← Home security index

Decision matrix

Products and patterns: examples, not endorsements

Product names help make advice concrete, but the real rule is support lifecycle, updates, maintainability, recovery and trust model.

Nigel version

Current, supported, patched, configured and understandable beats brand loyalty. Fancy gear nobody maintains is just expensive dust.

Ubiquiti UniFi Dream Router 7
Wikimedia Commons: UniFi Dream Router 7
YubiKey 5C NFC security key
Wikimedia Commons: YubiKey 5C NFC
Password manager concept
Wikimedia Commons: password manager

Product decision matrix

Do not buy more maintenance than the house can carry

Product names are useful examples, not magic words. The right answer changes when the household has no maintainer, weak recovery, manual updates or a trust model nobody can explain.

choicefamily defaultwhen ownedRoutersupported auto-updateprosumer: owner onlyIdentityvault + passkeys2 keys for priorityVPNnone by defaultpaid, defined useAppsofficial + boringVM / tinker lane2 ownership checks unresolved

Scenario: Busy family

Pick boring supported gear that updates itself, then document who gets called when it breaks.

Examples, not endorsements

Brand confidence is premature until ownership and recovery are clear.

Explain the jargon

Small terms, big consequences

Tap a term for the plain-English version and the practical move. No fake mystique, just the bit that changes what you do at home.

?Support lifecycle

The period when a vendor still ships security fixes. A product can still work perfectly while being unsafe to keep on the internet.

Do this: Check support before buying or keeping routers, cameras, phones and smart-home gear. Replace unsupported edge devices.

?Maintainer

The person who will notice updates, read warnings, keep recovery details and fix the thing when it breaks.

Do this: If nobody owns it, choose the boring auto-updating option instead of advanced gear.

?Trust model

Who can see, route, store or act on your data because you bought or installed the product.

Do this: Ask what changed: did traffic move to a VPN, passwords move to a vault, or admin power move to an app/account?

?Example, not endorsement

A named product makes the advice concrete, but it does not mean S6 is telling every household to buy that brand.

Do this: Copy the pattern: supported, maintained, recoverable and understandable. Do not copy the logo blindly.

Do this

  • Choose products by support and usability, not marketing claims.
  • Prefer auto-updating options for non-technical households.
  • Use security keys/passkeys for high-value identity.
  • Treat VPNs and advanced routers as use-case dependent, not default upgrades.
  • Avoid EOL routers, mystery imports, free VPNs, residential-proxy apps, cracks, keygens and unsupervised agents.

Check

  • Who maintains it?
  • Does it auto-update?
  • Is recovery documented?
  • Is the trust model understandable?
  • What happens when support ends?

Avoid

  • Shopping list pretending to be security strategy.
  • Buying prosumer gear for a household with no maintainer.
  • Treating a VPN subscription as a personality trait.
  • Vendor certainty where only examples are justified.

Full guidance

More than a slide title

A decision matrix for what I would tell family without pretending every household is the same.

Recommend patterns

Family password manager, passkeys/security keys, current supported routers, automatic updates, boring defaults and recovery documentation. Those are patterns, not a brand shrine. If a different product gives the household the same maintainable result, fine.

Router examples without shopping-list nonsense

For a low-maintenance family, a current ISP router or simple auto-updating mesh may beat a prosumer dashboard. UniFi, OpenWrt, pfSense and OPNsense can be excellent when somebody owns the rules, updates and recovery path. Without that owner, complexity becomes another unsupported device.

Identity products have to survive a bad day

A password manager, passkeys and security keys are useful only if recovery is documented. Enrol a backup key where appropriate, keep recovery codes somewhere safe, and make sure a lost phone does not become a locked email, locked bank and locked cloud account at the same time.

Caution patterns

Reputable paid VPNs, DNS filtering, parental controls and advanced routers are use-case tools. They are not default upgrades. They change who can see traffic, who can break the household's internet, and who gets called when it fails.

Avoid patterns

Unsupported routers, unknown imports, cracked apps, keygens, mystery APKs, free VPNs, free unblockers, residential-proxy participation and unsupervised AI agency. These do not fail politely. They usually fail by touching accounts, devices or bandwidth that people thought were unrelated.

Scenario

Prosumer router gift

Someone buys a complex firewall for relatives who just want Wi‑Fi.

Better response

  • Choose maintainable gear
  • Document owner and update process
  • Keep setup simple

Worse habit

Leaving them with a dashboard nobody opens.

More pages

Routers & Wi‑FiPasswords & MFAUpdates & AppsVPNs & ProxiesFamily RulesSmart HomeWork BoundaryAI AgentsRecoveryHome DevOnline SafetyProducts