FINAL THOUGHTS
It’s worth remembering that a determined and resourceful adversary could probably hack a regular desktop user if they wanted to, regardless of your choice of OS. But that doesn’t mean we should give up, switch off our firewalls and scream “it’s PASSWORD1” into the bleak night.
Recycled passwords are a common cause of attack and there’s no reason not to be using a password manager today. We recommend the open-source KeePassXC ( https://keepassxc.org/), which can be run on Windows or Linux, but there are all kinds of other FOSS offerings as well as cloud solutions. If you prefer things text-based, on Linux there’s the pass program that can manage a clean password hierarchy via GPG and (optionally) Git.
Protecting your important accounts with Two Factor Authentication (2FA) should be a given now. And using your phone as a second factor isn’t infallible. Many applications and services now support time- or hop-based One-Time Passwords, and you don’t have to use Google Authenticator to use them. Even Google’s own services allow you to use an alternative application. Authy by Twilio is popular, but for optimal open-source goodness, we wouldn’t hesitate to recommend Aegis. You’ll find it on the F-Droid app store, alongside everything you need for a Google-free phone.
If the worst happens and you do get hit by a cyber-attack, there are agencies that can help. In the US, we have the Cybersecurity and Infrastructure Security Agency ( https:// www.cisa.gov), while in the UK, there is the National Cyber Security Centre ( https://www.ncsc.gov.uk).