Notes

• identify
  • store everything in your password manager (maybe except, credit card’s CVV and some OTPs)
  • save list of connected devices
  • automatically scan for weak passwords
• protect
  • consider stronger passwords, rotation, 2FA for more sensitive accounts
• detect
  • monitor authorized devices
  • monitor suspicious sign-in notifications
• respond
  • reseting passwords, 2FA, deauthorize devices
  • regenerate and save secret keys and recovery kits
• recover
  • you can save your 2FA token for OTP flow recovery
  • store multiple copies of recovery kit (master password, 2FA token and secret key) but every single one with different set of secrets

Resources

• https://blog.devgenius.io/security-supremacy-a-guide-to-a-perfect-1password-setup-d7e8f1ed5bff
• https://www.nist.gov/cyberframework