At the time of writing this article, I’ve been living without social media for 3 years and without a smartphone for 2 years. Everything started as an experiment motivated by my privacy concerns. I ended up living like that for an entire different reason: peace of mind. You can find a lot of people on internet that have tried this experiment, from a couple of days to an entire month. However I discovered that the brain dependencies created by social media and smartphones take a lot longer to go away (30 days for me). You can’t really see the effects it has on your life unless you try this kind of experiment for a long time, because you will be stuck in the withdrawal phase that makes you crave dopamine.

Contrary to popular belief, I do not live in a cave where I spend my time coding without any social life, sorry guys ;) I did this experiment while having a busy professional and personal life: I traveled around the world, moved to a new city without knowing anyone, ran my own software startup, met new people and made new friends, etc… So it is possible to live your life the same way, or even better, without a smartphone or social media.

I will share with you my experience leaving social media and my smartphone, the tools I replaced them with, some tips and tricks, people’s reactions to my experiment, as well as some funny anecdotes.

Let’s Start With Why

Privacy

The original motivation behind this experiment was privacy. I’m a professional hacker, the things I can do are scary and I’m far from being the only one with these skills. Smartphones are a dream come true for people like me, little spy devices that are 24/7 on you, remotely accessible from anywhere around the world. Throw social media into the equation, and you can get inside the head of anybody, and make them do whatever you want. Yes, you should be scared. And that’s even without mentioning all the other privacy and freedom issues that come with social media and smartphones.

Curiosity

Another reason, which is less dark, was curiosity. I like to experiment and try new things in my life. I was curious about the idea of living without a smartphone and social media especially in a world more connected than ever. And if I didn’t like the experiment, I could always go back to zombieland.

Planned Obsolescence

The cherry on top was to stop paying each year for a new smartphone, that does nothing more than the previous one, just because the providers decided to sabotage old models so they stop working.

Peace of mind

This is for me the most important reason (even though I discovered it afterwards). The positive effects on your mind, being free from social media and smartphones, are incredible. More on it later.

Round 1: No Social Media

“Technology has solved old economics problems by giving us new psychological problems.”
Mark Manson, The Subtle Art of Not Giving a F*ck

In 2018 I deleted my accounts from Twitter, Facebook, Instagram and WhatsApp. No coming back, no temptation to reactivate them later on. I kept LinkedIn on standby for professional use although it came close to being deleted as well. WhatsApp got replaced by Signal because Facebook bought them, plus they’re not really big fan s of privacy.

During that year I kept my smartphone, as I wanted to do the experiment gradually. This decision allowed me to discover something quite counter intuitive about social media and smartphones (more on it later).

From that point on I was reachable by SMS, call, email and Signal. I wasn’t ready for what happened next. Fasten your seatbelts.

People Thought I Was Dead

The first reaction people had was to think something bad had happened to me, some of them even thought I was dead. Then something socially curious happened: everybody started speaking to each other on Facebook and WhatsApp to try to figure out what was wrong. Some of them even contacted my family multiple times. They all had my phone number, email address and other ways of contacting me. However, none of them did. It was like I had exited the matrix, and was living in another reality.

Trustworthiness

I was told that I couldn’t be trusted since people can’t check online what I’m doing when I’m not around.

Yeah, you read that right.

Society has been brainwashed to believe that privacy is something criminal. Sorry to disappoint, but privacy is a basic fundament of freedom and democracy. That’s why the voting system is anonymous [1]. When people tell you “If you have nothing to hide, you have nothing to fear”, what they really mean is “democracy is overrated, get over it”.

[1] Privacy: you know who I am but not what I do. Anonymity: You know what I do but not who I am. The voting system uses both, privacy when you go vote, anonymity when they count the results.

WhatsApp

This was for me the biggest problem. Getting people out of WhatsApp if they wanted to talk to me created a lot of friction. Some of them even stopped texting me because they had to open another app on their phone in order to write to me.

Yeah, you also read that right.

I don’t miss WhatsApp, nor do I miss its endless group talks without anything useful. If you leave one of these groups people look at you as if you did something wrong. In the end I still had access to all the event’s information I needed despite them being organized on WhatsApp. In regards to this, not having the app didn’t change my life much.

A trick I’ve developed, when giving my contact info to new people, is to enter my phone number on their smartphone myself, and install Signal for them. This removed a lot of friction. I would then explain my experiment to them and tell them I can only be contacted via this app. I’ve always had a positive reaction. Everybody’s been curious and asking a lot of questions.

