Super Simple Security Principles

Helpful episodes to listen to firstEpisode 96: Why Your Email Account Should Only Be For EmailEpisode summaryThey say pick your battles. Well, I'm picking mine. I want you to ditch Gmail.Maybe you're holding back because you think that means giving up Google Docs, Google Drive, Google Photos, or some other Google service.If this is you, I have great news. I promise: you can ditch Gmail, but keep all the rest of the Google services you use.Option 1 - Let your Gmail account survive, but transition away from ever using it. Not using the Gmail service doesn't stop you from using any other Google service.This works great if you are a heavy user of Google services.Option 2 - Create a new Google account, using a non-Gmail email address. I know that might sound crazy and impossible, but it's easy.It works the same as creating an account at any other website, other than the fact that Google makes it the default to signup using Gmail.Drop me a note when you've made the switch!Get the FREE Bulletproof My Identity Starter KitGet help from Makani

Episode summaryProton provides a lot of the same services as Google, but with a privacy focus. From the beginning, their core values have been privacy and security. They offer a great, useful free version for many of their products. For full functionality, a paid subscription is required.They started with email (Proton Mail), and have expanded to other core services comparable to what is offered by Google - Proton Drive, Proton Docs, a password manager, a VPN and more.I am super grateful for Proton, and their foundational focus on privacy and security. It's something that few companies truly prioritize, especially amongst the giants in the tech space. They have been steadily growing, and I hope they continue to grow, and one day even take a notable share of customers away from Google.One major obstacle standing in their way right now is the usability of their products. Many of them are still far more clunky than their Google counterparts. For those who care enough about privacy and security, they will overlook this.But if Proton really wants to grow, they need to spend a lot more time polishing their products. I hope that before too long, they will stop adding new stuff, and turn all the good services they have into truly great ones.LinksProton - a privacy focused version of Google servicesGet the FREE Bulletproof My Identity Starter KitGet help from Makani

Episode summaryMy top choice for email app, both on my phone and my laptop, is the native Fastmail app. This app only works though if Fastmail is your email provider - which I highly recommend. I have been using Fastmail as my primary email account since 2013.I also have several gmail accounts and for them, I use the gmail app on my phone, and Mimestream on my laptop. It's a strange sounding name I know. Unfortunately, it's only available on Mac, and it costs money, but it's built specifically for gmail and works beautifully. I've tried a lot of different apps, and Mimestream is my favorite.For Windows (also works on Mac), my top paid recommendation is Spark.If you're looking for a free option, Thunderbird works well. If you are a Mac user (like me), then Apple Mail is also a solid free option.LinksExcellent paid MacOS Gmail app - MimestreamExcellent paid Windows/Mac Gmail app - SparkExcellent free Windows/Mac email app - ThunderbirdGet the FREE Bulletproof My Identity Starter KitGet help from Makani

Episode summaryI've talked about it endlessly. I will keep doing so. Your email account is vital to protect.But most people are missing a simple and powerful layer of protection for their email account: using an app to check email instead of the browser.Virtually everyone uses an app to check email on their phone - that's a good start. But most people use a browser when they check their email on their computer. This is where we have work to do.If you always use an app to check your email, and follow my advice in Episode 96: Why Your Email Account Should Only Be For Email, your email account will be extremely well protected against a phishing attack.During the recording of this episode (99), I realized that the advice in episode 96 can be a challenge to follow for heavy Google users, which many of us are these days. I will be making an episode soon to give you a way to do this without giving up everything you use and love about Google, so keep reading!Get the FREE Bulletproof My Identity Starter KitGet help from Makani

Episode summaryWhat do I mean when I say your home network is compromised? I mean that one of the devices in your home has been taken over by a hacker without you knowing it.It could be any device that connects to the internet, not just your phone or laptop. Cameras, doorbells, routers, appliances, and smart TVs are all valuable targets.There's a tool that can help figure out if this has happened. It's super simple for anyone to use. It won't answer all your questions, but what it can tell you is if it knows about devices being compromised either in your home network or somewhere in your digital "neighborhood".Click here now to check - it's free and immediate. If you do find a problem, feel free to reach out on the forum for help.LinksCheck Your Digital Neighborhood for Compromise1.8 Million Smart TVs hijackedGet the FREE Bulletproof My Identity Starter KitGet help from Makani

Episode summaryThere is a simple feature that can help you greatly in the fight against phishing. Yet all the email providers I've checked, aside from Fastmail, lack this feature.What is the feature? The ability to route emails you receive based on whether the sender is a known contact.Here’s how you use it:1 - Set up a rule to route all email from unknown senders to an “Unknown Sender” folder.2 - Go carefully through each email in that folder, and for any email you trust, add that sender to your contacts.3 - For any email you don’t trust, mark it as spam or block the sender.Then, when a phishing email comes in trying to impersonate a sender you trust, it will end up in the "Unknown Sender" folder. This is the folder where you carefully review every email, and if it is pretending to come from a known sender, you will know it’s a phishing attack.Get the FREE Bulletproof My Identity Starter KitGet help from Makani

