Hardening your OS: Windows, macOS, Linux
The 10 hardening measures that genuinely change your security level, by OS, with no advanced technical skills required.
Last reviewed March 5, 2026 Exposed
03 / 06
Devices
Laptop, phone, FIDO2 keys: what really works, what is performative, and how to harden without paralyzing yourself.
A device is a permanent trade-off between operability and exposure. This axis covers the hardware and software choices that have real impact on your attack surface: disk encryption (and its concrete limits), choosing a work phone according to your threat model, the “laptop that can be lost” philosophy, operational deployment of YubiKey and FIDO2 keys, reasoned OS hardening.
No generic copy-pasted checklist. Each article breaks down real trade-offs, identifies what is performative, and proposes measures by exposure level.
-
-
YubiKey and FIDO2 keys: everything you weren't told
Choosing, configuring, managing and not locking yourself out with hardware authentication keys.
Last reviewed February 10, 2026 Exposed -
Travel laptop: the machine that can be lost
Configuring a laptop that can be seized, lost, or stolen without operational consequences. Setup, preparation, behavior at the border.
Last reviewed January 20, 2026 Exposed -
Work phone: Android, iPhone, or nothing
An honest comparison of the two platforms for professional use in a constrained environment, with the real trade-offs.
Last reviewed March 1, 2026 Exposed -
Disk encryption, really?
BitLocker, FileVault, LUKS: what's enabled by default, what actually protects, and the attacks that get through anyway.
Last reviewed February 5, 2026 General