And Then Nothing Happened

During the first weeks without social media, I felt off. As if I was missing out on something big that was happening. Like everybody was having fun except me. Once the withdrawal phase went away, I realized that my life hadn’t changed that much. I was still doing the same things, talking to the same people, going to the same parties, etc… It was just more quiet and peaceful.

I was no longer bombarded with pictures of everybody trying to fake a life they’re not living for the sole purpose of impressing someone else: my life had just upgraded.

In the end, after everybody got over their initial shock and calmed down, it became normal for them to contact me using Signal, and life went on as usual.

Round 2: Goodbye Smartphone

Unlike social media, smartphones are a lot harder to get rid off. They handle many more things than just simply communicating with people. I work all day long with a computer, most of what the smartphone was doing could be handled by my laptop. For the rest, I narrowed down my bare essential to Music, Pictures, GPS navigation and of course GSM calls.

The Hardware

You could solve these problems quite easily using multiple devices, however I wanted to be smart about it and not walk around with a luggage just to carry around all this stuff. After doing some research I figured out the perfect combination and I was even able to reduce the amount of things I had in my pockets.

Garmin Fenix 5 Plus

For those of you who don’t know the Fenix, it’s one of the top sport smartwatches on the market. Full disclosure, this watch costs the price of an iPhone, and I’m not sponsored by anybody. The build quality is incredible, but the most impressive things are its features. It’s a standalone watch with full GPS navigation, Music, Audiobooks and much more. The keyword here is “standalone”, which means the watch is fully operational offline, without being connected to internet or a smartphone (which is quite rare).

Battery wise you can get 5-7 days out of the watch in normal use. GPS Navigation with Music over bluetooth costs 10% of battery per hour. It takes 2.5hrs to fully charge (15min for 10%). The battery can be changed quite easily, making the watch sustainable over the long run.

My Fenix is fully private because in the end everybody gets their data stolen. It doesn’t connect to anything anymore and I transfer my maps and music via USB cable (don’t use the Garmin Maps, it works badly for long trips).

Music and Audiobooks

Having your music on the wrist is a new awesome experience, especially when you like to sing in the shower (the Fenix is 100m waterproof). The watch has multiple streaming apps such as Spotify and Deezer which automatically synchronize your playlists offline over WiFi. I started using the Fenix with Spotify but ended up using the integrated MP3 player. It consumes 50% less battery, doesn’t slow down the GPS navigation (probably due to Spotify’s DRM) and has a better interface.

The experience with audiobooks is also amazing, the watch can even handle podcasts.

GPS Navigation

My only mode of transport is a motorcycle. I use the bicycle mount to secure the watch next to my mirror when I ride and I’ve done thousands of kilometers of road trips without any problem. Originally Garmin was a GPS brand so they know what they’re doing. When I configure the watch in motorcycle mode to use the backroads the results are incredible. Awesome roads lost in the wilderness, tons of fun.

The screen uses a transflective memory-in-pixel, the more sun there is the sharper you see the image. This is a very nice feature outdoor, however it makes the screen looks dull inside (not a problem for me). Contrary to what you may think, the size of the screen isn’t an issue while riding (there are models of the watch with a bigger screen like the 5X and the 6 line). The rare times I use a car I put my watch around the rearview mirror.

It’s Not Google Maps

The experience is not the same as using Google Maps and requires some time to adjust. You still have full turn by turn navigation that works fine, but using the watch as a main GPS requires you to be more aware of what you’re doing. This is good since using too much GPS navigation destroys the spatial part of your brain. Don’t surrender your life to the god of algorithms.

Points of Interests

The watch has an interface to search for points of interest. You can search by name or category, around you or in another location. You can access all POIs that come with the maps easily. I’ve traveled for leisure multiple times and I’ve only used the watch POIs. I was able to find everything I needed: the hotel I booked, bars, museums, etc…

Entering an Address

The watch was designed to be used in combination with a smartphone. Garmin puts the interface to enter an address on the app, not on the watch. You can’t search for an address on the Fenix itself (which with 5 push buttons would be painful anyway).

