Back to writing

February 18, 2026

Security Habits I Actually Use (And a Few I Pretend I Do)

By Tegan Eikenberg


At work I spend a lot of time on network security: segmentation, access controls, encryption standards, threat modeling. Professionally, I take it seriously. Personally, I had to be more intentional about closing the gap between what I tell other people to do and what I actually did. Here's where I'm at.

I use a password manager. Finally.

I held out longer than I should admit. I thought I had a system. My "system" was three or four base passwords with small variations and a number on the end. A classic. I use Bitwarden now. It's free, open source, and once you're used to it, signing in is faster than typing a password from memory. There's no real excuse not to use one.

Multi-factor on anything that offers it.

This is non-negotiable for me, even on accounts that feel low-stakes. A compromised email account cascades into a compromised everything because password resets flow through email. SMS is better than nothing. An authenticator app is better than SMS. A hardware key is best. Pick the option you'll actually use every time.

I pay attention to phishing now.

This job has made me productively paranoid. I check sender addresses, hover over links before I click, and treat urgency in an email as a red flag instead of a reason to react quickly. A few months ago I got a phishing email that was good. Right logo, right formatting, plausible reason for contact. I looked at it three times before I caught it. If I almost fell for it, most people wouldn't stand a chance.

I keep my devices updated.

Boring advice. But most successful attacks exploit known vulnerabilities that already have a patch sitting available. The patch just wasn't applied. Turn on automatic updates and stop thinking about it.

None of this is complicated, and that's the point. You don't have to work in security to meaningfully cut your risk. A password manager and MFA on your email puts you ahead of most people already.

The habit I pretend I do? Regularly auditing what apps have access to my accounts. I know I should. I haven't in a while. Nobody's perfect.


All posts