Your First 30 Days of Better Security

Starting a security journey can feel overwhelming.

There are hundreds of tools, thousands of best practices, and it seems like you need a PhD in Computer Science just to understand the basics.

Here's the truth: You don't need to do everything at once.

In fact, trying to overhaul your entire digital life overnight is a recipe for burnout. You'll get overwhelmed, do nothing, and end up exactly where you started.

Better approach: One small action every day for 30 days.

By the end of this month, you'll have transformed your security posture from "easy target" to "actually pretty secure."

Each day takes 5-30 minutes max. No technical expertise required. Just follow along.

Let's get started.

Week 1: Foundation Building

Day 1: Enable 2FA on Your Email

Time required: 10 minutes
Why it matters: Your email is the master key to everything else

Action steps:

1. Log into your primary email account
2. Find Security Settings
3. Enable Two-Factor Authentication
4. Choose authenticator app (not SMS if possible)
5. Save your backup codes somewhere safe

Resources:

• Gmail 2FA Setup Guide
• Outlook 2FA Setup Guide
• Download Google Authenticator or Microsoft Authenticator

✅ Success indicator: You need a code from your phone to log into email

Day 2: Audit Your Passwords

Time required: 20 minutes
Why it matters: Understanding the problem before solving it

Action steps:

1. Make a list of your most important accounts
2. Honestly assess: Are you reusing passwords?
3. Identify your weakest passwords
4. Check if you've been in a breach: haveibeenpwned.com

Don't change anything yet—just assess the situation.

Write down:

• How many accounts reuse the same password?
• How many passwords are weak (short, simple, obvious)?
• Which accounts showed up in breaches?

✅ Success indicator: You have a clear picture of your password security

Day 3: Choose and Install a Password Manager

Time required: 15 minutes
Why it matters: You can't fix passwords without the right tool

Action steps:

1. Choose your password manager:
   • Bitwarden (recommended for most people—free, excellent)
   • 1Password (paid, very polished)
   • Dashlane (good free tier)
2. Download and install on your computer
3. Install browser extension
4. Install mobile app
5. Create your master password (make it STRONG—this is the only one you'll need to remember)

Master password tips:

• Use a passphrase: "BlueCoffee!Runs@Midnight37"
• At least 16 characters
• Mix of words, numbers, symbols
• Memorable but not obvious
• Don't write it down digitally—memorize it or use a physical note in a safe place

✅ Success indicator: Password manager installed and set up

Day 4: Migrate Your Most Important Passwords

Time required: 20 minutes
Why it matters: Start building the new habit

Action steps:

1. Open your password manager
2. Visit your 5 most critical accounts:
   • Primary email
   • Banking
   • Primary social media
   • Work email/accounts
   • Cloud storage
3. For each account:
   • Change to a strong, unique password (let password manager generate it)
   • Save in password manager
   • Test logging out and back in

Don't try to do all your accounts today—just these five.

✅ Success indicator: 5 accounts now have unique, strong passwords saved in your password manager

Day 5: Enable 2FA on Financial Accounts

Time required: 15 minutes
Why it matters: Money is a prime target

Action steps:

1. Log into your bank account
2. Enable 2FA (usually in Security Settings)
3. Do the same for:
   • Credit card accounts
   • Investment accounts
   • PayPal or Venmo
   • Crypto exchanges (if applicable)

✅ Success indicator: All financial accounts have 2FA enabled

Day 6: Enable 2FA on Social Media

Time required: 15 minutes
Why it matters: Compromised social accounts can damage relationships and reputation

Action steps:

1. Facebook: Settings → Security → Two-factor authentication
2. Instagram: Settings → Security → Two-factor authentication
3. Twitter/X: Settings → Security → Two-factor authentication
4. LinkedIn: Settings → Account preferences → Two-step verification
5. TikTok: Settings → Security → Two-step verification

✅ Success indicator: All social media accounts secured with 2FA

Day 7: Week 1 Review + Backup Codes

Time required: 15 minutes
Why it matters: Don't lock yourself out!

