THE AI PREPPER
Issue 003
Keep your online accounts secure.
This newsletter is a follow-up to the last one about financial fears, with a deeper level of suggestions on how to keep your online accounts secure.
1. Set up a password manager.
If your phone is dead, stolen, or locked, and you can't remember a single password because they all live in your browser's autofill, you're locked out of everything. A password manager stores every password in one encrypted place, accessible from any device. Bitwarden is free, open source, and independently audited. 1Password is $3 a month. Either one takes about 30 minutes to set up and is the single most impactful digital security step most people haven't taken.
2. Create an offline backup of your most critical passwords.
A password manager is only useful if you can access it. Export an encrypted backup file and save it somewhere that isn't the cloud, like an encrypted USB drive, a printed sheet in your fireproof bag. If the word “encrypted” scares you, just do it to a regular USB drive. Action is what matters, not perfection, and while you're at it write your master password on paper and store it with your physical documents. This sounds counterintuitive, but it isn't. A password you can't recover in an emergency is a liability, not a security feature.
3. Change the default passwords on every smart device in your home.
Your router, your thermostat, your doorbell camera, and your baby monitor if you have one. Every device that shipped with a default password of "admin" or "12345" is an unlocked door. Most people have never changed these. Most cyberattacks on home networks don't require sophistication. They just require defaults nobody got around to updating.
4. Know what's connected to your home network.
Go into your router settings and look at the device list. Most people are surprised by the number. Every connected device is a potential entry point, and you can't secure what you haven't inventoried. This isn't about paranoia. It's about knowing what you're working with.
5. Turn on two-factor authentication for your most important accounts.
Email, your password manager, your bank, and anything tied to financial accounts. The priority order matters: start with whatever you'd lose the most from if someone got in. SMS codes (the kind texted to your phone) are better than nothing, but an authenticator app like Google Authenticator or Authy is more secure and works without cell service. If you want to go further, a hardware key like a YubiKey is the strongest option and costs around $50. Most people don't need one. But for your email account specifically, it’s worth considering, because email is the master key to everything else. If someone gets into your email, they can reset every other password you have.
Five things again this week, each one closing a door that’s probably been open longer than it should have been. The pattern here is the same as the last newsletter: you don’t need to do everything, you just need to do something.
A password manager with a weak spot is ahead of no password manager, and two-factor authentication on a few accounts is better than two-factor on zero accounts.