jason.guide

How to Secure Your Digital Life

The exact setup I use for passwords, 2FA, browser privacy, and data removal - prioritized by impact, not paranoia.

Privacy 12 min read Updated June 5, 2026

Key Takeaways

  • A password manager eliminates the single biggest attack surface: credential reuse. One breach no longer exposes every account.
  • Credit freezes are free, take 15 minutes across all three bureaus, and block anyone from opening credit in your name.
  • SMS-based two-factor authentication can be bypassed via SIM swapping. Authenticator apps and hardware keys cannot.
  • uBlock Origin blocks most behavioral tracking at the browser level with zero configuration. Install it once and forget it.
  • Data brokers sell your home address, phone, and relatives' names. Optery removes you automatically on an ongoing basis.
Recommended Tool Optery (Free scan, remove from $3.99/mo)
Remove Your Data →
🚨

Already compromised? Skip this guide and go straight to the Incident Response Guide →

Summary of essential steps

1.Password manager. Use 1Password to eliminate credential reuse across services.
2.Credit freezes. Lock your credit at Equifax, Experian, and TransUnion - free, takes 15 minutes.
3.App-based MFA. Move off SMS codes to an authenticator app or hardware key.
4.uBlock Origin. One browser extension that cuts most behavioral tracking.
5.App permissions audit. 20 minutes. Venmo, ad tracking, digital legacy.
6.Software updates. The unsexy one. Unpatched software is how most people get hit.

Security vs. Privacy - two different problems

Most people think “privacy” is one thing. It’s actually two separate problems with different solutions. The first is keeping attackers out. The second is controlling what legitimate companies collect and sell. Mixing them up leads to either paranoia or blind spots - so this guide separates them.

🔒

Account Security

Prevents unauthorized access to your accounts and devices. The adversary is criminals and automated attacks.

HackersBlocked
👁️

Data Privacy

Limits how personal data is collected and sold by legitimate companies. The adversary is advertising infrastructure.

Your dataYou control it

The difference: Security stops criminals. Privacy manages corporate data collection. You need both, but they require different actions.

Phase 1: Securing your accounts

1. Password Management ~30 mins

Using the same password everywhere is the fastest way to get hacked. One breach exposes every account. A password manager gives every site a unique, long password - and you only need to remember one.

1Password

The standard for password management. Works across every device, supports passkeys, family sharing, and has a strong security track record. About $3/month.

Review 1Password →

2. Multi-Factor Authentication (MFA) ~45 mins

MFA adds a second check at login - even if an attacker has your password, they can’t get in without the second factor. Not all MFA is equal:

Best

Hardware Security Key

A physical device (like a YubiKey) that you plug in or tap. Completely phishing-proof - the key only works on the real site. See the Security Keys guide for full setup.

Good

Authenticator App

Apps like 2FAS or 1Password generate time-sensitive codes. Significantly more secure than SMS. Use this if you’re not ready for a hardware key.

Avoid

SMS Codes

Text message codes can be intercepted via SIM swapping. Better than nothing, but move off this for email and banking as soon as you can.

3. Credit freezes ~15 mins

A credit freeze prevents any lender from pulling your credit file, which means no one can open a new account in your name - even if they have your Social Security number. It’s free, it doesn’t affect your score, and unfreezing is easy when you actually need credit.

Freeze independently at all three bureaus:
Equifax ↗Experian ↗TransUnion ↗

Phase 2: Limiting data exposure

1. Browser Configuration ~10 mins

Every page you visit loads dozens of tracking scripts alongside the content. One extension blocks most of them with no configuration required.

uBlock Origin

Open-source, maintained, and the most effective tracker blocker available. Install it on every browser you use. It also makes pages load faster - ad scripts are heavy.

Install uBlock Origin →

2. Data broker removal ~20 mins setup

Data brokers collect your home address, phone number, relatives, and browsing history and sell it to anyone who pays. Automated tools handle the removal process so you don’t have to file hundreds of requests manually.

Optery

Scans hundreds of data broker sites, shows you exactly what’s listed, and submits deletion requests automatically. Free scan to see your exposure; paid plans handle ongoing removal.

Run Free Scan →

California residents: use DROP instead

The state’s free Delete Request and Opt-Out Platform lets you opt out of all data brokers at once. It’s run by the California Privacy Protection Agency and costs nothing.

