Potential OWASP Consumer Top Ten

Safe practices for consumers on the web.

Weak password handling

• MFA
• Password Manager
• Strong Passwords
• Password Synchronization
• Security questions
• Don't allow browsers to store passwords

Information Disclosure/Sensitive Data Exposure

• Social Media
• Pictures
• Giving information away

Trusting Untrusted Sources (**This should be renamed**)

• Untrusted Sources
• WiFi
• Downloading files from untrusted sources
• Clicking on links from unknown or unverified sources

Lack of Proper Encryption in Transit

• Do Not Ignore SSL Warnings
• Use Encryption

Lack of Proper Encryption at Rest

• Encrypt PII
• Don't store sensitive information unencrypted

Using Components with Known Vulnerabilities (Should configuration and patching be 2 separate?)

• Patch
• Configure application settings for security
• Do not configure devices to automatically connect to wifi access points

Running Unnecessary Software or Services

• Don't install unneeded software
• Remove software not in use
• Do not enable services you don't use

Poor Physical Security

• Encrypt devices and drives
• Do not leave mobile devices unattended
• Use an inactivity lockout
• Password protect all devices

Review reputation scoring services (Probably "Detection" for #2)

• Review credit reports
• Review unknown uses of online accounts
• Subscribe to a credit monitoring service
• Freeze credit