in relation to op's original question...I tend to be pretty lax about my own security. I work in the field so I spend my days protecting systems but I personally tend to lean towards common sense than anything specific. Update your systems, don't download rando things, scams are scams, etc. When someone asks how they can protect themselves I tend to ask what they're afraid of or concerned as an attack surface. If they're unsure then I tell them if they're doing the basics then they're probably fine. If they have specific concerns then you have to look at the benefits vs additional steps...and even then understand the additional risks. nothing is perfect or secure. take passwords for instance. You might have a password with a strong entropy but if the system you're logging into doesn't hash the passwords then anyone with access to the database can see it. Moreover, if the system isn't secure because they don't update or haven't configured it correctly, even if it's hashed the bad actor could get the hash and use it to log in as you. They don't necessarily need the password if they can log in as you. So even if you try to protect yourself in all the ways you can, there's always six or seven layers between you and that target action that have dozens of potential issues.