The number one un-safe behavior that we have all been taught is trusting “Save password?” prompts from our internet browsers and from our phones Cloud backup "KeyChain" that saves all of our passwords, notes, contacts, app settings, etc "in the cloud".
These were invented to be convenient and helpful for us, but unfortunately these are the very keys that people with bad intentions take and make copies of. With a copy of all of your passwords they effectively have access to your entire life- All of your emails, your accounts where you might update your address if you move, even your financial information. THIS is why escaping stalking feels so impossible- if you don't handle every. single. entry point... then they will find a way back in and get to your information again.
Now that we know that “save password?” is something you should click “NEVER” on from here on- Let’s start digging yourself out of the unfortunate position of having all of your passwords saved in an unprotected manner like this. These are free tools! You'll just need to dedicate some time to starting this process.
Step 1: Download BitWarden and BitWarden Authenticator
((Don’t register yet!! Read Step 2!))
(Click here to download BitWarden) BitWarden is an encrypted (un-copyable) password generator and manager. Meaning it will help you create safe passwords so you don’t even have to think about them, then it will also help you save them in an encrypted app that will live on your phone or PC. You’ll log into the app, then copy & paste your passwords every day. No memorization, just ease! You'll get used to it super fast I promise. :) (Click here to download BitWarden Authenticator)
Step 2: BEFORE YOU REGISTER – Create a new email for your password manager.
I recommend that you create a free Proton email JUST for this purpose (also free, although very limited storage – It will work for this! (click here to create a free Proton email ) I do NOT recommend the G-brand email that everyone uses because it is often integrated into FAR too many services. It just isn’t safe, especially if you have been or believe you could have been targeted. We have to realize that IF someone has accessed your un-encrypted passwords (by using your computer, plugging into your phone, plugging your phone into something disguised as a "normal charger" or to their PC, etc), then signing up for your new password manager with one of your current, possibly compromised emails is NOT a safe move.
Sign up for Proton Mail in a browser, not in the Proton Mail app ((and DO NOT click “Save Password” on ANYTHIIIING lol – Write the password you create down for now!! Make sure it’s multiple random words, capitol letters, numbers, and some symbols. You WILL be able to save this in your password manager in a bit!)
General reality check about data compromise: If you've dated anyone abusive, used the same wifi as them, shared a carrier phone account with them, if they worked in tech, or they had more access to your devices/therefore your info than they should have- the likelihood of compromise is very high especially with controlling or vengeful people. There will not always be obvious signs, often times it's silent and the access they steal is never discovered. But you CAN clean up and kick them out even without proof. :)
Compartmentalizing & NOT connecting every single service and email together is key to having systems that can't be hacked all at once. STOP using "Sign up with G(email)" or "Sign up with (social media platform)" on websites or apps- Just sign up by manually typing in your email to register with. Furthermore, having many emails (or the ability to use email aliases) for different services is key to having privacy with how the world is now. The less that people know about your internal systems and registrations the better. (For example: Having a public facing email that you share with people and communicate with, a private business casual email address you use for work related or resume things only, then a secret email or alias you use for social media registrations, then another secret email or alias you use for your utilities, then another secret email or alias you use for spam registrations or things that'll email you regularly, etc. Proton lets you use aliases by the way, unlike G(email)- If you can't tell I don't trust G(email) for very good reasons, lol)
Step 3: Register for BitWarden with your NEW eMail
Once you sign up for your new Proton email, NOW register for BitWarden within the app using that email – Write your BitWarden email & password combo down (as you won’t be able to access it within BitWarden when you’re needing to log in to BitWarden… because it’s inside! Lol – Also make this password secure, unpredictable, and keep it somewhere safe. Eventually you’ll memorize this because you’ll need to type it in every day so don’t make it TOO crazy, but keep a back up written down anyway!)
Step 4: Creating your First Login Entry!
(Click here for instructions from BitWarden on how to create new entries!) Within BitWarden, go ahead and click the little plus sign at the bottom right and create your first login entry with name titled “Proton Mail” (include the space for easier searching).
