If you only ever do five things, do these. Together they prevent the large majority of real-world attacks against everyday people — and they're the map for everything else in this course.
The list
- Use a password manager and a unique password per site.
- Turn on two-factor authentication for email, banking, and socials.
- Keep your phone and computer updated (enable automatic updates).
- Set up automatic backups for your phone and computer.
- Slow down on unexpected messages asking you to click, pay, or log in.
Start with email
If you do nothing else today, secure your primary email account. It's the master key — whoever controls it can reset the password on almost everything else.
Why these five
Each one removes an entire category of attack, not just a single trick:
| Habit | What it stops |
|---|---|
| Password manager | Reused-password breaches |
| Two-factor auth | Logins with a stolen password |
| Updates | Known, already-patched security holes |
| Backups | Losing data to theft, loss, or ransomware |
| Slowing down | Phishing and scams |
A reused-password breach often becomes credential stuffing — attackers taking passwords leaked from one site and trying them, automatically, on all your others. That's exactly why a unique password per site quietly defends everything at once.
This lesson is the map, not the journey
You don't have to set all of this up today, or perfectly. Each habit gets its own proper walkthrough in the sections ahead — passwords and 2FA in the Accounts section, updates and devices under phone and computer security, backups in their own section, and spotting scams in the Scams section.
For now, just secure that one email account and grab the checklist below. Tick each habit off as you reach it, and by the end of the course you'll have all five in place.