The original plan was to create an app on the watch for this, however I realized I didn’t need it. I found faster solutions to get to the same result:

• The first thing is I don’t enter an address that much. A lot of situations are handled by using the POIs. On multiple occasions my plans changed on the road and the search POIs was able to redirect me to the new location without any problem.
• I plan my road trips in advance. I use GPS coordinates to transfer an address from open street map to my watch before leaving. It is 10 times faster and simpler. You can see them as phone numbers for locations. The Fenix also supports GPX files for more complex road trips.
• In 2 years I never had a situation where I needed to translate an address to a GPS coordinate on the road. However a simple solution is to ask somebody for a Google Map URL of the address, it includes the coordinates in it.
• Just to be safe, I also built a service that converts an address to GPS coordinates via SMS. It took me 5 min to create (contrary to a Garmin App) in case I need it on the road one day. If you’re interested in using it, just shoot me an email.

Overall the fact that Garmin didn’t include an interface on the watch to search for an address isn’t a problem. I can enter one on the Fenix in any circumstance with the hacks listed above. One day, if I find the time and energy to do it, I will make a Garmin App to add the address interface on the watch.

Fun Facts

Technology is amazing, but if you don’t know how it works behind the curtains it’s indistinguishable from magic. The GPS we use everyday combines a lot of complex technologies under the hood. The satellites use the Therory of Relativity from Einstein to compensate for time dilation (time goes faster for the satellites than us). Without it the GPS system would drift 10km per day.

The coordinates system was invented 2000 years ago, but the thing that impresses me the most is how people navigated around the world by looking at the stars, with just a sextant or astrolabe. Today we can’t even find the Starbucks located 2 blocks away without using our smartphone.

Pictures

The first thing you realize when you no longer have a smartphone is that you don’t feel the need to take pictures of everything. You just enjoy the moment. Yes, I’m talking to you people who take pictures of all your meals… just eat your food.

Life is a full contact sport, don’t watch it through a 5 inch screen.

For the rest, I use a GoPro Hero5 Session. I chose this model (which was discontinued, but similar things exist) because of its size, waterproofing (10m) and minimalism. It’s just point and click. No screen to redo the shot if you missed something. It lets you enjoy the moment more.

It has 2-3 hours of battery, but I’ve never run out of it. Unfortunately you can’t change the battery, which makes it not that sustainable over the long run.

Quality wise the GoPro records very good video up to 4K in good light. The low light is bad and the pictures are average. I ended up recording videos more than taking pictures, after a while you get used to the camera and frame your shots accurately without a screen.

Even though it is really small, I don’t always carry the GoPro around.

GSM Calls

I started with a Nokia 100 however this thing is enormous and I was always forgetting it everywhere. I switched to a card phone: a credit card size GSM phone. There are a lot of models out there. If you buy one, make sure that it doesn’t run on Android.

I use a Aeku M5. It fits inside my slim wallet, has 3 days battery, a kill switch and bluetooth. The sound quality is the same as any other smartphone. The battery on card phones is quite standard, you can change it easily.

Sometimes I forget that it’s not really common and I freak out everyone around me when I get my phone out of my wallet to answer a call. It’s quite funny.

I use the card phone more as a last resort, since I prefer to use Signal for my daily calls and messaging. The GSM network is quite bad for privacy. All the calls and SMS are analyzed, can be intercepted and triangulated by anybody. Your position can be traced when your phone is on (no call required contrary to what Hollywood taught you). This also applies to smartphones, they use the same GSM network.

Battery

Since the batteries of the hardware listed above are so small and have a long autonomy, I can go weeks without a wall plug using a simple USB charger. This has been quite nice and practical when traveling.

Social and Psychological Effect

“Nothing vast enters the life of mortals without a curse.”
Sophocles

When I first told people I was going to switch from a smartphone to a “dumb phone”, people looked at me as if I had just spoken Chinese: “How are we going to communicate with you?”. But what they really meant was “How are you going to answer our 24/7 text messages instantly?”.

Instant Access

Technology has given us instant access to everything. From internet with all of humanity’s knowledge, to food delivery at our door, or even cat videos, you have an app for it. But technology has also given everybody access to you, and that’s bad. Not everything requires an instant response, nobody will die if you answer a text message later today or even tomorrow. Live your life.

Human Interaction

Texting was easy with the smartphone, so talking to people over messages was relatively simple. However when I switched to a “dumb phone”, texting became painful, unless I was on my computer (Signal has a desktop app).

So I started calling people… and quickly discovered that a lot of them have a call phobia, as if human interactions were toxic.

