Ask HN: How to do a Personal Cybersecurity audit
I am acutely aware that if I were targeted by a non sophisticated actor (like a very motivated hacker, or a phone/laptop thief with programming knowledge), I would be toast if they figured out, e.g my windows password, as that is the key to my Chrome keychain, for e.g, which allows them into a pandora's box of accounts.
Even more likely, if I were to get a laptop stolen while unlocked, they could get access to my primary email(s), which could lead them to getting access to accounts via password reset. There were a lot of similar other failure points I used to keep enumerated mentally, but now there's too many to count. The biggest ones are email access however.
Is there a process or method I can use to enumerate/track and fix those kids of failure points in my personal cybersecurity?
7 comments
[ 2.0 ms ] story [ 25.6 ms ] threadDon't leave yourself signed into your accounts. As soon as you're done sign out.
Keep everything portable and not centralised.
Convenience doesn't make for good cyber security.
You can't protect yourself from everything but you can make it more difficult.
Do you have off-site backups of all your critical data on a regular schedule?
Do you have physical 2FA on all your accounts?
Are you actively patching/updating all your devices on a schedule, and actively discarding the devices that are too old to patch?
Only after these are done should you start looking at complex phishing and social engineering scenarios. You can successfully mitigate everything you are worried about by nailing these fundamentals.
[1]https://x.com/karpathy/status/1902046003567718810
In addition to the short checklist, the author has a lengthy blog post describing its implementation in his life: https://andrew-quinn.me/digital-resiliency-2025/