The Ultimate Home Cybersecurity Checklist 2026
Affiliate disclosure: This article contains affiliate links. If you click a link and make a purchase, we may earn a commission at no extra cost to you. Our editorial recommendations are never influenced by commissions — read our full disclosure policy.
How to Use This Checklist
Work through this list top to bottom. Each item is a concrete action, not a vague recommendation. By the end, you will have addressed the most common vectors for account takeover, identity theft, and malware.
This is not theoretical. Thomas and Øyvind built this list based on actual breach reports, security audits, and the recurring patterns we see in compromised accounts.
Passwords and Authentication
- [ ] Install a password manager (1Password or Bitwarden)
- [ ] Change every reused password to a unique generated one
- [ ] Enable 2FA on your email account
- [ ] Enable 2FA on your bank accounts
- [ ] Enable 2FA on your password manager
- [ ] Enable 2FA on social media accounts
- [ ] Download and store backup codes for each 2FA account
- [ ] Check haveibeenpwned.com for all your email addresses
- [ ] Set up breach monitoring alerts
Devices
- [ ] Enable automatic updates on all devices
- [ ] Enable full-disk encryption (FileVault on Mac, BitLocker on Windows)
- [ ] Install reputable antivirus (Bitdefender or Malwarebytes)
- [ ] Enable your device's built-in firewall
- [ ] Set a strong PIN or password on your phone (not a 4-digit PIN)
- [ ] Enable remote wipe on your phone
- [ ] Review which apps have access to your location, camera, and microphone
- [ ] Check for unknown devices on your Apple ID or Google account
Network and Browsing
- [ ] Change your router's admin password from the default
- [ ] Update your router's firmware
- [ ] Enable WPA3 encryption on your WiFi (or WPA2 if WPA3 is unavailable)
- [ ] Install a VPN for use on public WiFi (NordVPN or ProtonVPN)
- [ ] Use a modern browser with tracking protection (Firefox or Brave)
- [ ] Install uBlock Origin ad blocker
- [ ] Enable HTTPS-only mode in your browser
- [ ] Review and remove unused browser extensions
Email Security
- [ ] Enable spam filtering in your email client
- [ ] Never click links in unexpected emails — go to the site directly
- [ ] Verify unexpected emails claiming to be from banks or services
- [ ] Unsubscribe from email lists you do not read — reduces phishing surface
- [ ] Consider a privacy email alias service (SimpleLogin, Apple Hide My Email)
Financial and Identity
- [ ] Enable transaction alerts on all bank and credit accounts
- [ ] Check your credit report for accounts you did not open
- [ ] Consider a credit freeze if you have been a breach victim
- [ ] Review your monthly bank statements for small unauthorised charges
- [ ] Consider identity theft protection (Aura or LifeLock)
Ongoing Maintenance
Once per month:
- Run Malwarebytes Free scan
- Check breach monitoring dashboard
- Review active sessions on important accounts
- Audit your password manager for old/unused accounts
- Review which apps have access to your accounts (Google, Facebook, Apple)
- Check whether your software subscriptions are still needed
How Long This Takes
The first pass through this list takes 2-4 hours. After that, the monthly maintenance is 15 minutes. The annual audit is 1 hour.
The 200 hours that identity theft victims spend resolving damage is a much larger investment.
Reviewed by Thomas — NorwegianSpark SA.
Reviewed by Thomas — NorwegianSpark · Last updated: 6 April 2026