The Ten Commandments of Computer Security for Mere Mortals
Not long ago, an acquaintance had their identity stolen. The case was rather serious, with the perpetrators draining thousands of dollars from the victim’s bank accounts.
Image by Peter Olexa from Pixabay
At that time, I began to refine a list of ten common-sense security guidelines that the victim could observe to avoid a repeat of the ordeal. I came to think of the list as The Ten Commandments of Computer Security for Mere Mortals. They are provided below:
Accept that you cannot buy security; no product or service alone will keep you safe.
Use passkeys wherever they are supported, as they are much more secure than passwords and much easier to use.
Use a password manager, perhaps the one built into your device, to remember passkeys, to remember multi-factor codes, and to generate and remember unique, random passwords for services that do not support passkeys.
Update software regularly. (Yes, unfortunately, this usually needs to be done even if the new version of the software changes things in a way you don’t like.)
Update hardware (phones, tablets, computers, etc.) when they’re so old that the they stop receiving software updates.
Understand when you are installing software, and only install software you trust. Never click Yes (or similar) when you don’t know what you’re doing.
Treat all unsolicited pop-ups, emails, text messages, phone calls, and links as guilty until proven innocent.
Be suspicious of anyone claiming to be technical support or a government official, as well as anyone who pressures you to act quickly or not talk to others.
Use a reliable email service/app like Gmail, Outlook, or Fastmail that accurately detects and hides malicious emails.
Keep everything backed up at all times.
There are some caveats with these commandments, of course. I have found that Gmail, at least, is getting worse at detecting spam and phishing emails. Some programs like Malwarebytes and AdGuard can be helpful when their limitations are genuinely appreciated and they are not considered panaceas. The list could also highlight that the benefits of VPNs are dramatically overstated.
Still, at this point in time, I think these are good guidelines. They are designed to counter credential stuffing, phishing, social engineering, scams, ransomware, and more. I imagine that anyone following them would be safer than 99% of people.
Unlike the real Ten Commandments, these guidelines are not written in stone, literally or metaphorically. Technology changes, and I strive to update this advice to account for those changes. The commandments were last updated on October 22, 2025.