Action steps:

1. Review your progress—celebrate what you've accomplished!
2. Gather all backup codes from accounts with 2FA
3. Store them securely (password manager's secure notes feature works great)
4. Print a copy and store physically (fireproof safe, locked drawer)

Week 1 checklist:

• ✅ Email secured with 2FA
• ✅ Password manager installed
• ✅ 5 critical accounts using unique passwords
• ✅ Financial accounts secured with 2FA
• ✅ Social media secured with 2FA
• ✅ Backup codes safely stored

Great work! You're already way more secure than most people.

Week 2: Securing Your Devices

Day 8: Update Everything

Time required: 30 minutes (mostly waiting)
Why it matters: Outdated software = known vulnerabilities

Action steps:

1. Update your computer operating system
2. Update your phone operating system
3. Update your browsers (Chrome, Firefox, Safari, Edge)
4. Update important apps
5. Enable automatic updates for everything

How to check for updates:

• Windows: Settings → Update & Security
• Mac: System Settings → Software Update
• iPhone: Settings → General → Software Update
• Android: Settings → System → System update

✅ Success indicator: Everything is up to date, auto-updates enabled

Day 9: Secure Your Phone Lock Screen

Time required: 5 minutes
Why it matters: Your phone is your identity

Action steps:

1. Set a strong PIN (at least 6 digits, not 123456 or your birthday)
2. Enable biometric unlock (fingerprint or Face ID) if available
3. Set auto-lock to 1-2 minutes max
4. Enable "Find My Phone" feature
5. Verify lock screen doesn't show sensitive notification content

Settings:

• iPhone: Settings → Face ID & Passcode
• Android: Settings → Security → Screen lock

✅ Success indicator: Phone locks automatically, requires strong authentication, findable if lost

Day 10: Review App Permissions

Time required: 15 minutes
Why it matters: Apps often request way more access than they need

Action steps:

1. Go through apps on your phone
2. Check what permissions each has (camera, microphone, location, contacts, etc.)
3. Ask yourself: "Does this app actually need this permission to function?"
4. Revoke unnecessary permissions

Common over-permissions:

• Flashlight app doesn't need your contacts
• Game doesn't need your location
• Shopping app doesn't need your microphone

How to check:

• iPhone: Settings → Privacy & Security → [Permission type]
• Android: Settings → Apps → [App name] → Permissions

✅ Success indicator: Removed unnecessary permissions from at least 5 apps

Day 11: Secure Your Home WiFi

Time required: 20 minutes
Why it matters: Your home network is the gateway to all your devices

Action steps:

1. Log into your router (usually 192.168.1.1 or 192.168.0.1 in browser)
2. Change the default admin password (YES, THIS IS IMPORTANT)
3. Change your WiFi network name (SSID) to something that doesn't identify you
4. Change your WiFi password to something strong (at least 16 characters)
5. Enable WPA3 encryption (or WPA2 if WPA3 isn't available)
6. Disable WPS (WiFi Protected Setup—it's insecure)
7. Update your router firmware if available

Bad WiFi names: "Smith Family WiFi" "123 Main Street"
Better WiFi names: "PrettyFlyForAWiFi" "FBI Surveillance Van"

✅ Success indicator: Router has strong password, WiFi uses WPA3/WPA2, firmware updated

Day 12: Encrypt Your Devices

Time required: 15 minutes (setup) + time for encryption (automatic, runs in background)
Why it matters: If your device is lost or stolen, encryption protects your data

Action steps:

1. Windows: Settings → Update & Security → Device encryption (turn on)
   • Or BitLocker for Windows Pro
2. Mac: System Settings → Privacy & Security → FileVault (turn on)
3. iPhone: Automatic if you have a passcode
4. Android: Settings → Security → Encryption (turn on if not already)

Note: Encryption happens in the background and doesn't slow down your device in normal use.

