Privacy Cyber Hygiene
Simple language. Real impact.
A step-by-step checklist covering your phone, social accounts, browser, and email. No technical knowledge required just twenty minutes and this page.
You don't need to do all of this at once. Start with anything marked Priority. Each item takes under three minutes. Even completing half this list puts you significantly ahead of most people.
Enable a strong lock screen PIN or passphrase Priority
A 6-digit PIN is minimum. A passphrase (random words) is stronger. Avoid face unlock as your only method it can be bypassed.
Review app permissions
Settings Privacy check which apps have access to your location, microphone, and camera. Remove access for any app that doesn't genuinely need it.
Turn off ad tracking Priority
iOS: Settings Privacy Tracking disable "Allow Apps to Request to Track." Android: Settings Privacy Ads opt out of ads personalisation.
Enable automatic OS updates
Most security vulnerabilities are fixed in updates. Running an old OS version means you're carrying known security holes.
Install a password manager Priority
Bitwarden (free, open-source) or 1Password. These generate and store unique passwords for every account so you only need to remember one master password.
Change passwords for your email and banking accounts first
These are your highest-risk accounts. Use a long, unique password (14+ characters). Don't use the same password anywhere else.
Enable two-factor authentication (2FA) on email Priority
2FA means even if someone has your password, they can't get in without a second code. Use an app like Authy rather than SMS codes where possible.
Switch your default search engine to DuckDuckGo
Settings Search Engine (in any browser). DuckDuckGo doesn't log your searches or build a profile on you.
Install uBlock Origin browser extension
Free ad and tracker blocker for desktop browsers. Blocks the invisible trackers that follow you around the web not just ads.
Clear browser cookies and stored passwords
Your browser stores a surprising amount. Settings Clear Browsing Data. Do this once, then let your password manager handle login storage instead.
Audit who has access to your social accounts
Settings Apps & Websites (Facebook/Instagram). Revoke access from any app or service you no longer use. Most people have dozens they've forgotten about.
Make your social profiles private or review visibility
Check who can see your posts, follower lists, and tagged photos. On Instagram: Settings Privacy Account Privacy.
Consider a private email for sensitive accounts Optional
Proton Mail offers free end-to-end encrypted email. Worth using for banking, health, and legal accounts even if you keep your regular email for everything else.
Fill in a circle for each item completed.
7+ circles: you're doing well. 10+: genuinely above average.
Come back to the rest when you're ready.