← Back to knowledge base

Staying safe online: passwords, phishing and basic security

securitypasswordstips

“Your password has been compromised.” “Click here to secure your account.” You get them regularly: emails that create urgency and push you to act. Sometimes they’re real, often they’re not. Here’s how to tell the difference, and how to better protect yourself.

Strong passwords — the basics

A strong password is:

  • Long — at least 12 characters, preferably 16+
  • Unique — a different password for every website
  • Hard to guess — no names, birthdays or “password123”

Tip: use a passphrase. For example: MyCatEats3FishPerDay! — long, easy to remember, hard to crack.

Use a password manager

You can’t remember a unique password for every website. You don’t have to. A password manager does it for you:

  • Bitwarden (free, open source) — recommended
  • 1Password (paid, very user-friendly)
  • Your browser’s built-in manager — better than nothing

You only need to remember one strong password: the one for your password manager.

Two-factor authentication (2FA)

Enable this on all important accounts: email, banking, social media. With 2FA you need a code (via SMS or an app) in addition to your password. Even if someone knows your password, they can’t get in.

Best options:

  1. Authenticator app (Google Authenticator, Microsoft Authenticator) — most secure
  2. SMS code — better than nothing, but less secure
  3. Physical key (YubiKey) — for your most critical accounts

Spotting phishing

Phishing emails are getting better, but there are red flags:

  • Urgency: “Your account will be blocked within 24 hours”
  • Strange sender: look at the email address, not just the display name
  • Check links: hover over a link — does the domain match?
  • Attachments: never open unexpected attachments, especially .exe or .zip files
  • Spelling mistakes: less reliable these days (AI rarely makes errors)

Not sure? Don’t click the link. Go to the website yourself by typing the address.

Windows Defender is enough

You don’t need paid antivirus software. Windows Defender (built into Windows 10 and 11) scores just as well as paid alternatives. Make sure it’s turned on and up to date — that’s all most people need.

Need help?

In a 60-minute session I can help you set up a password manager, enable 2FA on your key accounts and check your computer for security risks.

Need help? Get in touch.

Get in touch
← Back to knowledge base