Hack That Shit

Module 2 — Digital Self-Defense & Personal Security

by

Your first line of defense in cybersecurity is you.
Module 2 focuses on strengthening your personal security posture — the daily habits and configurations that protect your accounts, devices, and data.
This isn’t just theory: every concept is backed by a safe, real-world exercise you can perform right now

💡 Learning Objectives

By the end of this module, you’ll be able to:

  • Apply strong password and authentication practices.

  • Recognize phishing and social-engineering attempts.

  • Harden your laptop and smartphone with proper updates and settings.

  • Configure a secure browser environment.

  • Create a personal security checklist for daily use.

 

1. Password Hygiene — Your First Shield

Weak passwords remain the #1 cause of account compromise.
Good hygiene means:

  • Use unique passwords for each site.

  • Minimum 12–16 characters with letters, numbers, and symbols.

  • Never reuse passwords across platforms.

  • Prefer passphrases (“Blue_Ocean_Coffee_92!”) — easy to remember, hard to crack.

🔧 Tools

  • Bitwarden, 1Password, or KeePassXC — free or low-cost password managers.

  • Password Manager Rules:

    • Protect with a strong master password.

    • Enable cloud sync encryption.

    • Store recovery keys offline (USB or printed).

2. Multi-Factor Authentication (MFA)

Even strong passwords can be stolen — MFA adds an extra gate.

TypeExampleSecurity Level
TOTP AppGoogle Authenticator, Authy✅ High
Hardware TokenYubiKey, Titan Key✅✅ Very High
SMS CodeText messages

⚠️ Moderate (vulnerable to SIM swaps)

Best Practice:
Use an authenticator app instead of SMS wherever possible.
Enable MFA on email, cloud storage, and social accounts immediately.

3. Phishing & Social Engineering

Attackers often target the human element instead of technology.

Common Tactics:

  • Fake login pages (“verify your account”)

  • “Urgent action” or “account suspension” messages

  • Impersonation of bosses, banks, or friends

Spot the Signs:

  • Suspicious sender address (support@amz-offer.net)

  • Misspellings, grammar errors, or fake urgency

  • Hover links before clicking

  • Unexpected attachments

Defense:

  • Always verify the source by contacting the organization directly.

  • Never enter credentials through a link sent via email.

  • Report suspicious messages to your provider or internal team.

4. Device Security & Patch Management

Keeping your system updated closes known vulnerabilities.

For Windows/macOS:

  • Enable automatic updates.

  • Keep antivirus / endpoint protection active.

  • Use limited user accounts (avoid admin daily).

  • Encrypt disks (BitLocker / FileVault).

For Mobile Devices:

  • Install apps only from official stores.

  • Revoke unnecessary permissions.

  • Keep OS updated — avoid outdated versions.

  • Use screen locks and biometric security.

5. Secure Browsing & Privacy

Your browser is your window to the web — and a favorite target.

Recommended Settings:

  • Use Firefox, Brave, or Edge (Enhanced Security).

  • Enable HTTPS-Only mode.

  • Disable pop-ups, third-party cookies, and auto-downloads.

  • Install privacy extensions:

    • uBlock Origin (ad/tracker blocker)

    • Privacy Badger (tracker learning)

    • DuckDuckGo Privacy Essentials

Public Wi-Fi Warning:
Avoid logging into accounts on open networks.
If necessary, use a VPN (ProtonVPN, Windscribe, or NordVPN).

Quick Tips Box

💡 Pro Tip: If your account offers “App Passwords” for third-party tools, use them instead of sharing your main credentials.
🧩 Security Routine: Spend 5 min each week updating your password manager and checking for reused passwords.
⚙️ Hardening Habit: Review your device privacy settings monthly.

Practical (Safe) Exercise

Exercise 1 — Password Manager Setup

  1. Choose a password manager (Bitwarden or KeePassXC).

  2. Create a strong master password and enable MFA.

  3. Add 3–5 frequently used accounts.

  4. Generate new random passwords for them.

  5. Backup the vault securely (encrypted export or printed recovery key).

Exercise 2 — Phishing Awareness Drill

  1. The instructor or a friend prepares 5 fake emails.

  2. You analyze each and note red flags: sender, tone, link, urgency.

  3. Classify each as Safe / Suspicious / Malicious.

  4. Discuss how legitimate companies communicate securely.

(All exercises are simulated and safe.)

Ethics & Legal Note

It’s never ethical to “test” real users with phishing outside a sanctioned environment.
Phishing simulation is allowed only:

  • With explicit consent from participants.

  • For educational or corporate training purposes.

Always act with permission, with purpose, and within legal scope.

6. Summary & Takeaways

You’ve built a strong foundation of personal cyber hygiene:

  • Strong, unique passwords

  • Multi-factor authentication everywhere

  • Awareness of social engineering

  • Hardened devices & browsers

  • A repeatable personal security checklist

🧱 Next Up: Module 3 — Network Security Fundamentals →

Leave a comment

Table of Contents

Index