Access DROP Platform →

3. App settings audit ~20 mins

Three quick fixes that most people skip:

Venmo Privacy

Venmo makes your transaction history public by default. Anyone can see who you paid and what for.

Settings → Privacy → Private
Ad trackingiOS + Android

Your phone has an advertising ID that lets companies track you across every app. Disabling it breaks most cross-app profiling.

iOS: Settings → Privacy → Tracking → offAndroid: Settings → Privacy → Ads → Delete advertising ID
Digital legacyApple + Google

Set up a legacy contact so your family can access your photos and documents if something happens to you. Takes two minutes.

Apple: Apple Account → Legacy ContactGoogle: Account → Data & Privacy → Digital legacy

Phase 3: Social engineering

Technical protections fail when someone tricks you into handing over access voluntarily. This is how most people actually get compromised - not through exploits, but through a well-timed fake call or email.

1

Urgency is the attack

Any message telling you to act immediately - “your account will be suspended in 24 hours,” “your package is held” - is designed to skip your critical thinking. Slow down. Legitimate services don’t demand instant action through unsolicited messages.

2

Verify through a different channel

If you get a call from your bank, hang up and call the number on the back of your card. If you get an email about your account, log in directly - don’t click the link. The real service is accessible through the real app.

3

Set a family safe word

AI voice cloning can now impersonate someone you know from a 10-second audio sample. Agree on a word with close family members that you’d only say in a genuine emergency. If it’s not used, it’s not them.

One-time setup checklist

Complete these once. Total time: 2-3 hours. This is the difference between a layered defense and a system that falls apart the moment one password leaks.

The single point of failure

Without these steps, your entire digital life depends on a single text message. Once an attacker has your phone number, they can reset most passwords in minutes.

Complete Your Setup

Using AI tools like ChatGPT, Claude, or Gemini? What they do with your data is a separate and underappreciated risk. See the AI Privacy guide →

Common Myths

Myth: “I have nothing to hide.”
Privacy is about control, not secrecy. You close the bathroom door - not because you’re doing something wrong, but because you value your personal space. Privacy protects you from targeted manipulation, price discrimination, and future laws you can’t predict.
Myth: “Incognito mode makes me private.”
Incognito only stops your browser from saving your local history. Your ISP, your employer’s network, and the websites themselves see everything you do. It’s useful for shared computers - not for privacy.
Myth: “I’m not interesting enough to be targeted.”
Most attacks aren’t targeted. They’re automated credential stuffing against breached databases - your email and the same password you used on five other sites. You don’t need to be interesting. You just need to be in a breach database with a reused password.

Ready to go deeper?

Advanced Privacy & Security Configurations

Signal, encrypted email, network-level DNS filtering, automated data broker removal, and mobile lockdown. This guide assumes you’ve finished the setup above.

Advanced Privacy Guide →

ⓘ Links on this page may earn me a small commission at no cost to you. I only recommend products I actually use. Affiliate policy →

Frequently asked questions

What's the difference between security and privacy?
Security keeps attackers out of your accounts. Privacy controls what legitimate companies collect and sell about you. You need both - a secured account can still be leaking data to a dozen ad networks.
What password manager should I use?
1Password. It works across every device, supports passkeys, has a strong security track record, and costs around $3/month. Bitwarden is a solid free alternative if you're comfortable with a slightly more technical setup.
Is two-factor authentication really necessary?
Yes. A password alone isn't enough - data breaches are common and passwords get reused. 2FA means an attacker needs both your password and your physical device. Use an authenticator app, not SMS codes.
What does freezing your credit actually do?
A credit freeze prevents lenders from pulling your credit report, which means no one can open a new account in your name - even if they have your Social Security number. It's free, takes 5 minutes per bureau, and is one of the highest-leverage security steps you can take.
Jason

Written by Jason

Jason is a tech industry veteran in NYC who has been optimizing personal finance and digital privacy for 15 years. He uses Wealthfront for automated investing and writes about the systems he actually runs.

☕ Buy me a coffee

Cite this guide: "How to Secure Your Digital Life", jason.guide, updated 2026-06-05. https://jason.guide/guides/privacy