Summary

This is what I recommend for personal electronic security in the US in 2018.

• Use the one best product for a particular function,
  • Phone: iPhone
  • Desktop or laptop: Mac
  • Email: Gmail
  • Web browser: Chrome with uBlock Origin ad-blocking
• Evaluate each for possible replacement every 2-3 years,
• Enable automatic software updates,
• Use web-based services (do use Google Drive or Office365) rather than locally-installed software (don’t use Microsoft Office) whenever feasible,
• Uninstall all Adobe software if possible,
  • (At least, uninstall Flash and Acrobat.)
• Use ad-blockers,
  • (Ublock Origin on Chrome, and Purify on iPhone)
• Use junk call screening,
  • (Nomorobo)
• Use multi-factor (AKA two-factor) authentication everywhere possible - especially at important service providers,
  • (such as a passphrase and SMS verification)
  • (note: SMS verification is inadequate if you’re targeted by resourceful attackers. Instead, use Google Authenticator or a Yubikey.)
• Use a password manager,
  • (1Password)
• Back up your data,
  • (Backblaze, and keep a paper copy of critical passwords in a sealed envelope in a home safe, or your credit union’s safe deposit box)
• Be skeptical when you receive alarming messages about money and passwords,
  • (How to avoid social engineering and phishing attacks. See also this guide.)
• And always ensure your software is up to date.

The full document is also available.