Episode summaryI believe your email account should only be for email. Instead, most free email providers turn your email account into an account for all their services.Google is probably the worst for this. Your Gmail account is actually a Google account that gives you access to Google Docs, Google Drive, Google Photos, Google Chat, YouTube, and much more.On top of that, many websites allow you to "Log in with Gmail." This expands even further the number of accounts that are directly connected to your email account.Taken all together, this is a security nightmare. Email accounts are already enough of a master key to your online identity, just through their ability to reset forgotten passwords.All these accounts being tied to your email also means a lot more opportunities for you to get caught in a phishing attack - because you’re entering your email password not just to access your email, but to access all sorts of other services as well.Linkshttps://workspace.google.com/blog/identity-and-security/defending-against-account-takeovers-top-threats-passkeys-and-dbschttps://blog.checkpoint.com/research/phishing-trends-q2-2025-microsoft-maintains-top-spot-spotify-reenters-as-a-prime-target/Get the FREE Bulletproof My Identity Starter KitGet help from Makani

Episode summaryBlocking all spam before we see it is tough. Email providers are reluctant to block it entirely, in case they are wrong and it’s not spam. The compromise is that they send it to the Spam or Junk folder, where it can be recovered.As the reader of that email, though, it’s often easy for us to identify it as spam and say, "I never want to receive email from this sender again."This is where the "Block Sender" feature that some email providers have, including Gmail and Fastmail, comes in.There’s a big difference, though. In Gmail, the email still ends up clogging up the Spam folder. In Fastmail, it goes straight to the Trash, so I never have to see it.That may sound like a little thing, but when you’re dealing with spam, it adds up. What’s more, I think it’s symbolic of Fastmail's greater commitment to fighting spam.Get the FREE Bulletproof My Identity Starter KitGet help from Makani

Episode summaryYou have an email account, but how did you pick your email provider? Do you use Gmail simply because that’s what everyone you know uses?I want your choice of email provider to be intentional, not accidental. Today is the first in a series of episodes where we’ll examine my most important considerations when picking an email provider.Some will be "micro" considerations: specific, individual features. Do they have tags or folders? A "Report Phishing" button? How many aliases do they allow?Some of them will be "macro" considerations: bigger-picture sorts of questions. How do they make their money? What kind of customer support do they have? Are they working to improve the email ecosystem for everyone?I’m going to show you why I prefer Fastmail to Gmail and the other big free providers, like Microsoft, Yahoo, and Apple.Get the FREE Bulletproof My Identity Starter KitGet help from Makani

Episode summaryWhen I choose a digital or tech service, I look for a company with a clear focus that aligns with mine. For each option, ask yourself: what’s the one thing this company does really well?Take Gmail, the most widely used email provider. If you ask what Google’s "one thing" is, some people might say email - but I’d argue most would say "search." For me, I see it as building the internet by means of an advertising economy. A great thing in many ways, but does nothing to make me think they are going to be the best email provider.That’s why I prefer companies with a single, obvious focus. It’s a simple principle, but it’s guided me well. It's no coincidence that most of my favorite security tools share this trait: Fastmail, 1Password, Little Snitch, Syncthing, and Signal.Get the FREE Bulletproof My Identity Starter KitGet help from Makani

Episode summaryWhen you join the email workshop, you will be making some decisions. The first two are simple but important: which email provider you’ll use, and which email client.Your email provider is the company that gives you an inbox and stores your messages on their servers. The big ones are Google (Gmail), Microsoft (Outlook, Hotmail, Live), Yahoo, and Apple (iCloud).An email client is the app you use to read and send email. There are a lot of options. On your phone, that might be Apple Mail or the Gmail app. On your laptop, it's most often your web browser.Personally, I’ve used Fastmail as my provider since 2013. On my phone, I use their custom app (which I love), and on my laptop, I use a browser.Get the FREE Bulletproof My Identity Starter KitGet help from Makani

Episode summaryMost people I know have email inboxes that are overflowing. I can’t count how many times someone has proudly (or sheepishly) shown me their phone with hundreds - sometimes thousands - of unread emails piled up.That would drive me comletely insane. For me, ending most days with an empty inbox isn’t just satisfying - it’s also a big security win. That’s why we’re tackling it in the workshop.Reaching inbox zero takes the right tools and strategies. But the most overlooked piece is mindset. If you don’t accept the reality of the tiny amount of time you have to read email, you’ll never make the changes needed to get to inbox zero.If you’re ready to hit inbox zero - daily, weekly, or even monthly - join me in the email workshop.LinksDigital Organization Guru I likeGet the FREE Bulletproof My Identity Starter KitGet help from Makani