✅ Success indicator: All devices are encrypted

Day 13: Set Up a VPN

Time required: 15 minutes
Why it matters: Protection on public WiFi, privacy from your ISP

Action steps:

1. Choose a VPN provider:
   • Mullvad (privacy-focused, €5/month)
   • ProtonVPN (has free tier)
   • IVPN (privacy-focused)
2. Sign up and download the app
3. Install on your computer and phone
4. Test it: Turn on VPN, visit ipleak.net to verify it's working

When to use your VPN:

• Public WiFi (always!)
• When traveling
• When accessing sensitive information
• Whenever you want extra privacy

✅ Success indicator: VPN installed, tested, and working

Day 14: Week 2 Review

Time required: 10 minutes
Why it matters: Consolidate your progress

Week 2 checklist:

• ✅ All devices updated
• ✅ Phone properly locked and secured
• ✅ App permissions reviewed and trimmed
• ✅ Home WiFi secured
• ✅ Devices encrypted
• ✅ VPN set up and tested

You're now more secure than 90% of people. Seriously.

Week 3: Email & Communication Security

Day 15: Clean Up Your Email Inbox

Time required: 20 minutes
Why it matters: Clutter makes phishing emails harder to spot

Action steps:

1. Unsubscribe from newsletters you don't read
2. Delete obvious spam without opening
3. Archive old emails you don't need
4. Set up filters to organize important emails
5. Create a "Suspicious" label/folder for questionable emails

Use unsubscribe tools:

• Gmail: "Unsubscribe" link appears next to sender
• Unroll.me (third-party tool for mass unsubscribing)

✅ Success indicator: Inbox is organized, easier to spot suspicious emails

Day 16: Learn Phishing Red Flags

Time required: 15 minutes
Why it matters: Phishing is the #1 attack vector

Action steps:

1. Review common phishing tactics (see Article 1)
2. Quiz yourself: Google's Phishing Quiz
3. Forward suspicious emails to:
   • Gmail: reportphishing@google.com
   • Outlook: phish@office365.microsoft.com

Practice makes perfect—the more you look for red flags, the easier they become to spot.

✅ Success indicator: Scored well on phishing quiz, can identify red flags

Day 17: Secure Your Messaging Apps

Time required: 15 minutes
Why it matters: Private conversations should stay private

Action steps:

1. Switch to encrypted messaging for sensitive conversations:
   • Signal (gold standard for privacy)
   • WhatsApp (end-to-end encrypted)
   • iMessage (encrypted if both users have iPhone)
2. Download Signal or verify WhatsApp encryption
3. Enable disappearing messages for sensitive chats
4. Turn on screen security (prevents screenshots)
5. Set up a registration lock PIN

Settings in Signal:

• Settings → Privacy → Screen Security
• Settings → Privacy → Registration Lock

✅ Success indicator: Using encrypted messaging, privacy settings configured

Day 18: Review and Revoke App Permissions (Email & Cloud)

Time required: 20 minutes
Why it matters: Third-party apps with access to your email/cloud can be security risks

Action steps:

1. Gmail: Google Account → Security → Third-party apps with account access
2. Microsoft: Microsoft Account → Privacy → Apps and services
3. iCloud: Apple ID → Sign-In & Security → Apps Using Apple ID
4. Review each app: Do you still use it? Do you trust it?
5. Revoke access to anything you don't recognize or use

Common culprits: Old social media apps, quiz apps, abandoned services

✅ Success indicator: Removed at least 3 unnecessary third-party app connections

Day 19: Set Up Email Forwarding/Aliases

Time required: 15 minutes
Why it matters: Protects your real email address from spam and breaches

Action steps:

1. Use email aliases for:
   • Shopping sites
   • Newsletters
   • Any non-critical account
2. Options:
   • Gmail: Use the + trick (yourname+shopping@gmail.com)
   • Apple: Hide My Email (iCloud+ feature)
   • SimpleLogin or AnonAddy (dedicated alias services)
3. Set up 2-3 aliases for different purposes

Pro tip: If an alias starts getting spam, you know who sold your email address!

✅ Success indicator: Created and using email aliases for non-critical accounts

Day 20: Backup Your Important Data

Time required: 30 minutes (+ time for backup to run)
Why it matters: Security includes availability—don't lose your data!