Not in the sense that they’d be busy and would call me later. But in the sense that they wouldn’t pick up, only to text me 5 seconds later to start the conversation. If I tried to call them back, same thing again. They don’t want to talk, they want to text.

We’ve reached a dangerous level in society where people are afraid of human interaction, refusing a phone call because it makes them interact more humanly and with less control. Texting gives you more reflection on what you’re gonna say than a real and instant conversation.

It’s Not Social Media Fault

Everybody blames social media for the psychological downsides of technology. But having experienced life without it for quite a while now, having used a smartphone and a “dumb phone”, I’ve discovered a big counter intuitive truth, that the real problem is being online: it’s the smartphone fault.

Social media are nice tools with real added benefits when you use it with moderation, like everything else in life. The problem is that having a smartphone in your pocket 24/7 connected to everything makes you overdose.

Don’t get me wrong, social media still has a lot of bad sides which for me outweigh the good it provides. I think this is a perversion due to the people who run them rather than due to the concept in itself. However the economy of attention can only get you if you are online, and that’s where the smartphone comes in.

And don’t try to kid yourself by blocking internet on your devices, it never works. I went through two withdrawal phases of 30 days each (social media and smartphone), and it was violent. At one point I was going through the settings on my watch looking for dopamine in the middle of a conversation sitting at a restaurant. Their systems have been designed by experts who study psychological and social behavior all day long, and they do a great job at keeping you in them. Like a drug addict, you are going to want your dopamine shot and turn internet back on.

Peace of Mind

“All of humanity’s problems stem from man’s inability to sit quietly in a room alone.”
Blaise Pascal

This was a discovery for me, as I didn’t expect that much life improvement before and after leaving the smartphone. And even if there was improvement with social media as well, it wasn’t the same. It’s in these little experiments that you realize the toxicity of things you use everyday. Technology and progress are awesome things, but they have their bad side too. The funny thing is that we are so addicted to them that it requires a tremendous effort just to realize it. A lot of people around me don’t understand how I can live my life like that, they tell me they will never do it. What they don’t realize is that we all used to do it, smartphones have only been mainstream these last 10 years. So unless you’re ten, you’ve lived your life just fine without it.

Life is not just more peaceful without a smartphone, it has great effects on your productivity too. More ideas, better results, memory, concentration… Most of the good ideas I have brainstorming are during these moments where everyone’s on their smartphone, waiting in line, commuting on the subway, etc… These “waiting” moments when you can instead let your mind go free and wonder.

Opening your phone every time you are bored kills your creativity and imagination.

I’ve been on both sides of the mirror, and this side is better. Don’t take my word for it, just try and see for yourself. After 3 years without social media and 2 years without a smartphone, I can tell you that I may go back to social media one day, however I will never have a smartphone again.

High Security Systems Still Exist

There are systems that are protected against nearly all attacks. Their main philosophy is not to fix the security issues but to prevent an attacker from accessing the system in the first place. You can’t hack something that’s not there. However these systems are painful to use, especially for their lack of internet connection. Here are the main techniques used in a high security system:

• Air Gapping: The device can’t connect to anything that is not physically plugged into it. No internet, wifi, bluetooth, speaker, microphone, webcam. Anything that can communicate with the outside world is physically removed from the electronic device.

• Non Contamination Protocol: Air Gapping is not sufficient (stuxnet is a good example of why it isn’t). Everything plugged into the air gapped device (like usb keys) can’t be plugged anywhere else. No exceptions. This prevents any information from getting out. I would even recommend not to plug anything that comes from another device (stuff like stuxnet or ransomware can still make some damage).

• Physical Protection: Non-contaminated air gapped devices are impossible to attack remotely. The only way is to access them physically. Having the electronic device hidden in a place that is difficult to access (e.g. in a safe) will protect it better.

• Full Disk Encryption: Physical Protection is not foolproof. An attacker can still get access to it with enough resources. To protect the information inside your device, encrypt its entire content. Not all types of encryption are made equal, we will talk about it later in this article.

• Tamper Evident System: The last remaining attack on an electronic device, after you’ve already used all of the above techniques, is to tamper it. The main goal is to access the encryption key when it is entered. Using tamper evident techniques (hardware and software) will alert you that somebody has modified your device to access your password (more about it in Two Layers of Encryption below).

• Backup: The last remaining problem is system failure. As long as your backups follow all of the above techniques, you can have as many as you want. Store them in a different location for increased safety.

