Ask HN: How to do a Personal Cybersecurity audit

24•preciousoo•1mo ago

I am acutely aware that if I were targeted by a non sophisticated actor (like a very motivated hacker, or a phone/laptop thief with programming knowledge), I would be toast if they figured out, e.g my windows password, as that is the key to my Chrome keychain, for e.g, which allows them into a pandora's box of accounts.

Even more likely, if I were to get a laptop stolen while unlocked, they could get access to my primary email(s), which could lead them to getting access to accounts via password reset. There were a lot of similar other failure points I used to keep enumerated mentally, but now there's too many to count. The biggest ones are email access however.

Is there a process or method I can use to enumerate/track and fix those kids of failure points in my personal cybersecurity?

Comments

ifh-hn•1mo ago

Don't use chrome to store your passwords. Use a password manager that's not tied to a cloud company that you can use multifactor Auth with, one of which is off device.

Don't leave yourself signed into your accounts. As soon as you're done sign out.

Keep everything portable and not centralised.

Convenience doesn't make for good cyber security.

You can't protect yourself from everything but you can make it more difficult.

montague27•1mo ago

I would be more careful towards social engineering than some random typical hackers. The former seems more prevalent and successful in my POV.

1970-01-01•1mo ago

Start at the fundamentals, dammit!

Do you have off-site backups of all your critical data on a regular schedule?

Do you have physical 2FA on all your accounts?

Are you actively patching/updating all your devices on a schedule, and actively discarding the devices that are too old to patch?

Only after these are done should you start looking at complex phishing and social engineering scenarios. You can successfully mitigate everything you are worried about by nailing these fundamentals.

null_deref•1mo ago

Do you have suggestions on how to do off site backups? For example for images and documents

1970-01-01•1mo ago

XXTB HDD in a safe deposit box. Rotate the disks with on-site backup. Test restore once per year.

rainonmoon•1mo ago

Start with your threat model. Who is the “someone” you’re imagining attacking you? What are the most likely risks to occur? What are the most damaging? Where do those two lists overlap? Prioritise addressing those first. There’s no point worrying about someone stealing your laptop if it rarely leaves the house, but something like not having reliable 2FA on your accounts is probably more likely to get exploited and potentially as damaging. There’s no point worrying about nation state actors exploiting a side-channel to leak data via an LED on your earphones if you’re currently embroiled in a messy divorce.

serjester•1mo ago

Karpathy had an amazing tweet about this if you’re interested in a deep dive.

[1]https://x.com/karpathy/status/1902046003567718810

rankiwiki•1mo ago

A simple starting point for me was checking password reuse and enabling hardware-based 2FA everywhere possible. It’s surprising how much risk disappears just from that.

preciousoo•1mo ago

I’m wary ofhardware 2fa because I’m prone to losing things. Do you have a plan for if that happens?

KomoD•1mo ago

I do nearly all my 2FA with Yubikeys, I carry one with me on my keychain and then I have another one in a safe as a backup.

preciousoo•1mo ago

makes sense, I didnt know you could have multiple (learned in this thread)

embeng4096•1mo ago

I just came across this checklist the other day: https://andrew-quinn.me/digital-resiliency-2025-checklist/

In addition to the short checklist, the author has a lengthy blog post describing its implementation in his life: https://andrew-quinn.me/digital-resiliency-2025/

Show HN: Jwtpeek – minimal, user-friendly JWT inspector in Go

Willow – Protocols for an uncertain future [video]

Feedback on a client-side, privacy-first PDF editor I built

Clay Christensen's Milkshake Marketing (2011)

Show HN: WeaveMind – AI Workflows with human-in-the-loop

Show HN: Seedream 5.0: free AI image generator that claims strong text rendering

A contributor trust management system based on explicit vouches

Show HN: Analyzing 9 years of HN side projects that reached $500/month

The Floating Dock for Developers

Arcan Explained – A browser for different webs

We are not scared of AI, we are scared of irrelevance

Quartz Crystals

Show HN: I built a free dictionary API to avoid API keys

Show HN: Kybera – Agentic Smart Wallet with AI Osint and Reputation Tracking

Show HN: brew changelog – find upstream changelogs for Homebrew packages

Any chess position with 8 pieces on board and one pair of pawns has been solved

LLMs as Language Compilers: Lessons from Fortran for the Future of Coding

Projecting high-dimensional tensor/matrix/vect GPT–>ML

Show HN: Free Bank Statement Analyzer to Find Spending Leaks and Save Money

Our Stolen Light

Matchlock: Linux-based sandboxing for AI agents

Show HN: A2A Protocol – Infrastructure for an Agent-to-Agent Economy

Drinking More Water Can Boost Your Energy

Proving Laderman's 3x3 Matrix Multiplication Is Locally Optimal via SMT Solvers

Fire may have altered human DNA

"Compiled" Specs

The Next Big Language (2007) by Steve Yegge

Open-Weight Models Are Getting Serious: GLM 4.7 vs. MiniMax M2.1

Using AI for Code Reviews: What Works, What Doesn't, and Why

Show HN: Solnix – an early-stage experimental programming language