How To Secure Your Family's Devices Against Scams
Practical device security steps the whole family can put in place to reduce the risk of falling for phishing, malware, and account takeover scams.
Last reviewed: 1 June 2026
Many scams succeed because a device or account was left unlocked by a basic security gap — a reused password, no two-factor authentication, an outdated browser, or a suspicious app. Securing your family's devices does not require technical expertise. A few one-time changes and a couple of shared habits close the vast majority of doors that scammers use. This guide walks through each step in plain language.
Passwords and account access
Weak or reused passwords are the single biggest technical vulnerability. A password manager takes the effort out of fixing this.
- Use a password manager — a single strong master password protects all the rest
- Every account should have a unique password generated by the manager
- Never reuse the same password across banking, email, and social media
- Change any passwords that have been shared with others or compromised
Two-factor authentication (2FA)
2FA means a thief who knows your password still cannot access your account without a second code. Enable it on every account that offers it, starting with email, banking, and social media.
- Enable app-based 2FA (e.g. Google Authenticator) rather than SMS where possible
- Prioritise: email, banking, social media, and any account linked to payment
- Store backup codes safely — in a password manager or printed and locked away
Keep software updated
Updates patch security vulnerabilities that scammers actively exploit. Enabling automatic updates removes the need to remember.
- Enable automatic updates on all phones, tablets, and computers
- Keep browsers and apps updated, not just the operating system
- Avoid clicking 'remind me later' on security updates
Recognise phishing links and malicious downloads
Phishing links and malicious files are the most common way devices are compromised. A short family habit review helps everyone stay alert.
- Hover over links before clicking to check the real destination
- Be suspicious of any attachment or download from an unexpected source
- Legitimate banks and services will never ask you to install software via a link in an email
- If in doubt, go to the site directly by typing the address rather than clicking the link
Frequently asked questions
Which password manager should I use?
Several well-regarded options are widely available, including Bitwarden (free, open source), 1Password, and Dashlane. The best one is the one you will actually use — any reputable password manager is vastly better than reusing passwords.
Is SMS two-factor authentication good enough?
SMS 2FA is much better than no 2FA at all, but app-based authentication is more secure because it cannot be intercepted via SIM-swapping. Use app-based 2FA where the option is available, and SMS 2FA where it is the only option.
My family member refuses to use a password manager — what can I do?
Focus on the highest-risk accounts first: email and banking. Help them set strong, unique passwords for those two categories at minimum. Even partial adoption is better than the status quo. Explain that the manager remembers everything — they only need one password.