Security is more about how you use the hardware/software rather than having a secure device in itself. It’s more about protocol than technology.

I have seen classified environment with less security than the one just presented. Using a device with all of the above techniques will guarantee an electronic fortress. However this creates a big problem: you become the information’s weak link. It means that an attacker will no longer try to hack or decrypt your device, but instead will threaten you in order to access the information inside it.

Plausible Deniability

Rubber-hose cryptanalysis from xkcd

To prevent being compelled to reveal your passwords, somebody invented Deniable Encryption. Basically you have two passwords: when you enter the first one the information decrypted is different than when you enter the second one. You use your device with the second password to work on the sensitive information (which can’t be accessed using the first password). In case somebody threatens you, you give them the first password. They will decrypt your device and see that there is no information (or if there is, info that is not sensitive).

In practice Plausible Deniability is problematic:

• Tools and techniques exist to detect the presence of a secondary password (Deniable Encryption).

• If your attacker sees that the system can use plausible deniability, they may not believe that there is only one password and therefore may continue to threaten you until you reveal the second one.

• It will be harder for you to pass lie detection tests since you are still able to access the sensitive information using a secondary password.

What you really want, if threatened, is not to be physically able to unlock your device. If you can’t decrypt the information, nobody has a reason to threaten you.

Two Factor Encryption

Two Factor Encryption uses your password in addition to something you possess to generate the encryption key of your device. In general these secondary factors look like USB keys. To decrypt the information, you need your password (50% of the key) and some information you don’t know, stored/calculated by your secondary factor (the other 50% of the key).

You can’t open your device without these two elements: your password and the secondary factor.

The beautiful thing is that if you break the secondary factor, you won’t be able to access your device and its backups. You can’t be compelled to decrypt the information, because you simply can’t: your password, which you can now freely communicate to your attacker, will not be enough.

Using Two Factor Encryption creates a physical “red button” which, if pressed, will destroy all access to the information in your devices (even offline backups stored in different locations).

This also has the side effect of preventing you from accessing your device’s information ever again. This is one disadvantage of Two Factor Encryption over Plausible Deniability, which is that you can’t access your data after the attacker is done with you. However if you’re handling sensitive information, it is very likely that you’d rather have it destroyed than letting it fall into the wrong hands.

YubiKey

A nice, affordable second factor for your encryption is a YubiKey. However there is no straightforward manual on how to use it, and the key has quite complex modes and functionalities.

If you are not a technical person, I will recommend using the password mode. It is not as safe as the challenge mode, but it will be simpler to use and to configure.

Password Mode

The YubiKey can act as a usb keyboard. When the button is pressed, it will send a combination of keys (a kind of password) as if someone was typing. This makes it compatible with everything that requires a typed password. However using this mode implies that the 50% of the key coming from your 2FE will be the same across all devices. If it is intercepted it will drastically reduce the security.

To use the password mode, when prompted to your login information, enter your password (the thing you know), then plug your YubiKey and press the button. It will “type” the rest of the “password” (the thing you possess but don’t know). You can then access your device.

In this scenario the thing you know is 50% of the password, the other 50% of it (which you don’t know) is stored on your YubiKey and typed for you when you press the button.

Challenge Mode

The challenge mode is safer than the password mode, however it is more complex to configure and use. The information received from the YubiKey (the 50% of the key that comes from the 2FE) is different for each device. If it is intercepted, it will not compromise the security of other devices.

To use the challenge mode, your encryption software has to be compatible with it (contrary to the password mode which works with everything). When prompted to your login information, enter your password, and then the software will send a challenge (a phrase or an id you pre-configured) to the YubiKey which will respond with the missing 50% of the encryption key. The combination of the two elements (your password and the 2FE response), creating the encryption key, will unlock your device.

The advantage of the challenge mode is that if you configure a different challenge (phrase or id) for each device you will have a different response each time, making your encryption key unique on all your devices and backups. This increases the security a lot in case one of them is compromised.

Not All Encryptions Are Made Equal

Cryptography may be the hardest thing in security. If you screw it up, nobody will come and tell you about it, and you will pay the consequences later on.

