I’ve spent the last few years helping everyday people (not developers, not security professionals) actually lock down their digital lives. The patterns of what people get wrong are remarkably consistent.
1. Thinking a strong password is enough
A strong password is table stakes. Without 2FA (and ideally a hardware key like YubiKey), your “strong password” is one phishing attack away from being useless. The password is the lock. 2FA is the deadbolt. You need both.
2. Trusting the cloud by default
“It’s backed up to iCloud” is not a security strategy. It’s a convenience strategy. Understanding the difference between those two things is half the battle.
3. No plan for incapacitation
This is the big one. What happens to your digital life if you get hit by a bus tomorrow? Your Bitcoin, your passwords, your 2FA codes… who can access them? This is why I’m building the Bus Factor Insurance course.
4. Security theater over actual threat modeling
Buying a VPN because a YouTuber told you to, while reusing the same password across 40 sites. The mismatch between perceived and actual risk is staggering.
5. Treating security as a one-time setup
Security is maintenance. Keys expire. Threat landscapes change. Backup procedures need testing. If you “set it and forget it,” you’re building on a foundation that’s slowly crumbling.
Want help getting this right? That’s what Fortress21 is for.