I finally got around to executing my security audit and implementing these best practices last year, minus setting up the VPN service (which is now more important than ever considering the new rights ISP’s have been afforded), after a similar situation in which my 2FA stopped someone that had my username and password from getting into my iCloud account (they would have had access to my email, contacts, notes, reminders, location, photos, and the ability to wipe my phone remotely). Scary stuff.
In my experience, the most tedious part of implementing these best-practices was setting up 2FA and addressing my personal password fiasco. I found twofactorauth.org and authy.com to be invaluable to discover which of the services I use support 2FA. I was also pleasantly surprised to find the 1Password app I had been using for a couple of years to store 10 permutations of the same poor password had not only been updated to include a “Security Audit” function that helps one identify duplicate or non-secure passwords, but it also had a one-time-password (OTP) Authenticator built in amongst a host of other helpful security tools! I know other password managers and browser extensions can do the same thing.
Luckily, as the need for vigilent security has become more important, great tools are being built to simplify securing and maintaining the security of one’s data; so for anyone that looks at a particular recommendation in this article and thinks it’s just too inconvenient to execute, take the time to find a tool that helps do it for you — it’s out there. I’ll be giving Cloak a shot. Great article. Now about those pesky spying microwaves…
