Serious Discussion What’s ONE security habit you think actually matters (and one that’s overrated)?

[RoboMan]

I’ve been tweaking my security setup lately and realized I might be overdoing some things while ignoring others.

Curious to hear from you all:

What’s ONE security habit or tool that genuinely made you safer?
What’s ONE thing you think is overrated or not worth the effort?

Could be anything: antivirus, browser habits, backups, VPNs, sandboxing, etc.

IMO, I think anti-executables/application control apps as a first line of defense really matter and I think not enough people care to implement it.

On the other hand, I think the "golden rule" to have your data backed-up in 3 (three) different clouds/storage devices is excessive and not strictly necessary for regular users.

What's your take?

 

[TairikuOkami]

NextDNS
AV

On the other hand, I think the "golden rule" to have your data backed-up in 3 (three) different clouds/storage devices is excessive and not strictly necessary for regular users.

You would think so till 1. backup gets encrypted by Bitlocker ransomware, 2. backup is inaccessible due to damaged partitions, 3. backup is on a no longer working USB.

 

[Halp2001]

The one habit that has truly kept me safe is not being 'click-happy' with permissions. I treat every install and every access request like I’m handing out the keys to my front door. Just staying alert and mindful is worth more than any fancy software.

What I find overrated is stacking layers of security just for the sake of it. Having a dozen tools doesn't mean you're better protected if you don't even know what they’re doing; it usually just slows down your PC and creates confusion.

As for the 'golden rule' of three backups: for a regular user, having one local copy and one in the cloud is plenty of peace of mind. It’s not about how many copies you collect, but about keeping them updated. One reliable backup you actually check is worth way more than three you haven't touched in years!

 

[Parkinsond]

Zero-trust policy.

 

[Sampei.Nihira]

How I hardened the browser I use.

A paid AV.

 

[TuxTalk]

Use AV
Use ADBlocker
Use Password Manager on your own known space/cloud.
Backup Data to iCloud/OneDrive
Use your mind and brain.

Dont think too much and enjoy surfing.

 

[LinuxFan58]

Good habit: using long pass phrases

Overrated: biometric authentification

 

[Minimalist]

making regular backups of personal data (and system for quick recovery)

trying to have total control over OS and applications that are used

 

[Miravi]

The Principle of Least Privilege (PoLP) everywhere: your desktop, phone, web server, you name it. Within reason, don't run a system and apps with more leverage than necessary.

A multitude of redundant scanners, extensions, etc.

 

[lokamoka820]

Keeping all apps, drivers, and devices up to date.
Hardening security tools (if they require hardening, they are not worth using).

I never gave backups much thought until I lost my ex-girlfriend's stripping videos, which was a huge blow to me.

 

[Sorrento]

Backup, Backup, Backup (In more than one place)

Don't click on links!

 

[Sorrento]

Keeping all apps, drivers, and devices up to date.
Hardening security tools (if they require hardening, they are not worth using).

I never gave backups much thought until I lost my ex-girlfriend's stripping videos, which was a huge blow to me.

I have them, backed up !

 

[Parkinsond]

Don't click on links!

This is what I call "restrictive security" such as SRP.

R click, copy link address, paste in Norton safe web, if safe, click and enjoy surfing.

 

[Acadia]

Backup, backup, backup.
Acadia

 

[lokamoka820]

R click, copy link address, paste in Norton safe web, if safe, click and enjoy surfing.

I doubt I will enjoy surfing if I have to copy and paste every link; instead, you have to click like you're playing a fighting game on the PlayStation.

 

[Jonny Quest]

I doubt I will enjoy surfing if I have to copy and paste every link; instead, you have to click like you're playing a fighting game on the PlayStation.

That's what our Browsers, DNS, or AV extensions do, so we don't have to copy and paste "every link", to enjoy surfing, in general. What was brought to my attention, a nice eye opener for me, is when to copy and paste a link, for confirmation, security's sake.

This post, and this post.

 

[lokamoka820]

That's what our Browsers, DNS, or AV extensions do, so we don't have to copy and paste "every link", to enjoy surfing, in general. What was brought to my attention, a nice eye opener for me, is when to copy and paste a link, for confirmation, security's sake.

This post, and this post.

I only posted to joke around and received some good advice. Nice deal.

 

[Zero Knowledge]

Understand the threat environment. Expect to be pwned & compromised and act accordingly. No data, no traces, no stress when things go wrong. Just format and reinstall.
Not using a Adblocker, downloading warez & crackz and running them, and replying answering to scam sms/calls. Don't do these things

I think people need to learn a bit of resilience when sh*t goes wrong. Here is a quote from Fear & Loathing Hunter S Thompson

But after a while you learn to cope with things like seeing your dead grandmother crawling up your leg with a knife in her teeth.

Also a Fight Club quote to get you through the day

It's only after we've lost everything that we're free to do anything.

Acceptance.

 

[ForgottenSeer 123960]

What actually matters. A Password Manager + MFA

If you only adopt one habit, make it using a password manager combined with Multi-Factor Authentication (MFA) on your critical accounts (email, banking, primary social media).

The vast majority of everyday compromises don't happen through sophisticated, movie-style zero-day exploits. They happen because of credential stuffing and phishing. A password manager completely eliminates password reuse. More importantly, it protects you against basic phishing because the auto-fill feature simply won't trigger on a fake, misspelled domain. Pairing that with an authenticator app or a hardware security key, essentially shuts the door on the most common, high-success attack vectors.

What’s overrated. Consumer VPNs as a "Security Cure-All"

Don't get me wrong, Virtual Private Networks have valid use cases, but treating a commercial consumer VPN as a primary security shield is highly overrated and largely the result of aggressive marketing. VPN advertisements heavily rely on the fear of "hackers on public Wi-Fi stealing your bank details." The truth is, the vast majority of the modern web is heavily encrypted via HTTPS by default. Even on public Wi-Fi, an attacker cannot easily see your passwords or private data in transit. A VPN simply shifts your trust from your local Internet Service Provider (ISP) to the VPN company. It is a fantastic tool for privacy (hiding your browsing history from your ISP or circumventing geo-blocks), but it does absolutely nothing to protect you from downloading malware, clicking a phishing link, or executing a malicious script.

 

[Parkinsond]

I doubt I will enjoy surfing if I have to copy and paste every link; instead, you have to click like you're playing a fighting game on the PlayStation.

Only for suspicious links; the more knowledge you get, the more capability to suspect.
Zero-trust+knowledge > any security software promoted as the magical solution.