. The good news? Most security threats are preventable through proper practices, and you can dramatically improve your OpSec posture in just a few minutes.

This guide is divided into two parts: general security practices that everyone on the internet should follow, and web3-specific security measures for anyone who owns or works with crypto. Whether you're a casual internet user or a crypto enthusiast, you'll very likely find actionable steps to improve your security.

There are many excellent guides on this topic available, but I wanted to share the practices that have kept me safe for more than 10 years in the crypto space.

Why You Should Care

When you use free services like Google, Facebook, or free VPNs, you become the product - your personal information is collected, analyzed, and sold to advertisers or used to manipulate your behavior. This data can be used to target you with scams, influence your decisions, or be sold to the highest bidder.

The worst-case scenarios include complete financial ruin, identity takeover, and even physical threats if your location or personal details are exposed. But here's the thing: the cost of prevention is always less than the cost of recovery, and in many cases, there is no recovery at all.

Note: The recommended tools in this guide are ones I've personally used and would recommend to anyone. There are many other great tools out there, but I don't want to suggest anything I haven't tried myself.

5 Critical Security Measures (Do These First)

These are the security measures that provide the biggest impact with the least effort:

1. Set Up and Use a Password Manager

This will dramatically improve your security. Most people reuse passwords across multiple accounts, which creates a massive vulnerability. When one website is compromised, hackers can use those credentials to access your other accounts.

Action Items:

  • Use unique passwords for every account
  • Generate strong, random passwords (at least 20 characters)
  • Enable 2FA on your password manager
  • Check for compromised accounts regularly (e.g. Have I Been Pwned)

Recommended Tools:

  • Bitwarden - All the features you need, paid version is cheap and includes emergency access among other great features
  • 1Password - Excellent features and integrations
  • Proton Pass - End-to-end encrypted password manager by Proton (part of the Proton suite)

2. Enable Two-Factor Authentication (2FA)

Even with strong passwords, your accounts can still be compromised through data breaches, phishing, or keyloggers. 2FA adds a second layer of protection. For maximum security, consider hardware security keys - they're physical devices that cannot be cloned or intercepted remotely.

Action Items:

  • Enable 2FA anywhere possible, but especially on email, banking and any other accounts that contain sensitive information
  • Never use SMS-based 2FA (SIM swapping attacks can bypass this)
  • Use authenticator apps or hardware keys instead
  • Backup your 2FA recovery codes securely
  • Consider hardware security keys for critical accounts (your company might already provide them)

Recommended Tools:

  • Proton Authenticator - By Proton, part of their suite
  • Aegis Authenticator - Open-source 2FA app for Android
  • YubiKey - Industry-standard hardware security keys
  • Some password managers have 2FA built in, but I think it's better to keep them separate

3. Keep Your Devices Secure

Your phone and laptop contain your most sensitive data. If your device is lost, stolen, or compromised, all of this information could be exposed.

Action Items:

  • Always lock your laptop when leaving it unattended
  • Set a short (1 minute) lock screen timeout on your laptop
  • Enable full disk encryption on all devices
  • Turn off your laptop when traveling to make sure full disk encryption is enabled (purges decryption keys)
  • Use biometrics AND a strong password, not just a 4-digit PIN
  • Install security updates promptly
  • Use RFID-protected wallets to prevent card cloning and NFC scanning thefts

4. Use a VPN

Your internet service provider (ISP) can see everything you do online. On public WiFi networks, other users can potentially intercept your traffic. VPNs encrypt your internet connection and protect your privacy.

Funny story: I was once a judge at a privacy hackathon, and one of the teams presented a project that, based on device proximity, allowed you to open a private chat with another device. When all the judges opened up the app, they could immediately see each other on the map. However, my device showed that I was in an entirely different country. All these other judges are people I look up to for being privacy advocates, but it turned out that all of them were just talking the talk, not walking the walk.

Action Items:

  • Always use a VPN on public WiFi
  • Use a VPN as often as possible. VPNs provide additional security even on your own network.
  • Choose a no-logs provider
  • Enable kill switch (automatically disconnect if VPN drops)
  • Use VPN for sensitive activities (banking, cryptocurrency transactions)

Recommended Tools:

  • ProtonVPN - Privacy-focused VPN with strong encryption
  • ExpressVPN - High-speed VPN with excellent security
  • Mullvad - Anonymous VPN service with no logging

5. Always Be Skeptical

Social engineering attacks manipulate human psychology to gain access to sensitive information. These attacks are becoming increasingly sophisticated, often using AI-generated content that looks legitimate.

Action Items:

  • Verify information through multiple channels (if someone contacts you via email claiming to be from your bank, verify through the official phone number and vice versa)
  • Never install unknown software, especially last-minute requests before job interviews
  • Question urgency - scammers create artificial urgency to prevent clear thinking
  • Check for red flags: poor grammar, suspicious links, requests for sensitive information
  • Any website or service that asks for your password, 2FA code, or other sensitive information should be treated with suspicion
  • If you are not sure, ask a friend or family member for their opinion
  • If anything sounds too good to be true, it probably is

Additional Tips and Best Practices

Email Security

Email is often the key to your digital life - it's used for account recovery, password resets, and contains sensitive information.

