Minimum Viable OPSEC Sanity Checklist

# Minimum Viable OPSEC Sanity Checklist - [ ] Have you set up [two factor authentication](https://plainshift.io/blog/minimum-viable-opsec#multi-factor-authentication) for all your accounts? Remember to avoid SMS as an authentication factor. - [ ] Have you set up a 2/3 sig personal [multi-sig account](https://plainshift.io/blog/minimum-viable-opsec#setting-up-a-personal-multi-sig-wallet)? - [ ] Do you rotate keys once every year? - [ ] Do you use different wallet providers for each sig? (To ensure a critical issue in one doesn't affect all keys) - [ ] Do you have a Yubikey? - [ ] Do you have a backup in case it gets stolen or becomes corrupted? - [ ] Have you set it up to run with your accounts as another authentication factor? - [ ] Have you set up [isolated and segmented VMs](https://plainshift.io/blog/minimum-viable-opsec#virtual-machines-isolation-and-segmentation)? - [ ] Communications VM for email, social media and any external comms. - [ ] Development work VM. Should only include IDE, smart contract development toolkit and wallet. - [ ] Do you use [diceware to generate truly strong passwords](https://plainshift.io/blog/minimum-viable-opsec#secure-password-setup-and-management)? - [ ] Do you use a [password manager](https://plainshift.io/blog/minimum-viable-opsec#password-managers)? - [ ] Is its master password 128 bits or higher? - [ ] Do you have a written backup of it in a physical lockbox? - [ ] Do you store your passphrase in here? Yes? Good. - [ ] Do you backup your password manager database at least weekly? - [ ] Do you have more than one backup? You can use [Tarsnap](https://tarsnap.com) or [SyncThing]() to host. - [ ] Do you generate all your new passwords with the in-built password manager? - [ ] Did you migrate all your credentials to the password manager? Did you regenerate stronger passwords for them? - [ ] Is your machine utilising [full disk encryption](https://plainshift.io/blog/minimum-viable-opsec#full-disk-encryption)? - [ ] Have you backed up the recovery key to a safe, encrypted place like [Tarsnap](https://tarsnap.com) - [ ] Do you have ["Find My"](https://plainshift.io/blog/minimum-viable-opsec#a-note-on-find-my-iphone-and-mac) enabled on your apple devices? - [ ] Have you [hardened your social media accounts](https://plainshift.io/blog/minimum-viable-opsec#hardening-social-media-and-contact-paths)? - [ ] Do you know what [phishing attempts look like](https://plainshift.io/blog/minimum-viable-opsec#phishing-social-engineering-compromise-and-what-to-do-about-it)? - [ ] Have you finished Google's phishing exercises? - [ ] Do you have the recommended anti-phishing extensions installed? - [ ] Do you know how to preview embedded links on mobile and PC? - [ ] Do you have an [anti-virus installed](https://plainshift.io/blog/minimum-viable-opsec#malware-detection-monitoring-and-remediation) on your machine alongside your default security? - [ ] Is it premium or the free version? - [ ] Do you have VirusTotal's browser extension enabled? - [ ] If you are running MacOS, do you have the [recommended Objective See tools](https://plainshift.io/blog/minimum-viable-opsec#MacOS) installed? - [ ] Do you know what [sim-swapping](https://plainshift.io/blog/minimum-viable-opsec#preventing-sim-swapping) is? Have you taken the neccessary precautions against it?