NOTE: Remixed from my earlier presentation and updated for 2025—with step-by-step actions, tool links, and fresh guidance. ~PABlo
What’s changed since 2021?
Three big things:
- passwordless “passkeys,”
- stronger device-level safety tools,
- and new scam patterns (especially QR-code “quishing”).
What my original 2021 deck covered (and what still matters)
My slides stressed patching, unique passwords, working antivirus/firewalls, phishing reporting, and remote-work risks—and even included a hardening checklist. Those fundamentals remain spot-on in 2025.
I also shared info about VPNs for remote use and public Wi-Fi; today the advice is a bit more nuanced (see below).
Finally, my “how to tell if you’re being monitored” section still tracks modern device-tampering realities.
10 moves to raise your security baseline (2025 edition)
1) Use passkeys (passwordless) wherever possible
Passkeys (built on FIDO/WebAuthn) stop phishing by design and are now supported across Apple, Google, and Microsoft accounts and many major apps.
Start here:
- Apple: Use passkeys (Sign in with Face/Touch ID) → iCloud Keychain
- Google: Add a passkey to your Google Account
- Microsoft/Windows Hello: sign-in without passwords
- Overview/why it’s safer: FIDO Alliance explainer.
Apple Support
2) Prefer phishing-resistant MFA (FIDO2/security keys) over SMS
CISA’s 2025 guidance: implement phishing-resistant MFA wherever possible. If a site doesn’t support it, use an authenticator app; avoid SMS when you can.
3) Password manager for everything else
NIST (Apr 2025) “highly recommends” password managers; the FTC concurs. Use one vault, enable its own MFA, and generate 20+ character random passwords.
4) Automatic updates everywhere
Turn on OS + browser + app auto-updates so patches land without you babysitting them. (Yes, reboots matter.) Apple steps and Android steps linked here.
5) Phone hardening: theft & safety tools
-
Apple: enable Stolen Device Protection and know Safety Check (Emergency Reset) and Lockdown Mode (for high-risk users).
-
Android: use Privacy dashboard to prune permissions; keep Play Protect on; Google’s rebranded Find Hub (formerly Find My Device) now tracks offline and supports precise UWB on newer models.
- Finders: verify Find My / Find Hub are on and tested.
6) Home Wi-Fi: set it and forget it (safely)
Change default admin passwords, update router firmware, use WPA3 if supported, disable WPS, and run a guest network for IoT. CISA’s home-network tip sheet covers the essentials.
7) Backups beat ransomware
Keep at least one offline or provider-managed backup. CISA’s ransomware guidance stresses backups and quick recovery as the fastest way to “win.”
8) Spot today’s scams (especially QR-code “quishing”)
The FBI’s IC3 warned in July 2025 about unsolicited packages with QR codes that lead to phishing and malware—don’t scan unknown codes. Report attempts and toss them. Internet Crime Complaint Center
+ General phishing red flags and reporting steps: CISA & FTC.
9) Private conversations: verify keys when it matters
Use end-to-end encrypted apps and learn their identity-check tools:
- iMessage Contact Key Verification (CKV) to detect server-side tampering.
- Signal safety numbers to confirm you’re messaging the right person/device set.
10) VPNs: when to use (and when not)
My original 2021 Cybersecurity Hygiene deck pitched VPNs broadly. In 2025, official guidance is:
- use a reputable VPN on untrusted networks or when you need to hide traffic from a local network/ISP—but understand a VPN provider can see your traffic and doesn’t make you anonymous on its own.
- For general privacy/security basics, enable HTTPS-only and use modern browsers + device encryption; use a VPN as a situational tool, not a cure-all.
- (See FTC’s consumer security primers and CISA’s “Secure Our World” basics.)
References & further reading
- NIST (2025): Why password managers are recommended. NIST
- CISA – Secure Our World (2025): Strong passwords & phishing-resistant MFA; recognize/report phishing. CISA
- FTC (2025): Phishing alerts & where to report; consumer security basics. Consumer Advice
- FIDO Alliance: Passkeys 101. Apple Support
- Apple Support: Auto-update iOS; Lockdown Mode; Safety Check; Contact Key Verification; Find My setup. Apple Support
- Google/Android: OS & Play system updates; Privacy dashboard; Play Protect; Find Hub/Find My Device. Android Central
- FBI IC3 (Jul 31, 2025): Packages with malicious QR codes. Internet Crime Complaint Center
- CISA: Securing home networks; Ransomware guidance.