The Complete Cybersecurity Checklist for 2026 — 20 Steps to Secure Your Digital Life
Affiliate disclosure: This article contains affiliate links. If you click a link and make a purchase, we may earn a commission at no extra cost to you. Our editorial recommendations are never influenced by commissions — read our full disclosure policy.
How to Use This
Four tiers, ordered by leverage. Start at Tier 1 today. Do not move to Tier 2 until every Tier 1 item is done. The order is deliberate — each tier closes a higher-leverage gap than the next.
Tier 1 — Today (One Hour)
High-impact, low-effort items you can complete in a single evening.
1. Enable 2FA on your email. Email is the master key — every password reset flows through it. This single step prevents most account takeovers.
2. Enable 2FA on your password manager. If you do not have one yet, skip to Tier 2 step 6 and come back.
3. Enable 2FA on your bank. Use an authenticator app rather than SMS if offered.
4. Check haveibeenpwned.com for every email address you use. Note which services have breached. You will change those passwords in Tier 2.
5. Update your router firmware. Log into your router's admin interface and apply any available updates.
Tier 2 — This Week
6. Install a password manager. NordPass, 1Password, or Bitwarden. Import your browser passwords and set a strong master password.
7. Change passwords on important accounts. Email, banking, primary social media, anything breached per step 4. Use the manager to generate unique 20+ character passwords.
8. Change your router admin password from the default.
9. Enable WPA3 or WPA2-AES on your WiFi. Never WEP, never original WPA.
10. Set up a guest network for IoT devices. Full guide: Secure Your Home Network.
Tier 3 — This Month
11. Install a VPN. NordVPN or Surfshark. Configure it on every device you own and set it to connect on untrusted networks automatically.
12. Enable 2FA on every social media account. Instagram, X, Facebook, LinkedIn, TikTok, Reddit.
13. Review app permissions on your phone. Settings → Privacy. Revoke location, microphone, and camera from apps that do not need them. Most do not.
14. Enable full-disk encryption. BitLocker on Windows, FileVault on Mac. Turn it on today — it is free and prevents a stolen laptop from exposing every file on it.
15. Enable auto-updates on all your software. OS, browser, password manager, antivirus.
Tier 4 — Ongoing Habits
16. Think before clicking links. Hover to see the real destination. If an email from your bank links to "b4nk-login.example.com", that is not your bank.
17. Verify unexpected contact by calling back on the official number from the company's website — never the number in the message.
18. Check your credit report quarterly. Annualcreditreport.com (US), or your national equivalent. Look for accounts you did not open.
19. Keep 2FA backup codes stored securely. As secure notes in your password manager or physically in a safe.
20. Review connected apps annually. Google, Apple, Facebook all expose a list of third-party apps with access to your account. Revoke anything you do not actively use.
The Budget Reality
The paid items above — password manager, VPN, antivirus — come to under $12 a month in total on annual plans. That is the ongoing cost of a comprehensive security posture. The Tier 1 items cost nothing.
If you complete this checklist you will have closed the top fifteen attack surfaces most individuals face. Everything beyond that is refinement.
Related reading: Complete Security Stack, Identity Protection Guide.
Reviewed by Øyvind — NorwegianSpark · Last updated: 15 April 2026