[SOLVED] Really would love tips and advice on how to setup Windows 10 to be secure

[SonJustin]

I have not been living a safe cyber life. I have terrible passwords, have never bothered to limit access to my personal info when apps ask, and have never looked into the security or privacy options of Windows 10 and more. I wanna change all that. So far I reset PC; deleting everything off my m.2 drive, beginning fully fresh. I even made a new Microsoft account / outlook email. But now I wanna make sure I go about being secure and protecting my privacy, among other things. This is my plan so far:

Step 1. Buy Bitwarden and use it as a Password Manager. I've learned a decent amount about this, and if I let it generate random complex passwords for everything, I just gotta remember and keep safe copies of the master pass phrase. I will also wanna use 2FA, probably the USB key version.

Step 2. Either use free Webroot from work, or get 75% off of Bitdefender and use that instead. If you think I should do this before Step 1, let me know!

Step 3. Learn about VPNs (because I'm dumb) and acquire one. I'll have to research how they work and which ones are highly rated.

Step 4. Create up to 5 emails in total. Why? I'd like each one to have a specific purpose: One email for financial/credit stuff. Another email for correspondence ONLY with friends and family. A third email for shopping on sites that have your payment method on hand (like Amazon or eBay). A fourth email for all those junk sites that require an email just cause, like Discord, Steam, or whatever. Especially sites that wanna send ads. And the final email would be for work-stuff only.

Step 5. Go through the slow, long process of changing all the passwords of all the accounts I have for apps, sites, etc. Using Bitwarden, I should be able to have it generate the passwords. Also, I'll link each account to it's appropriate new email (e.g. use Bitwarden to change my <Mod Edit> Steam password, then change Steam email to Email #3) I know I have at least 190 accounts, many will need to be changed. But maybe I'm better off deleting many of them and starting fresh?

Step 6. Determine the pros and cons of keeping or deleting my old Google and Microsoft account. For Microsoft, I have it linked to my Xbox One X, and have Game Pass Ultimate free until Feb 2022. If I delete the Microsoft account, what will happen to the Game Pass. Same with Google, will I lose my Youtube account?

That's all for now. I really wanna be smart going forward, and this feels like the right direction. I appreciate anyone who responds to the points.

 

[SonJustin]

AFAIK, the Store requires an MS account.

For me, that purchase would be maybe once a year...

And it would be dumb to make a different Microsoft account for the standard user, correct?

 

[USAFRet]

And it would be dumb to make a different Microsoft account for the standard user, correct?

3 accounts...

The first one, MS, Admin.
Then, create 2x other local accounts. 1 Standard, 1 Admin.

Use the MS account only when you need to interact with MS.
The local Admin is used for managing the PC.
The local Standard is your daily driver.

That's the way I do it anyway. And have done for years.

 

[SonJustin]

3 accounts...

The first one, MS, Admin.
Then, create 2x other local accounts. 1 Standard, 1 Admin.

Use the MS account only when you need to interact with MS.
The local Admin is used for managing the PC.
The local Standard is your daily driver.

That's the way I do it anyway. And have done for years.

Okay, once I get Bitwarden I'll need to change these passwords and <Mod Edit> for these accounts. Good advice. I can't get the ball rolling until I get a security box for the house. And I wanna write down exactly what I'm doing lol.

 

[hotaru.hino]

Can you not purchase anything on the Microsoft app store on a standard account?

You can use your Microsoft account on a Standard User account, you just have to tell it when you log in to not convert your Windows account.

• Okay, so I will go over to the Standard Account! Seems safer and no issues since I know the UAC info anyway. Have you ever had to log into the administrator account?
• Yeah that makes sense. So as cool as 2FA seems, it appears most sites or things that offer it might only allow for an email or phone based method? If it only allows text-based for 1FA, I assume it's better than nothing? Lol
• Yeah I'll have to remember that, so if I have the Mic global setting off even the Mic on my VOID headset won't work. I have no webcam so that's no issue. The one thing I'm uncertain on is Location setting. Having this on still makes apps and things "ask" to use your location right? If so I'd wanna keep that on, so when I look for stores it'll look for the nearest location.
• Since you're so knowledgeable do you have any other random suggestions for me? I have an iPhone and assume at some point I'll need to secure/reset that as well!

• Browsers can still provide a location if a website asks for it. They do this via your IP address however.
• I'm not sure about iPhones, but Android does allow permissions for things only if the app is actively being used. Otherwise, same principles: don't install apps you don't know, don't open links you don't know, don't download and run random software (if that's even possible)

 

[SonJustin]

You can use your Microsoft account on a Standard User account, you just have to tell it when you log in to not convert your Windows account.

• Browsers can still provide a location if a website asks for it. They do this via your IP address however.
• I'm not sure about iPhones, but Android does allow permissions for things only if the app is actively being used. Otherwise, same principles: don't install apps you don't know, don't open links you don't know, don't download and run random software (if that's even possible)

Okay makes sense. So I can have the Locations setting turned off, and sites can use my IP to determine where nearby things are?
I am beginning to see how my goal going forward is possible.
Being the indecisive ADHD man that I am, I will write out all my steps and do a little research. I def don't wanna buy something and not realize I have access to other cool features I didn't know about!
And of course, I'll wanna reset my iPhone and follow the same principal.
And again, having to potentially use 2FA whenever you open any site or app doesn't really bother you?
Just wanna make sure I'm not being paranoid doing all this hahaha

 

[SonJustin]

I apologize for my indecisiveness but damn, I always feel like by going through the "reset the PC" process, by not already having new email clients + Bitwarden, that I've already <Mod Edit> up my great master plan to have everything secure from the get go. But it's probably the OCD in me making this way more of a struggle than it needs to be. Do you guys use multiple emails? If so, for what purpose? And would you see a benefit in using different email clients for different things?

 

[USAFRet]

I apologize for my indecisiveness but damn, I always feel like by going through the "reset the PC" process, by not already having new email clients + Bitwarden, that I've already <Mod Edit> up my great master plan to have everything secure from the get go. But it's probably the OCD in me making this way more of a struggle than it needs to be. Do you guys use multiple emails? If so, for what purpose? And would you see a benefit in using different email clients for different things?

Yes, I use multiple emails.

Family and main accounts
Things I buy
sites I mostly don't care about

And of course, work email is totally different.

 

[SonJustin]

Yeah, that's cool.
I def have a lot to think about.
I like the ideas we all discussed, but a part of me feels like I'm out of my depth, or being overkill. I just can't make up my mind on what to do, and each time I try to find "the best ways to do this or that" a new layer is added.