Digital KarmaDigital Karma All Articles
security

How Exposed Are You Online? A Free 10-Point Personal Security Checklist

Most people have no idea how safe they really are online. Use this free 10-point checklist to find your weak spots — then get a CyberScore that measures exactly where you stand.

Digital KarmaJune 4, 2026 6 min read
How Exposed Are You Online? A Free 10-Point Personal Security Checklist
Most people fall into one of two camps: convinced they're fine, or vaguely worried but with no idea where to start. Both are flying blind. The truth is that online safety isn't one thing — it's about a dozen different areas, and you're usually only as safe as your weakest one. This checklist walks through the 10 areas that actually determine how exposed you are. Go through each honestly, note where you're weak, and you'll have a clear picture of what to fix first. At the end, you can turn that picture into an actual score. ## 1. Passwords The foundation. The big questions: Do you reuse passwords across sites? Are any of them short, simple, or based on personal info? Reused passwords are the number-one way ordinary people get hacked. **Strong here means:** a unique, long password for every account — which realistically requires a password manager. ## 2. Two-factor authentication (2FA) Even a perfect password can leak. 2FA adds a second step so a stolen password alone isn't enough. **Strong here means:** 2FA enabled on your email, banking, and main accounts — ideally via an authenticator app rather than text messages. ## 3. Email security Your inbox is the master key to your entire digital life — it's the password-reset point for everything else. **Strong here means:** a unique password and 2FA on your email, plus a healthy suspicion of links and attachments. Phishing is the most-reported cybercrime, full stop. ## 4. Device security Your phone and laptop hold everything. A lost or unlocked device can become identity theft in minutes. **Strong here means:** screen locks, encryption turned on, automatic updates, and the ability to remotely wipe a lost device. ## 5. Network & Wi-Fi Your home router is the gateway to every device you own, and many people never change its default settings. **Strong here means:** a strong router password, modern encryption (WPA3 or WPA2), and caution on public Wi-Fi — a VPN helps here, which is why over half of US adults now use one. ## 6. Privacy settings The default settings on most apps and accounts are tuned to share *more*, not less. **Strong here means:** reviewing the privacy settings on your major accounts and dialing back what's public — location, contacts, ad tracking, and visibility. ## 7. Browsing & the web Trackers follow you across the internet, and fake sites are designed to fool you into handing over credentials. **Strong here means:** an up-to-date browser, a tracker/ad blocker, and the habit of checking a site's address before you type anything sensitive. ## 8. Social media What you post is a goldmine for scammers — birthdays, pets, schools, locations all feed both targeted scams and password-guessing. **Strong here means:** locked-down profiles, careful sharing, and not answering those "fun" quizzes that are secretly harvesting security-question answers. ## 9. Identity protection & data brokers Even if your accounts are locked down, your personal details may be sitting on data-broker sites for sale to anyone. **Strong here means:** knowing what's exposed about you online and actively reducing it. (If you've never looked, you're almost certainly more exposed than you think.) ## 10. Backups & recovery If a device dies, gets stolen, or you're hit by ransomware, backups are the difference between an inconvenience and a catastrophe. **Strong here means:** automatic backups of anything important, stored somewhere separate, and a known way to recover your main accounts. ## Add it up — where are you really? Run through those 10 and you'll likely find you're solid in a few, shaky in others. That's normal — almost nobody is strong everywhere. The point isn't to feel bad; it's to see clearly, because **you're only as safe as your weakest area**, and you can't fix what you haven't measured. > **Turn this checklist into a real number.** Digital Karma's free CyberScore assesses all 10 of these areas and gives you a single 0–100 score, shows exactly which areas are putting you at risk, and hands you a step-by-step plan to fix the biggest gaps first — in plain English, no tech skills needed. **[Get my free CyberScore →](https://digitalkarma.app)** ## What to fix first If you're feeling overwhelmed, here's the honest 80/20. These three fixes close the majority of real-world risk for most people: 1. **Stop reusing passwords** — get a password manager. (Areas 1 and 3.) 2. **Turn on 2FA** for your email and money accounts. (Area 2.) 3. **Find out what's exposed** about you on data-broker and breach sites, and reduce it. (Area 9.) Do those three and you've leapfrogged the vast majority of people — and made yourself a much harder target than the data brokers and scammers are counting on. > **See your weakest spots in 15 minutes.** Get your free CyberScore and a personalized fix plan, then watch your number climb as you close each gap. **[Start free →](https://digitalkarma.app)** *Related reading: [What Do Data Brokers Know About You?](/articles/what-data-brokers-know-about-you) · [Is Your Email in a Data Breach? How to Check and What to Do](/articles/is-your-email-in-a-data-breach)*
cybersecurity checklistpersonal securityonline safetypasswords2FAprivacy settingscyberscore

Want to know your Security Score?

Take our free survey and get a personalized cybersecurity assessment — plus early access to the Digital Karma app.

Take the Free Survey
Back to all articles