Action Items:

  • Use encrypted email to avoid having your emails scanned and used to serve you better ads
  • Enable 2FA on email accounts
  • Use email aliases for different purposes to limit exposure
  • Be cautious with email attachments

Recommended Tools:

  • ProtonMail - End-to-end encrypted email service from Switzerland (part of the Proton suite)
  • Fastmail - Fast, secure and private email service

Browser Security

Your web browser is your primary gateway to the internet. Modern browsers collect extensive data about your browsing habits, and malicious websites can exploit browser vulnerabilities.

Action Items:

  • Switch from Chrome to Firefox, Brave or something new like Orion
  • Install security extensions (ad blockers, script blockers)
  • Keep browsers updated
  • Clear cookies and cache regularly
  • Disable unnecessary permissions
  • Use different browsers or browser profiles for different purposes (e.g. work, personal, crypto)

Recommended Tools:

  • Firefox - Privacy-focused browser with strong security
  • Brave - Chromium-based browser with built-in privacy features
  • Orion Browser - Privacy-focused browser with great ad-blocker and zero telemetry (not fully open source though and only for Apple)
  • Best Privacy Browsers List

Privacy Tools

Privacy tools help you take control of your data and reduce the amount of information collected about you.

Action Items:

  • Switch to privacy-focused search engines
  • Use encrypted messaging for everything
  • Tell your friends and family to use encrypted messaging too
  • Use encrypted backup solutions for your data

Recommended Tools:

  • Kagi Search - Privacy-focused search engine (paid)
  • DuckDuckGo - Privacy-focused search engine (free)
  • Signal - Encrypted messaging app
  • Proton Drive - End-to-end encrypted cloud storage (part of the Proton suite)

Crypto/Web3 Specific Security

If you own cryptocurrency, you become a higher-value target for attackers. The crypto ecosystem has experienced over $4.7 billion in losses between 2024-2025, with 80% of losses resulting from operational security failures, not smart contract vulnerabilities.

Crypto is beautiful technology, but it has drawbacks: you're the only one who can access your funds. If you lose your private key or send funds to a scammer, there's no recovery. This makes extra caution essential.

Essential Crypto Security

Action Items:

  • Use a hardware wallet for long-term storage
  • Never store more than you can afford to lose in hot wallets
  • Use multi-signature wallets for significant amounts
  • Use air-gapped devices for signing transactions
  • Store recovery phrases securely (never tell anyone where you keep them)
  • Use dedicated devices for crypto operations (not your work computer or your pr0n computer)
  • Always do test transactions with small amounts before doing larger ones
  • Don't hold crypto on centralized exchanges long-term

Recommended Tools:

  • Ledger - Popular hardware wallet with wide coin support
  • Trezor - Open-source hardware wallet
  • Safe (formerly Gnosis Safe) - Industry-standard multisig wallet
  • Rabby Wallet - User-friendly wallet with great security features (unfortunately no Firefox extension)
  • Frame - Wallet for advanced users

Privacy for Crypto Users

Action Items:

  • Use privacy coins (Monero, Zcash) for sensitive transactions
  • Consider privacy tools for existing cryptocurrencies (e.g. Privacy Pools)
  • Avoid wearing crypto-branded clothing or displaying wealth indicators
  • Blend in when traveling - look like a regular tourist
  • Use aliases online if your job allows it

Recommended Tools:

  • Monero - Privacy-focused cryptocurrency
  • Zcash - Privacy-preserving cryptocurrency
  • Tornado Cash - Don't use this anymore, but support the trial against the developers here
  • Privacy Pools - Compliant privacy solution for Ethereum

My Personal Stack

Here's what I personally use for my digital security and crypto:

Password Manager: Bitwarden

Two-Factor Authentication: Proton Authenticator for most accounts, YubiKey for critical accounts

Browser: Firefox and Orion

VPN: ProtonVPN or ExpressVPN, depending on country or feature I need. dAppNode, as always-on VPN connection and Ethereum RPC

Email: ProtonMail - I really like the whole suite of tools they offer and will probably switch to them for everything eventually when other subscriptions run out

Search Engine: Kagi Search - I pay for it, and I don't mind paying for a good product that respects my privacy

Messaging: Signal for chat as often as possible. I onboarded most of my family and friends to use it and you should too.

Hardware Security: YubiKey 5C for critical accounts

Multisig Wallet: Safe setup with multiple signers, making it easy to rotate keys if needed

Hardware Wallet: Trezor has been my choice since 2017, if it ain't broke, don't fix it

Software Wallet: Rabby and Frame for regular interactions with crypto

Airgapped Device: I have an old Android phone that's airgapped and dedicated just to signing crypto transactions. See airgap.it

Privacy Coins: Monero for private transactions and onboarding to fiat in foreign countries

Additional Resources

This post focuses on the most essential ways to improve your personal OpSec right now. There are many great resources out there that are much more in depth that you should definitely check out once you’ve integrated the essentials into your setup. Here are a couple of recommendations:

Closing Remarks

Security is a process, not a product. Start with these basics, and gradually implement more advanced measures as you become more comfortable with the concepts. The most important thing is to start somewhere - even implementing just the first two items on this list will dramatically improve your security posture. So scroll back to the top and begin implementing the first steps. Most of the products I listed have free trials or free versions with only the most essential features.

Once you feel comfortable using some of these tools, you should start sharing your knowledge with your friends and family and make sure they also follow best practices. This is how we can create a safer and better internet together!