Quick ReferenceBeginner

Digital OPSEC: Protecting Your Information Online

Password management, device encryption, and basic digital security for preppers. Protecting your plans, contacts, and sensitive information from digital exposure.

Salt & Prepper TeamMarch 30, 20264 min read

TL;DR

Basic digital hygiene protects most people from most threats. Use unique passwords (a password manager handles this), enable two-factor authentication on email and financial accounts, lock every device with a PIN, and store sensitive documents in encrypted format. These four practices address the vast majority of realistic digital security risks without requiring technical expertise.

Minimum Digital Security Baseline

Password management: Reusing passwords is the most common security failure. When one service's database is breached (happens constantly), attackers try stolen credentials everywhere. Unique passwords for every account prevent one breach from cascading.

A password manager (Bitwarden — free and open source; 1Password — $36/year) generates and stores unique, complex passwords. You remember one strong master password; the manager handles everything else. This is non-negotiable baseline digital security.

Two-factor authentication (2FA): Email and financial accounts should have 2FA enabled. The best form: an authenticator app (Google Authenticator, Authy) that generates time-based codes. Better than SMS verification (SMS can be intercepted via SIM swapping). Worst option: no 2FA at all.

Enable 2FA on: email accounts, financial accounts, cloud storage, social media accounts.

Device encryption and screen lock: Every phone, tablet, and laptop should require authentication to access. iOS devices are encrypted by default when a passcode is set. Android: check Settings > Security > Encryption. Windows: BitLocker (available on Pro) or VeraCrypt (free). Mac: FileVault in System Preferences.

A 6-digit PIN is significantly weaker than a password or biometric + PIN combination. Use biometric (fingerprint/face) with a strong PIN fallback.

Sensitive Document Storage

Preparedness plans, evacuation routes, contact lists, copies of important documents (birth certificates, insurance, passports), and financial information all qualify as sensitive documents that deserve appropriate storage.

Acceptable secure storage:

  • Bitwarden with secure notes (encrypted, cloud-synced)
  • Standard Notes (end-to-end encrypted notes app)
  • Encrypted folder on device using VeraCrypt (Windows) or built-in encryption (Mac)
  • iCloud with Advanced Data Protection enabled (end-to-end encryption on everything)

Not acceptable for sensitive documents:

  • Google Drive in a standard account (Google can read it)
  • Dropbox without zero-knowledge encryption add-on
  • Email attachments in unencrypted email
  • Unprotected text files or Word documents on a shared computer

Physical backup: Critical documents should also exist as physical copies in a secure location (home safe, safety deposit box, or with a trusted family member). Digital storage can fail; physical copies are the backup.

Communication Security

For sensitive communications with your inner circle:

Signal: End-to-end encrypted messaging and voice calls. Better security than standard SMS or most messaging apps. All parties need Signal installed. Free.

Why standard SMS is weak: SMS messages are stored by carriers, visible to law enforcement with a subpoena, and can be intercepted. For sensitive coordination, Signal is substantially better.

Email: Standard email is not end-to-end encrypted. ProtonMail provides end-to-end encrypted email for ProtonMail-to-ProtonMail messages. For most coordination, Signal is more practical than encrypted email.

Emergency communication via radio: Ham radio, GMRS, and FRS communications are not encrypted (ham radio encryption is prohibited; GMRS does not use encryption). Anyone with a radio can hear your transmissions. For sensitive emergency coordination, plan communications with this limitation in mind — operational information on radio should assume it may be monitored.

What to Store Offline

In a grid-down scenario, cloud services may not be accessible. Critical information that you need without internet should be stored locally, on paper, or on encrypted offline devices.

Offline copies:

  • Family communications plan (paper and encrypted device)
  • Contact list for inner circle (paper and encrypted device)
  • Evacuation routes (paper maps, offline mapping app)
  • Medical information (paper)
  • Equipment manuals and frequencies (paper or downloaded to device)
  • Financial account information for emergency access (paper, secured physically)

An encrypted USB drive stored in your emergency kit provides offline digital backup accessible without internet. Encrypt with VeraCrypt (free, cross-platform). Update annually.

Data Cleanup

Old accounts, old email addresses, and old online profiles are security liabilities — they're accessible with old credentials, may have outdated (and now exposed) passwords, and may contain old sensitive information.

Annual digital cleanup:

  • Review accounts you no longer use and delete them
  • Update passwords for active accounts via password manager
  • Audit connected apps (third-party apps with access to your accounts) and revoke unused connections
  • Review privacy settings on active social media accounts

The EFF's Surveillance Self-Defense guide (ssd.eff.org) is a free, practical resource for deeper digital security if you want to go beyond the baseline covered here.

Sources

  1. EFF - Surveillance Self-Defense
  2. NIST - Digital Identity Guidelines

Frequently Asked Questions

Do I need to worry about hackers accessing my preparedness plans?

The realistic threat for most people isn't sophisticated targeted hacking — it's data breaches exposing passwords, accounts being compromised through phishing, and sensitive documents stored insecurely in free cloud services. Basic digital hygiene (unique passwords, two-factor authentication, encrypted storage for sensitive files) addresses most realistic threats without requiring advanced technical knowledge.

Should I keep digital copies of my emergency plans, or paper only?

Both, with different use cases. Paper copies are accessible when devices fail and don't require a password to access. Digital copies, stored in encrypted format, provide backup and allow easy updating. Critical documents (evacuation plans, contact lists, insurance information) should exist in both forms. Store digital versions in encrypted cloud storage (Bitwarden, standard iCloud with end-to-end encryption enabled) or encrypted local files.

What devices need to be secured?

Every device that has access to accounts, email, or sensitive information. That includes phones (both you and your spouse), tablets, laptops, and computers. A device without a PIN or password is a significant vulnerability — anyone who finds or steals it has access to everything on it and connected to it.

Related Guides

Deep Dive
Baseline Awareness: Reading Normal to Spot Abnormal
How to establish what's normal in a given environment so you can recognize what's abnormal. The behavioral and environmental baselines that enable early threat detection.
5 min readRead
Reference Table
Bug-Out Bag Comparison: Budget to Premium Options
Pre-built bug-out bag and emergency kit comparison. What you get at each price point, common omissions in commercial kits, and when to build vs. buy.
4 min readRead
How-To Guide
Bug-Out Route Planning
Plan primary, alternate, and contingency evacuation routes. What makes a route viable, fuel planning, chokepoints to avoid, and pre-staging resources along the route.
6 min readRead

Put This Knowledge to Work

Track your preparedness supplies, manage expiration dates, and build a comprehensive emergency plan with Salt & Prepper.

Get Started FreeExplore More Guides