Serpent Encryption Algorithm

Serpent was part of the finalists of the AES competition. It was judged to be the most secure algorithm of them all, but was discarded due to its speed. However 20 years later, the computational power of everything exploded. Today the difference in speed between AES and Serpent doesn’t matter anymore, however the difference in security still does. This is part of the reason why you should use Serpent everywhere ;)

Truecrypt

Truecrypt is an awesome tool that has been proved to be complicated to break. The tool was suddenly discontinued in 2014 in what seemed to be due to third party pressure. An independent audit was financed by the community in 2013. The summary was released in 2015, showing “no evidence of deliberate backdoors, or any severe design flaws that will make the software insecure in most instances”.

Given that it’s complicated/impossible to break, that it’s been audited without any security flaw found, and the pressure put on the developers to stop the project: it’s safe to say that you should use it everywhere.

You can find Truecrypt here, the last version is 7.1a. Use the 3 ciphers cascade encryption mode.

If you use the hidden volume feature, be careful with older backup versions of your file container. The difference between the older version of the container and the newer version will reveal the use of an hidden volume (bytes will change where there is supposedly no data). Try to backup the content of your container inside a new one, so that there is no match at all between the backups and the original container.

Password

The last line of defense for your data is your password. Depending on the system you are using, the encryption key will be encrypted using your password, or directly derived from it. This means that even if you are using an unhackable electronic fortress, your security will drop to zero if you use a password like “1234”.

The short answer is to use a unique and long passphrase for each of your device/account. You can find more details on password safety in our podcast episode “Your Password Is Not That Safe”.

Two Layers of Encryption

A Tamper Evident System will warn you that your device has been modified to steal the encryption key (or your password). However most of them will not block the attack and will warn you once it’s already too late.

Practically speaking, having a Tamper Evident System will probably compromise your encryption key. That’s why you need 2 layers of encryption: the first one is a full disk encryption for the Tamper Evident System, the second one is a file container (like a Truecrypt container) for your data (unlocked once everything is notified as normal). From a user’s perspective it means entering two passwords instead of one.

In case of a breach, you will be notified by the system before entering the second password and therefore you will be able to stop before doing so. The attacker will be left with an encrypted file container (which if you use Truecrypt, has a better security than the full disk encryption). Your data will remain safe and inaccessible.

2FE Subtilities

Using Two Factor Encryption may be tricky. The security of the entire system relies on a small USB device and a password. Handled wrongly, it may have devastating consequences.

Train To Break It

Breaking the 2FE device may be difficult (YubiKeys are quite solid). When you will need to split the device in half, you may not have a lot of time. It may be a good idea to practice doing it with another device.

YubiKey Circuit from hexview.com

Depending on which model you have, you may need to break it at a different place. What you want is to snap the microchip containing the information. If the 2FE isn’t broken correctly, your attacker will still be able to access it.

Always On You

Always have the 2FE device on you. In case there’s a problem (e.g. kidnapping), you will have a small window of time to break it. Between the stress and adrenaline from a difficult event, it will be hard to focus. Train mentally to have the reflex to break the 2FE.

Don’t Back It Up

The entire security of the Two Factor Encryption resides in the single point of failure. If you backup your 2FE device, it will severely affect the security.

YubiKeys are quite reliable. However if you are afraid of a malfunction, you can have a duplicate as long as it follows the same rules. It means having your 2 devices always side by side. Take into consideration that in case there’s a problem, you will need to break two devices instead of one (this will take twice as long in a situation where time is crucial). Alternate their use to check regularly that both are in working condition.

Scripting

If your encryption system is not compatible with 2FE (like Truecrypt) you can always interface its use using a script. You can also use the password as a challenge for the 2FE, leaving less trail.

Bonus Points: Emails And Clouds

Although Two Factor Encryption doesn’t protect you from being hacked over the internet (that’s why we use air gapped devices), nonetheless it’s always a good idea to have it on your less secure devices. One cool thing about Two Factor Encryption is that it can be used with anything online that has end-to-end encryption (with password protected/derived keys).

2FE is not the same thing as OTP (Two Factor Authentication), which these services also offer. You should enable OTP everywhere, the YubiKey is compatible with it.

Email

ProtonMail is an email provider that offers end-to-end encryption. Using 2FE with their service allows you to protect your email communications in case of threats to access your data.

Cloud

Tresorit and Mega are online cloud solutions for your files that offer end-to-end encryption. Using 2FE with them will protect your files from being accessed if you are being threatened.

If you install E2EE apps on your smartphones, be careful, as some may store the encryption keys on the phone. Securing a smartphone is a lot more difficult, these stored keys have more probability to be accessed by your attacker.