About Pretty Good Security

Welcome to Pretty Good Security – your trusted resource for practical, actionable security guidance that doesn’t require a PhD in cybersecurity to understand.

Our Mission

In an increasingly connected world, security shouldn’t be an afterthought or something only experts can understand. We believe that everyone deserves access to clear, practical security advice that they can actually implement in their daily lives.

Our mission is to:

  • Demystify cybersecurity by breaking down complex concepts into understandable guides
  • Provide practical solutions that real people can implement without extensive technical knowledge
  • Focus on high-impact security measures that provide the most protection for your effort
  • Stay current with the evolving threat landscape and emerging security tools

What You’ll Find Here

Comprehensive Security Guides

The Weakest Link: Our foundational guide explaining how your digital security operates as an interconnected system. Learn why email accounts require special attention, understand authentication method trade-offs, and discover practical steps to strengthen your security chain.

Device Security Guides: Platform-specific security guidance for:

  • iPhone & iOS devices - Privacy settings, security features, and best practices
  • Mac & macOS systems - System hardening, built-in security tools, and maintenance
  • Windows computers - Security configurations, updates, and protection strategies

Network & Infrastructure Security: Essential knowledge for protecting your digital infrastructure:

  • Router security - Comprehensive guidance on firmware management, configuration, and network protection
  • Network monitoring - Understanding your network traffic and identifying threats
  • Tailscale guides - Detailed tutorials for secure remote access and networking

Resources & Tools: Curated collections of security tools, reference materials, and step-by-step tutorials.

Our Philosophy

We embrace the principle of “Pretty Good Security” – the understanding that perfect security doesn’t exist and never will. However, this reality doesn’t mean we should give up. Instead, it means we should focus on what’s actually achievable: meaningful protection through practical measures.

Key Principles

Security is a Chain: Your digital security operates as an interconnected system where the protection of one account often depends on the security of others. Understanding these relationships helps you prioritize your security efforts effectively.

Focus on the Weakest Link: In most cases, your email account serves as the weakest link because nearly every digital service uses email for password resets, security alerts, and account recovery. Securing your email with strong authentication is the foundation of good security.

Simple Beats Complex: Basic security measures properly implemented are more effective than sophisticated solutions that never get used. We prioritize practical steps you’ll actually follow.

Consistency Matters: Regular good habits provide better protection than sporadic perfect practices. Small, consistent improvements build strong security over time.

Risk Reduction is the Goal: We can’t eliminate all threats, but we can dramatically reduce your exposure to the most common ones.

Understanding Digital Security

Why Email Security is Critical

Your email account often serves as a gateway to other services because most digital platforms use email for:

  • Password reset requests
  • Security alerts and notifications
  • Account verification and recovery
  • Two-factor authentication backup methods

When an attacker gains access to your email account, they can potentially request password resets for linked accounts, receive reset communications directly, and access sensitive information across multiple services.

The Authentication Hierarchy

Not all authentication methods provide equal security:

SMS Text Messages: While better than passwords alone, SMS has documented vulnerabilities including SIM swapping, network-level interception, and social engineering attacks against carriers.

Authenticator Apps: Generate codes locally on your device, work offline, and aren’t tied to phone numbers. Examples include Authy, Google Authenticator, and Microsoft Authenticator.

Hardware Security Keys: Provide maximum security independence with private keys that never leave the device. Examples include YubiKey, Google Titan, and SoloKeys.

Passkeys: Offer excellent security with superior usability but depend on platform security infrastructure from providers like Apple or Google.

Practical Implementation Strategy

Week 1: Secure your email and password manager with strong two-factor authentication Week 2: Apply enhanced security to financial and work accounts Week 3: Review and secure cloud storage and important personal accounts
Week 4: Implement monitoring systems and test recovery procedures

Network Security Fundamentals

Your home router represents a critical component in your security chain. Unlike other devices that handle personal data, your router controls ALL network traffic, making it a strategic target for attackers.

Common Router Vulnerabilities

Consumer routers often suffer from systemic security problems:

  • Firmware contains outdated software components with known vulnerabilities
  • Manufacturers provide minimal ongoing security support
  • Updates are infrequent and often abandon older models entirely
  • Default configurations prioritize features over security

Essential Router Security

Change Default Credentials: Replace default administrator passwords with strong, unique credentials.

Disable Unnecessary Features: Turn off WPS, UPnP, remote administration, and other services that increase security risks.

Update Firmware Regularly: Check for and install updates monthly. Consider router replacement if no updates have been available for over two years.

Use Strong WiFi Security: Configure networks to use WPA3 (or WPA2 if WPA3 isn’t available) with strong passwords.

About the Author

Hawkins Wood brings years of experience in cybersecurity, system administration, and privacy advocacy. With a background in both technical implementation and security education, Hawkins focuses on translating complex security concepts into actionable guidance that anyone can follow.

Getting Started

If you’re new to security planning, start with The Weakest Link guide to understand how your digital security operates as an interconnected system. Then explore our device-specific guides and network security resources based on your particular needs and interests.

Remember: security is a journey, not a destination. Start with the basics, implement what you can, and gradually build your security posture over time. Every step forward makes you more secure than you were yesterday.

Stay Connected

  • RSS Feed - Subscribe to stay updated with the latest guides and security news
  • Search - Use our built-in search to quickly find specific topics
  • Categories & Tags - Browse content by device type, security domain, or topic

Pretty Good Security

Last updated: May 28, 2025