Securing my user data and passwords

[Noxious_Silver]

Alright so after doing much research on this forum and others I have secured all my login data to a good PWmanager. I have set up this manager to use 2fa "authenticator app" only but with recovery codes. The authenticator has 2fa text,call and recoverycodes. The only digital version of the recovery codes is safe. What should I do next? My worries is last time my Pc was hacked though unknown means when downloading files peer to peer. My problem was that through whatever means access to my pc for ten minutes let them into everything and it tooks months to fix it and finacial data was compromised. What more should I do to stay secure? Can I procect my browser cookies? I use windows 11 and chrome out of preference.

 

Thank you for your help ahead of time.

[MatthewSH]

5 hours ago, Noxious_Silver said:

What more should I do to stay secure?

Don't download files you don't know is the biggest thing. Not gonna dive into what you obtained through P2P means but yeah. I run password manager and just windows defender and I've felt safe (I was hacked pretty good like 7 years ago and I'm still a bit paranoid). I just am cautious with stuff. I don't run strange executable and I'm even a bit weary with PDFs people send me. Really any document as macros exist and PDFs have had issues in the past.

 

Just having a good anti-virus is so big though.

[thrasher_565]

best is to have a off line storage. and probably change passwords offen.

[LloydLynx]

Have a dedicated computer that you keep super locked down. Whole drive encryption, use one of the many paranoid FOSS operating systems and only use FOSS software, always keep up to date, and be extremely skeptical about anything that comes into your PC. If you have a dedicated super locked down PC with a mega chungus complicated encryption password, that computer basically becomes your password manager, especially if you hide your passwords deep in system files where the standard user doesn't have permission to read. And keep regular backups onto a portable hard drive that you can carry with you when you don't have your computer on you. Of course it must also have a mega chungus complicated encryption password that's different from your computer's. I personally don't feel comfortable with cloud password managers.

 

Look up Mental Outlaw's video about creating strong passwords. 

[Noxious_Silver]

On 4/6/2023 at 6:36 PM, MatthewSH said:

Don't download files you don't know is the biggest thing. Not gonna dive into what you obtained through P2P means but yeah. I run password manager and just windows defender and I've felt safe (I was hacked pretty good like 7 years ago and I'm still a bit paranoid). I just am cautious with stuff. I don't run strange executable and I'm even a bit weary with PDFs people send me. Really any document as macros exist and PDFs have had issues in the past.

 

Just having a good anti-virus is so big though.

Thank you. I also use p2p for legitimate things to. The point I was intending to make is that p2p transfers are easily spoofed into dangerous files if someone tried hard enough. It was just an example to use. Honestly I feel that the biggest virus containers now adays are ads and emails.