Consumer Best Practices

= Potential OWASP Consumer Top Ten =

Safe practices for consumers on the web.

Weak password handling

 * MFA
 * Password Manager
 * Strong Passwords
 * Password Synchronization
 * Security questions
 * Don't allow browsers to store passwords

Information Disclosure/Sensitive Data Exposure

 * Social Media
 * Pictures
 * Giving information away

Trusting Untrusted Sources (**This should be renamed**)

 * Untrusted Sources
 * WiFi
 * Downloading files from untrusted sources
 * Clicking on links from unknown or unverified sources

Lack of Proper Encryption in Transit

 * Do Not Ignore SSL Warnings
 * Use Encryption

Lack of Proper Encryption at Rest

 * Encrypt PII
 * Don't store sensitive information unencrypted

Using Components with Known Vulnerabilities

 * Patch
 * Configure application settings for security
 * Do not configure devices to automatically connect to wifi access points

Running Unnecessary Software or Services

 * Don't install unneeded software
 * Remove software not in use
 * Do not enable services you don't use

Physical Security

 * Encrypt devices and drives
 * Do not leave mobile devices unattended
 * USe an inactivity lockout
 * Password protect all devices

Review reputation scoring services (Needs to be renamed to a vulnerability)
- Review credit reports - Review unknown uses of online accounts - Subscribe to a credit monitoring service - Freeze credit