Action steps:

1. Choose backup method:
   • Cloud: iCloud, Google Drive, Dropbox (encrypted)
   • Local: External hard drive (encrypt it!)
   • Best: Both (3-2-1 rule: 3 copies, 2 different media, 1 offsite)
2. Back up:
   • Important documents
   • Photos
   • Financial records
   • Password manager backup (if not cloud-synced)
3. Schedule automatic backups

Backup tools:

• Windows: File History or Windows Backup
• Mac: Time Machine
• Cloud: Backblaze, Crashplan, iCloud, Google Drive

✅ Success indicator: Backup system configured and running

Day 21: Week 3 Review

Time required: 10 minutes

Week 3 checklist:

• ✅ Email organized and clean
• ✅ Can identify phishing attempts
• ✅ Using encrypted messaging
• ✅ Third-party app access reviewed
• ✅ Email aliases set up
• ✅ Data backed up

You're now a security-conscious digital citizen!

Week 4: Advanced Protection & Habits

Day 22: Secure Your Browser

Time required: 20 minutes
Why it matters: Your browser knows everything about you

Action steps:

1. Clear browsing data (cache, cookies, history if desired)
2. Review and remove unnecessary browser extensions
3. Install privacy-focused extensions:
   • uBlock Origin (ad/tracker blocker)
   • Privacy Badger (tracker blocker)
   • HTTPS Everywhere (forces secure connections)
4. Configure privacy settings:
   • Block third-party cookies
   • Send "Do Not Track" requests
   • Use HTTPS-Only mode
5. Consider privacy-focused browser:
   • Firefox (privacy-friendly)
   • Brave (built-in ad/tracker blocking)

Chrome privacy settings: Settings → Privacy and security → Cookies and other site data → Block third-party cookies

✅ Success indicator: Browser configured for privacy, unnecessary extensions removed

Day 23: Secure Your Social Media Privacy

Time required: 25 minutes
Why it matters: What you share publicly can be used against you

Action steps: For each social platform:

1. Review who can see your posts (friends only?)
2. Review who can see your personal info (birthday, phone, email)
3. Turn off location tagging
4. Review photo tagging settings
5. Limit past posts visibility
6. Check what apps have access to your profile

Facebook: Settings → Privacy → Profile and Tagging
Instagram: Settings → Privacy
LinkedIn: Settings → Visibility
Twitter/X: Settings → Privacy and Safety

Ask yourself: Would I be comfortable with a potential employer seeing this?

✅ Success indicator: Privacy settings reviewed and tightened on all social platforms

Day 24: Create a Digital Inventory

Time required: 20 minutes
Why it matters: You can't protect what you don't know you have

Action steps:

1. List all your online accounts (use password manager to help)
2. Categorize by importance (critical, important, low priority)
3. Note which have 2FA enabled
4. Note which have unique passwords
5. Identify accounts you no longer use (delete them later)
6. Store inventory in password manager's secure notes

Categories:

• Critical: Email, banking, work
• Important: Social media, shopping, utilities
• Low priority: Old forums, trial accounts

✅ Success indicator: Complete inventory of online accounts

Day 25: Delete Unused Accounts

Time required: 30 minutes
Why it matters: Every account is a potential breach point

Action steps:

1. Review your account inventory from Day 24
2. Identify accounts you haven't used in 6+ months
3. Delete or deactivate them
4. Use JustDeleteMe for deletion instructions
5. Check if your data was involved in breaches: haveibeenpwned.com

Pro tip: Some services make deletion difficult. Be persistent!

✅ Success indicator: Deleted at least 5 unused accounts

Day 26: Set Up Security Alerts

Time required: 15 minutes
Why it matters: Early warning of suspicious activity

Action steps:

1. Enable login alerts for critical accounts:
   • Gmail: Settings → See all settings → Forwarding and POP/IMAP → Enable "Notify me of new sign-ins"
   • Facebook: Settings → Security → Get alerts about unrecognized logins
   • Banking: Enable mobile alerts for transactions
2. Set up Google alerts for your name and personal info
3. Consider credit monitoring (free options available)
4. Enable breach notifications: haveibeenpwned.com/NotifyMe

✅ Success indicator: Alert systems configured for critical accounts

Day 27: Review Your Digital Footprint

Time required: 20 minutes
Why it matters: Know what others can find about you

Action steps:

