Don’t miss any of the following concepts, otherwise you can’t reach the overall goal of having a secure computer.
Most people use & memorize passwords in mind, however, that is incorrect behavior. In your life, you will need to only memorize:
- Only one Password [strong] (which we call MASTER PASSWORD throughout this article).
- Only one Pincode [around 5-6 digit] (which we call MASTER PINCODE throughout this article).
You haven’t heard it – Let’s start.
Note1 : Create a folder i.e. MyFolder on your desktop and in the end you we will tell you what to do with it.
Note2: The phrase ‘passcode‘ can be understood as a synonym of password or pincode together.
### 1) Use Password Manager – START FROM THIS POINT ###
The most critical password you need to always remember in your mind and never forget, is your primary MAIL ACCOUNT password (let’s call it your MASTER PASSWORD) . You should have a password for your mail account, which you don’t use for any other services. Also, you must have 2-FA authentication enabled, i.e. – you can use SMS codes if you are an average user, but if you think you are targeted, then SMS is less secure and for higher security it’s better to use TOPT authenticator apps (any from the following: Authy | Lastpass authenticator | Goolge Authenticator(not preferred) | Aegis authenticator) and after scanning the QR code, save that QR code screenshot file into MyFolder.
Now, it’s time to simplify your digital life. In most cases when people hear this statement, they think this doesn’t relate to them at all. However, you definitely need password manager – just spend only10 minutes and you will never forget this day, as it will change your digital life into better and you will never look back. How does password manager works? You can find out on youtube, but I’ll go on with this article. I don’t suggest to use Chrome/Mac builtin password manager, instead I like password-manager service called LastPass (even though I prefer Lastpass for different reasons, there exists competitor services: 1Password and Bitwarder, and doesn’t matter whichever you choose). It is the secure cloud storage where you automatically store passwords and secure notes (you will find out how good this is) with encryption, so neither that service can read your data. That solution can be run on any device – Windows/Mac/Chrome/Androind/IOS/Linux etc… So, go install Chrome extension and sign up ( if you afford 3$/month plan, then install mobile version too) and during registration, set your MASTER PASSWORD in a ‘master-password field’. (Note: During registration, you might be also given a “recovery key” for that password-manager, which you will need to backup and save into MyFolder.) When registration is finished, Hurrah! From now, when you login any website, your passwords will be stored automatically in Encrypted Vault (on cloud), and you don’t ever need to remember any website‘s password. Instead, it will auto-fill the saved passwords from this moment. You can also save secure notes there, which you can access from other devices anytime.
### 2) BIOS protection ###
Now, let’s start protecting your computer. When computer starts booting, on that same moment, enter BIOS by continuous clicking on F2 (or F9/F10/F12). From there you should will find places to set Pincode (MASTER PINCODE, which you will never forget) for the below elements:
- A) to access BIOS (sometimes also named as :
Administrator [or] Setup password) - B) to turn on PC (sometimes also named as :
User [or] Machine password) - C) to access Hard-Drive (Note: At this moment, temporarily, we don’t suggest you to enable HARD-DRIVE passcode in BIOS, instead we suggest you much better & safer approach named ‘Drive Encryption’ in the bottom of this article. If you won’t be able to do Drive Encryption for some reason, then return back and set Hard-Drive passcode in BIOS).
### 3) Windows protection ###
After protecting computer hardware from BIOS, the next step is to protect your Windows & Data. For that:
- A) Require Lockscreen passcode after turning on PC to enter your windows user – for that, you need to set user passcode (called as account password). Even thought it is not high security, it is still good basic level. So, after turning on your PC and reaching to Windows Login screen, there will be additional Lockscreen for password specifically for your user.
- B) also enable Require Lockscreen after Wake-Up (instructions for: Win10 | Win11 )
- C) also enable Require Lockscreen after arriving from Screensaver (instructions for: Win10&Win11 )
NOTE: this is not much critical part, if you work from home and thus, there is not everyday risk your pc was accessed while you are away, so you can set a very simple two letter password there, like aa (or alike) to quickly enter your desktop (but if you are concerned, then use something more secure passcode, like MASTER PINCODE)
### 4) Internal & External Hard-Drives encryption ###
Even after you setup bios or windows passwords, there are still chances someone could break into drive/data. For that, there is a solution: Drive Encryption (doesn’t affect performance negatively) called BitLocker – read instructions here [or here or here] (However, it is available only for above Windows Pro versions, so if you are windows Windows Home user – read this [or this], or use VeraCrypt ).
When turning on Bitlocker, in initial procedure it might not allow you to set password, but instead it will generate itself a 48-digit RECOVERY KEY – it will be your main key which you need to save into your password manager (SAVE IT, DON’T IGNORE THAT 48-DIGIT KEY). After that you can enable temporary passcode for bitlocker drive, so when you boot your Windows on same PC, you can use passcode (set your MASTER PASSWORD or MASTER PINCODE) instead of 48-digit KEY. Also, other than system OS drive, you should bitlocker protect your external hard-drive too, where you make backups.
That’s all !
Note: To mention about that MyFolder– you should compress that folder (using 7zip or winrar) into .zip format, but when creating an archive, you should set PASSWORD for that zip file (use your MASTER PASSWORD, so no-one will be able to open the contents). After that send that archive to your email & best friend’s email & your external drive – so, even if your computer get stolen/damaged, you can have an access to that archive.