security basics
6 articles with this tag
Still on Windows 10? The security risks of running it after end of support
Windows 10 hit end of support on October 14, 2025. The core risk of staying is that newly found holes are never patched (forever-days) and pile up, making the machine a favored target. Consumer ESU is a one-year, security-only stopgap through October 13, 2026 (free enrollment routes exist, but the EEA free first year doesn't apply to most regions). The real fix is moving to Windows 11 or replacing the hardware — use ESU only as a bridge until that migration is done.
Backup essentials: the 3-2-1 rule and a recovery plan that survives ransomware
'I have a backup' isn't enough — only a backup you've verified you can restore is real. The basics: the 3-2-1 rule (three copies, two media types, one offsite). For ransomware you also need at least one 'offline or immutable' copy — an always-connected backup gets encrypted along with the original. Cloud sync is not a backup (it replicates deletions and encryption too). Versioning and a periodic restore test complete the practice.
Choosing MFA the right way: what 'phishing-resistant' means, and why SMS is weak
MFA is a second lock so a leaked password alone can't get you in — but what you turn on changes its strength by three tiers. SMS/email codes fall to relay phishing and SIM-swap; authenticator apps (TOTP) are mid; passkeys/security keys (FIDO2) can't be presented to a fake site at all — that's phishing resistance. Top priority: put phishing-resistant MFA on the keys to the kingdom (email, domain, payments). Storing recovery codes and having a backup factor complete the setup.
The security baseline for mid-to-large organizations: the standard foundation for teams
At scale the baseline shifts from a 'checklist' to 'programs with owners.' The priority order matches the indie version: 1) identity, 2) secrets and supply chain, 3) app and infra, 4) detect and respond, plus a cross-cutting people-and-governance layer. The big change: the leading cause of breaches moves from slips to people, process, departed-employee access, and third parties.
Is storing your passwords in Google Drive safe? How to keep them properly
Keeping passwords in a plaintext Google Doc/Sheet is dangerous: one Google account becomes the single point of failure for every password — account takeover, a rogue connected app, or phishing leaks them all at once. The fix is a dedicated password manager (contents stay encrypted even when synced). If you must use Drive, store only an encrypted vault file and put phishing-resistant MFA on the account.
The security baseline for indie devs and small operators: the whole standard set
The baseline isn't 'all equally important.' This site's priority order: 1) keys to the kingdom (MFA, domain, email), 2) secrets and code, 3) the app itself, 4) patch, detect, recover. With finite time, fill it top-down. Most serious breaches come not from novel attacks but from a gap in this foundation.