How To Secure Your Family's Devices Against Scams
Practical device security steps the whole family can put in place to reduce the risk of falling for phishing, malware, and account takeover scams.
Last reviewed: 1 June 2026
Many scams succeed because a device or account was left unlocked by a basic security gap — a reused password, no two-factor authentication, an outdated browser, or a suspicious app. Securing your family's devices does not require technical expertise. A few one-time changes and a couple of shared habits close the vast majority of doors that scammers use. This guide walks through each step in plain language.
Passwords and account access
A weak or reused password is still the single biggest technical vulnerability in most families' digital lives, because if one account is breached in a data leak, every other account using that password becomes vulnerable too. The fix doesn't require memorising dozens of complex passwords: a password manager generates and stores a unique, strong password for every account and fills it in automatically, so the only thing you need to remember is one master password. Set this up together as a family, starting with email, since it's usually the recovery route into everything else, and encourage teenagers and older relatives alike to use it, since it removes effort rather than adding a chore.
- Use a password manager — a single strong master password protects all the rest
- Every account should have a unique password generated by the manager
- Never reuse the same password across banking, email, and social media
- Change any passwords that have been shared with others or compromised
Two-factor authentication (2FA)
Two-factor authentication means that even if a scammer gets hold of your password, they still can't get into your account without a second code, usually sent to your phone or generated by an app. This single step blocks the overwhelming majority of account takeover attempts, because it turns a stolen password from a working key into a useless piece of information. Enable it on every account that offers it, prioritising email, banking, and social media, since these are most valuable to a scammer and most damaging if lost. An authentication app is generally more secure than text messages, but a text code is still far better than no second step at all.
- Enable app-based 2FA (e.g. Google Authenticator) rather than SMS where possible
- Prioritise: email, banking, social media, and any account linked to payment
- Store backup codes safely — in a password manager or printed and locked away
Keep software updated
Software updates aren't just new features — many exist specifically to close security holes that have already been discovered and are actively exploited by scammers to break into devices. Turn on automatic updates for phones, computers, and any apps that offer it, so this happens quietly in the background rather than depending on anyone remembering to check. This matters just as much for older relatives' devices as for teenagers' — it's worth spending ten minutes checking automatic updates are on next time you help a parent or grandparent with their phone, since this one setting removes an entire category of risk without any ongoing effort from them.
- Enable automatic updates on all phones, tablets, and computers
- Keep browsers and apps updated, not just the operating system
- Avoid clicking 'remind me later' on security updates
Recognise phishing links and malicious downloads
Most device compromises start with a click: a link in a text claiming to be from a delivery company, or a pop-up warning about a virus that isn't real, each designed to steal your login details on a fake page or install malicious software the moment you open it. A short family review is worth doing together — sit down for ten minutes and compare a few real phishing examples with genuine messages, pointing out the small tells: a slightly wrong web address, urgent language, or a request to 'verify' details you'd never normally be asked for over text. Agree a family rule that any unexpected link or attachment gets checked with someone else before it's opened.
- Hover over links before clicking to check the real destination
- Be suspicious of any attachment or download from an unexpected source
- Legitimate banks and services will never ask you to install software via a link in an email
- If in doubt, go to the site directly by typing the address rather than clicking the link
Frequently asked questions
Which password manager should I use?
Several well-regarded options are widely available, including Bitwarden (free, open source), 1Password, and Dashlane. The best one is the one you will actually use — any reputable password manager is vastly better than reusing passwords.
Is SMS two-factor authentication good enough?
SMS 2FA is much better than no 2FA at all, but app-based authentication is more secure because it cannot be intercepted via SIM-swapping. Use app-based 2FA where the option is available, and SMS 2FA where it is the only option.
My family member refuses to use a password manager — what can I do?
Focus on the highest-risk accounts first: email and banking. Help them set strong, unique passwords for those two categories at minimum. Even partial adoption is better than the status quo. Explain that the manager remembers everything — they only need one password.