Take the following steps to secure your devices and accounts.

• Use a strong complex password to login to your computer
• Configure your computer to require a password after 5 minutes of inactivity
• Configure your computer to require a password on wake
• Learn the keyboard shortcut to lock your computer - Windows logo + L (Windows), control + shift + power/escape (Mac), or ctrl + alt + L (Linux)
• Mac: add keychain status to your menu bar (open /Applications/Utilities/Keychain\ Access.app/Contents/Resources/Keychain.menu/) for easy screen locking
• Make a habit of locking your computer when you step away from it
• Encrypt your hard drive via FileVault (Mac), BitLocker (Windows), or LUKS (Linux)
• Enable your operating system's firewall
• Mac: Enable stealth mode
• Enable a device tracking and recovery program like Find My Mac or Prey
• Securely store and encrypt your physical backups
• Update your operating system to the latest version
• Update your applications to the latest versions
• Mac: Don't use your Apple ID to login to your computer, if hacked, it can be used to remotely wipe your Macbook. Instead use a regular Macbook login.
• Mac: Don't forget to frequently brew update && brew upgrade for Homebrew

• Use a long passcode on your phone - 12+ characters, preferably alphanumeric
• Require a passcode immediately after sleep
• Enable Find My iPhone or Android Device Manager to use remote wipe if your phone is stolen or lost
• iPhone: Enable erase data after 10 bad passcode attempts (take good backups!)
• iPhone: If you're really, really paranoid don't enable Touch ID
• iPhone: Install and enable Ka-Block! for mobile Safari to enable content blocking (ad blocking) on your phone. Use Safari with Ka-Block! instead of the Chrome iOS app for safer mobile web browsing.
• iPhone: Install and use Firefox Focus to enable tracking protection and make it easy to delete your browsing history
• Android: Don't use common and predictable lock patterns
• Android: Encrypt your hard disk
• Android: Install and enable the uBlock Origin add-on for Firefox on Android for safer mobile web browsing
• Frequently update your operating system and apps, especially security patches
• Frequently backup your phone and encrypt your backups

• Find a reputable VPN service with a laptop & mobile phone client to use for hostile networks (e.g. unencrypted wifi) or as an everyday privacy guard
• Install the HTTPS Everywhere extension in your browser to prevent inadvertent HTTP connections
• Install an ad blocker like uBlock Origin (Firefox, Chrome or Ka-Block! (Safari) - internet ads are a common malware vector
• Enable plugin click-to-play on all your browsers, not just your default browser, to protect against Adobe Flash vulnerabilities

A strong complex password is at least 16 characters long (the longer the better) and has several special characters (!@#$%^&*()). Two factor authentication (2FA) protects your account even more than a strong password.

• Use a password manager like 1Password or Encryptr
• Use a diceware passphrase as the encryption passphrase for your password manager
• Add all of your account usernames and passwords to your password manager
• Rotate all of your old or insecure passwords with strong passwords generated automatically via 1Password
• Make sure every password for every account is unique
• Replace any accurate questions to security question with false answers (store false answers in 1Password)
• Download a 2FA app on your smartphone like Google Authenticator
• Enable 2FA or two step verification on every account where available (see 2FA audit section) - add the software token to both your smartphone and 1Password
• Immediately store your 2FA backup and recovery codes in 1Password

Make sure 2FA or two step verification is enabled on all of the following accounts:

• Google
• Amazon
• Facebook - enable Login Approval
• GitHub
• Dropbox
• Apple ID
• Slack - all of your Slack teams!
• Twitter - two step verification with SMS
• Yahoo! - two step verification with SMS
• LinkedIn - two step verification with SMS

This is an incomplete list! For more information about two factor authentication, see twofactorauth.org, Turn It On, and #LockDownURLogin.