Adam Shostack recently published a great read on why the phrase “X is Security 101” is a hindsight-focused and generally not very useful statement.
I completely agree with his point that people who are (or pretend to be) security experts need to do more than flippantly make this remark when discussing the latest security story. [I think this is part of a larger, symptomatic issue the InfoSec community has, but I’m still formulating enough thoughts on that to publish a post on it].
Mr. Shostack, at the (near) start of 2015, I would like to see your 101 list and raise you mine:
-
Use two-factor authentication for each online service you make use of - at least the critical ones
-
Never reuse passwords across online services.
- Corollary: use a password manager like 1password, lastpass, or keepass
-
Be careful what you post on Social
- Corollary: always be sure your Social Media preferences block sharing with anyone other than your friends
-
Always inspect links in e-mails - advice I’ve been following since at least 1996