1. Google yourself: "Your Name" "Your City"
2. Check people search sites: Spokeo, Whitepages, BeenVerified
3. Review what personal info is publicly available
4. Opt out of people search sites (tedious but worth it)
5. Remove personal info from old social media posts if needed

Use opt-out services:

• PrivacyDuck (paid)
• Manual removal (free but time-consuming)

✅ Success indicator: Know what your digital footprint looks like, started removal process

Day 28: Create a Security Routine

Time required: 15 minutes
Why it matters: Security is a practice, not a destination

Action steps:

1. Schedule monthly security check-ins in your calendar
2. Create a security checklist for monthly reviews:
   • Check for software updates
   • Review financial accounts for suspicious activity
   • Check credit report (free annually)
   • Update passwords for high-value accounts
   • Review app permissions
   • Check for data breaches
3. Set reminders for quarterly deep-dives:
   • Full password audit
   • Digital inventory update
   • Privacy settings review

✅ Success indicator: Monthly security routine scheduled and documented

Day 29: Share Security Knowledge

Time required: 20 minutes
Why it matters: Your security is only as strong as your weakest link (family, friends, coworkers)

Action steps:

1. Help one person in your life improve their security
2. Walk them through:
   • Setting up 2FA on their email
   • Installing a password manager
   • Recognizing phishing emails
3. Share this 30-day guide with them
4. Create a family security plan if applicable

Remember: Be patient and encouraging. Not everyone is tech-savvy, and that's okay!

✅ Success indicator: Helped at least one person improve their security

Day 30: Celebrate & Plan Ahead

Time required: 15 minutes
Why it matters: Acknowledge your progress and commit to continued improvement

Action steps:

1. Review everything you've accomplished this month (seriously, look at the full list below!)
2. Identify areas where you still want to improve
3. Set 3 security goals for the next 30 days
4. Join a security community (CypherHarp Discord, Reddit's r/cybersecurity, etc.)
5. Consider upgrading your security knowledge with courses or certifications

Your 30-Day Transformation:

✅ Week 1: Foundation

• Email secured with 2FA
• Password manager installed and in use
• Critical accounts using unique passwords
• Financial accounts secured with 2FA
• Social media secured with 2FA
• Backup codes safely stored

✅ Week 2: Device Security

• All devices updated with auto-updates enabled
• Phone properly secured
• App permissions reviewed
• Home WiFi secured and encrypted
• Devices encrypted
• VPN set up

✅ Week 3: Communication Security

• Email organized and clean
• Phishing awareness developed
• Encrypted messaging in use
• Third-party access audited
• Email aliases implemented
• Data backed up

✅ Week 4: Advanced Protection

• Browser secured and privacy-optimized
• Social media privacy settings tightened
• Digital inventory created
• Unused accounts deleted
• Security alerts configured
• Digital footprint reviewed
• Monthly security routine established
• Shared knowledge with others

You did it! 🎉

You're now more secure than 95% of internet users. That's not an exaggeration—most people never take even a fraction of these steps.

What's Next?

Keep the momentum going:

Monthly tasks:

• Run through your security checklist
• Review new accounts for 2FA setup
• Check for data breaches
• Update important passwords

Quarterly tasks:

• Full security audit
• Review and update backups
• Check privacy settings on all platforms
• Review credit reports

Continuous learning:

• Follow security news and blogs
• Stay updated on new threats
• Learn about emerging technologies
• Consider advanced security training

Want to go deeper? Check out:

• CypherHarp Membership Options for courses and mentorship
• Follow @cypherharp for daily security tips
• Subscribe to the newsletter for weekly security insights

Final Thoughts

Security isn't about being paranoid—it's about being prepared.

You've invested 30 days in protecting your digital life. That's 30 days many people will never invest. You should be proud.

But remember: security is a journey, not a destination. Threats evolve, technology changes, and your security needs to evolve with them.

The habits you've built this month will serve you for life. Keep them up, stay curious, and stay secure.

Share your success! Drop a comment below:

• Which day was most impactful for you?
• What surprised you most?
• What are you tackling next?

I'd love to hear about your journey.

Stay secure!
Harper

Ready to level up even more? Join Silver membership for exclusive intermediate tutorials, live Q&A sessions, and a community of security-minded people just like you.