Episode summaryPrivacy is a popular buzzword these days, but not one you have heard a ton about from me. Especially with email. Mostly because the email system we all depend on was not built for strong privacy.Some companies, like Proton and Tuta, provide encrypted email services. I trust, respect, and am in fact, extremely grateful for their efforts to compensate for such a huge failing in our email system. But when I want true privacy, I don’t count on email - I use tools built for it, like Signal.Life is full of tradeoffs, and choosing an email provider is no different. In the workshop, we’ll dig into those privacy tradeoffs and help you find the option that best fits your needs.Get the FREE Bulletproof My Identity Starter KitGet help from Makani

Episode summaryThis may be the fourth priority in our email workshop, but it’s truly #1 in importance: protecting your email account from takeover. Your email is the master key to all your online accounts. If you want to keep anything secure, you have to start here.The good news? It doesn’t take much. The first step is simple, but it’s something most people still don’t do: use a unique password. I'm not asking you to stop reusing passwords in general. For now, please just start by never reusing your email password - keep that one password unique to your email account.After that, you should enable two-factor authentication for your account. Ideally through an authenticator app, not a text message to your phone.There are a few more advanced steps depending on your situation, but if you have a strong, unique password and 2FA, you’ve built a solid foundation for keeping your email - and everything it unlocks - safe.Get the FREE Bulletproof My Identity Starter KitGet help from Makani

Helpful episodes to listen to firstEven a Security Expert Can Get PhishedEpisode summaryToday's priority for our email workshop is learning how to dodge the phishers. Too often the only advice we hear is: don't click the wrong thing. While true, that also means living in a state of what Mad-Eye Moody calls constant vigilance! That sounds exhausting.The real problem is that email was never designed with strong safeguards against impersonation. I still remember, as a teenager, emailing my friends - pretending to be Santa. Email has gotten better in the last 30 years, but not by much.In the workshop, you’ll learn two extra layers of phishing protection that almost nobody uses. First, use a unique email address for with each website that sends you email. I'll show you how to make this simple.Second, only allow approved senders into your inbox. This provides a specific trigger to raise your caution level when it's needed the most.Join me if you're ready to stop being an easy phish to catch.Get the FREE Bulletproof My Identity Starter KitGet help from Makani

Helpful episodes to listen to first10 Spam Per YearEpisode summaryThe second priority of our email workshop is eliminating spam. It’s one of the biggest sources of email stress -- see episode 86 for why this matters so much.Cutting out spam also removes most phishing attempts before they ever reach you. Yet many people see spam like death and taxes: unavoidable.I’m here to tell you that spam IS avoidable. With the right tools -- and the skills to use them effectively -- you can beat spam. I’ve done it myself, keeping my spam to just 10 messages a year (see episode 17).Join me in the workshop and learn how to make spam a thing of the past.Get the FREE Bulletproof My Identity Starter KitGet help from Makani

Episode summaryThe first priority of our email workshop is simple: reduce your email stress.It might sound surprising, but I see lowering email stress as a vital -- and often overlooked -- security improvement. When we’re stressed, we think less clearly and are more likely to click on something we shouldn’t.Some people are so overwhelmed by email that they check it as little as possible. That’s also a security risk -- most security alerts arrive by email, and if you aren't checking your email, you may not see them until it's too late.Get the FREE Bulletproof My Identity Starter KitGet help from Makani

Episode summaryIn this episode, we’re exploring who can benefit most from our email workshop. If email causes you stress, frustration, or fear -- this workshop might be for you.But improving your email situation requires doing things differently, and you need to be ready to do that. There are many strategies, and I’ll work with you to find the ones that best match your needs and priorities.The hardest change I recommend? Setting up a new, paid email account. If you can't or won't, I'll still do my best to help you, but in the world of email, the saying holds true: you get what you pay for.Get the FREE Bulletproof My Identity Starter KitGet help from Makani

Episode summaryEmail has never been more important. It’s the master key to all your online accounts and the universal way we communicate.But for many of us, email is also a constant source of frustration -- spam piling up, the fear of clicking something dangerous, or just feeling overwhelmed by the flood of messages.That’s why I’m going to be running a live, interactive group workshop over Zoom. We’ll meet in multiple sessions, with short educational videos and practical homework in between.By the end, you’ll have the skills and tools you need to take control of your inbox and conquer your email woes for good.Get the FREE Bulletproof My Identity Starter KitGet help from Makani

Helpful episodes to listen to firstDo I Need to Upgrade to Windows 11?Should I Upgrade to Windows 11?Episode summaryIf you are sticking with Windows 10, I highly recommend installing the InControl app from my favorite security podcaster, Steve Gibson.Fair warning: his website looks like it’s straight out of the early 2000s and is geared toward technical folks like me. If you poke around, just be ready for some serious computer geekiness.The good news: his app is dead simple to use. Download it, double-click to run, click the "Take Control" button, and the big red text will turn green -- letting you know that Microsoft can't trick you into accidentally upgrading to Windows 11 before you're ready.LinksInstall Steve Gibson's InControl appGet the FREE Bulletproof My Identity Starter KitGet help from Makani