Enter your new email in the email/username field, manually type in the password you wrote down for your new Proton Mail in the password field and click save at the top! Congrats on your first entry! :D
You’ll create entries for things as you go along your password resetting journey (which you should begin NOW by the way- Reset passwords to EVERYTHING if you believe you've been compromised and save them all in BitWarden! Check out Step 6 before you start going ham though! While you're resetting passwords you should also be setting up 2FA/MFA/Multi-Factor Authentication via TOTP).
In the future you’ll add an entry for whatever platform you're resetting your password for (just click "forgot password" on the login page to do this fastest BTW), click the circle arrows to the right of the password field to have it generate passwords for you (select your variations like using multiple words, symbols, and numbers), and save your entry, THEN copy / paste it into the new password field of whatever you're editing. Don't make the mistake of generating it, NOT saving it, then leaving the BitWarden app because if you come back it may have generated you a new one by the time you get back. SAVE first, THEN copy and paste it into the new password field. :)
Step 5: Integrating BitWarden Authenticator
Now that you have signed up for BitWarden, go ahead and open the BitWarden Authenticator app and follow the straight forward instructions to connect it to BitWarden. Click yes for syncing. It’ll walk you right through it – super easy.
Step 6: Enable 2FA/Multi-Factor Authentication on your New eMail
Now that you have both of those connected, go to your ProtonMail in your browser (or log back in) and go to the settings. You’ll need to turn on 2FA also known as MFA / Multi-Factor Authentication immediately to keep this new email safe (Click here to read another post about 2FA/MFA/Multi-Factor Authentication)
Click here for instructions on how to set up 2FA/MFA for Proton Mail!
Step 7: Enable Multi-Factor Authentication on BitWarden
You'll want to set up 2FA/MFA/Multi-Factor Authentication for your new password manager login also. Personally, I purchased a YubiKey and I use it for my high priority login 2FA/MFA - But for now, you can set up "Authenticator App" / TOTP / Timed Code authentication. There are important notices about saving your "recovery code" in case you ever get locked out, make sure you WRITE THAT DOWN (in the same place you wrote your password for BitWarden, HIDE those!!) -- (Click here for the instructions for enabling 2FA/MFA for BitWarden)
Step 8: Start Resetting Passwords & Setting up 2FA/MFA
Now that you have your new email and your new password manager secured, it's time for you to start resetting passwords and saving new entries for all of your services!
PRIORITIES: Your phone's automatic backup CLOUD ACCOUNT. IMMEDIATELY!! (iCloud, Samsung Cloud, Whatever it is!! Any and ALL cloud accounts. Log into it in a browser and reset + MFA that thing NEOW. That's the number one thing abusers take control of.
► Critical: Your current and previous Apple ID/Samsung ID/Whatever Cloud/Phone login IDs first!
► Highest Priority: ALL of your old emails next, then anything you know is compromised (settings being changed, etc).
► High Priority: Financial (paypal, venmo, cashapp, 401k, investments, anything work related, cryptocurrency – you will need to move your crypto portfolio to a new wallet if you were compromised)/banks, utilities, govt websites, healthcare, medical, social medias, rent portals, USPS informed delivery, online security cameras, vehicle connected car/telematics account (location tracking risk- contact your dealership or where you bought the car to reset the login for this if you don't know how) etc.
► Medium Priority: Apps you love, whatever you use every day, gaming service logins, streaming services, online shops, Amazon- especially if it’s linked to devices that listen in or monitor your home (Alexa, voice activated anything, cameras, etc), grocery stores, delivery services, etc.
► Low Priority: Random one time use logins on websites you bought something from once, an app you tried for a week, rewards memberships, etc. If you still care about these definitely reset them, but they’re definitely not emergency reset level. Save them for later if you’re scrolling down your saved logins list.
You don't have to do this all in one day, but if you nail the big ones on the first day you'll be able to breathe a lot easier. :) It's totally normal to go to log into something one day and realize "oop, I haven't done this one yet" - Don't stress. If you want to be SUPER thorough, you can open up your saved passwords list in Chrome or your phone keychain to scroll through there and find which ones you want to do first!
You're headed towards digital sovereignty, so proud of you! (Search online "How to set up 2FA/MFA for (platform)" if you ever need guidance, you'll always be able to find walk throughs for this stuff!)