The problem with the textbook security advice is that if you follow all of it, it will cost you more than the expected loss from following none of it, and since the people who write it rarely bother to give priority guidance, people end up rationally following none of it. What’s actually needed is a very short list of advice that’s feasible to remember and follow, and which will cost less to follow than its expected benefit.
Here’s a couple of my suggestions to start with:
If you’re going to use the same password for two dozen random websites, don’t also use that same password for your PayPal account.
Don’t publish your date of birth, it’s an attack vector for identity theft. If a website demands your date of birth, and you choose to give the real year, at least change the exact day. (Same goes for other identifying pieces of information e.g. mother’s maiden name, date of birth is just the one that comes up most often.)
The problem with the textbook security advice is that if you follow all of it, it will cost you more than the expected loss from following none of it, and since the people who write it rarely bother to give priority guidance, people end up rationally following none of it. What’s actually needed is a very short list of advice that’s feasible to remember and follow, and which will cost less to follow than its expected benefit.
Here’s a couple of my suggestions to start with:
If you’re going to use the same password for two dozen random websites, don’t also use that same password for your PayPal account.
Don’t publish your date of birth, it’s an attack vector for identity theft. If a website demands your date of birth, and you choose to give the real year, at least change the exact day. (Same goes for other identifying pieces of information e.g. mother’s maiden name, date of birth is just the one that comes up most often.)