Security for my Mom: Guide to Hacker Im-proofing

🗺️ Series: Overview (current page) • Part 1: Recognizing Scams → • Part 2: Essential Tools → • Part 3: Network Security → • Part 4: Daily Habits →

⚠️ Disclaimer

I’m not a certified security professional or lawyer. I’m just sharing my experience and security habits - things I try to follow myself and urge my mom to practice as well. This is not a professional security consultation, nor a legal advice. Your situation may differ. When in doubt, consult with qualified paid professionals.

In light of recent news with major data breaches (Equifax, Capital One, T-Mobile, and countless others), I’ve been asked by several non-tech friends and family members (Love you, Mom!) for advice on how to avoid getting hacked.

This guide is what I personally do and what I suggest to my family. These aren’t theoretical best practices from a security textbook - they’re the actual steps I take to protect myself.

🎯 Golden Rule

If something sounds too good to be true, it probably, most likely, definitely - is.

The Complete Security for Humans Series

I broke down what I taught my mom into 4 parts. Here’s what we covered:

Part 1: Recognizing Scams & Social Engineering

The first thing I taught her: the human element is the weakest link. We went through how to spot phishing, phone scams, and social engineering attacks.

What’s in this part:

• Email phishing red flags (she kept almost clicking links!)
• Social engineering tactics scammers use
• Phone scam recognition (especially those fake IRS calls)
• What information I never give out (and told her not to either)
• Real-world scam examples I’ve seen

→ Read Part 1: Recognizing Scams

Part 2: Essential Security Tools

I told Mom that two tools would handle most of her security worries: password managers and two-factor authentication. This is what made the biggest difference for her.

What’s in this part:

• Why I use password managers (and which one)
• How I convinced Mom to use 1Password
• How I set up 2FA for her
• The different 2FA methods (I use authenticator apps, she uses SMS)
• My take on antivirus and software updates

→ Read Part 2: Essential Security Tools

Part 3: Network & Home Security

I think of the router as the front door to the house. I spent an afternoon setting up Mom’s router properly and explaining why it matters.

What’s in this part:

• How I changed her router passwords (finally!)
• Setting up her guest network
• Why I put her smart TV on a separate network
• My home firewall setup (Firewalla)
• What I use at home and what I set up for Mom
• Router firmware updates (now automatic)

→ Read Part 3: Network & Home Security

Part 4: Daily Security Habits

Security isn’t a one-time thing - it’s daily habits. This part covers what I do every day and what I taught Mom to watch for.

What’s in this part:

• My browsing habits
• How I handle social media (I don’t overshare)
• My online shopping safety rules
• How I monitor my credit (and set up monitoring for Mom)
• What I did when I got hacked (I keep a checklist)

→ Read Part 4: Daily Security Habits

The 80/20 Rule: What I Did First

When Mom said “I don’t have time for all this,” I told her to start with these 5 things. This is what made the biggest impact:

🚀 What We Did First

1. Installed 1Password - 1Password for her, I also like Bitwarden
2. Enabled 2FA on her email and bank - This took 10 minutes and protects everything
3. Changed her router’s default password - Can’t believe she never did this!
4. Taught her not to click suspicious links - When in doubt, don’t click
5. Froze her credit - Free at all 3 bureaus, stops identity theft

Time it took: 1-2 hours How much safer she is: ~80% safer

How I Walked Mom Through This

If She Had 5 Minutes

I’d make her do the “80/20” list above - those 5 things that handle most of the risk.

If She Had 30 Minutes

I’d have her read Part 1 (Scams) and Part 2 (Essential Tools).

If She Had A Weekend

We’d go through all 4 parts together. That’s what we actually did.

What Mom Can Do Now

Part 1: Recognizing Scams

• Can spot phishing emails
• Knows the phone scam tactics
• Checked Have I Been Pwned
• We have a security code word

Part 2: Essential Tools

• Uses 1Password
• Has 2FA on email
• Has 2FA on banking
• Automatic updates enabled

Part 3: Network Security

• I changed her router password
• Set up her guest network
• Put her smart TV on guest network
• Router auto-updates now

Part 4: Daily Habits

• Reviewed her social media settings
• Uses credit cards online (not debit)
• I froze her credit
• We have our annual security talks

Real Impact: My Mom’s Story

Before:

• Sticky notes with passwords everywhere
• Same password for all accounts
• No 2FA
• Never changed router password
• Fell for a phishing email once (lucky nothing happened)

💬 What Mom Said

“I thought you were going to make this super complicated. Instead I just click the thing and it fills in the password. Why didn’t someone tell me about this years ago?! I’ve been writing passwords on sticky notes like …. like a person who raised you. So no comments.”

After (3 months):

• 1Password with 80+ unique strong passwords
• 2FA on all important accounts
• Secured router with guest network
• Successfully identified and reported 3 phishing attempts
• Actually enjoys using the password manager!

How I Approached This With Mom

Here’s how I approached it with Mom:

The “Just Make It Stop” Approach (1 Hour)

When Mom was freaking out about data breaches, I made her do three things:

1. Install 1Password (or Bitwarden - has free hosted version and open-source self-hosted option)
2. Enable 2FA on email
3. Let me change her router password

That handled most of it.

The “I Actually Want To Understand This” Approach (2-4 Hours)

This is what we ended up doing over a weekend:

1. Read all 4 parts together
2. I set things up while explaining why
3. Started with Part 1: Recognizing Scams

The “Oh Crap I Think I’m Hacked” Approach (Right Now)

When I thought I got hacked, here’s what I did:

1. Jumped straight to Part 4: What I Did When I Got Hacked
2. Followed the emergency checklist I keep there
3. After dealing with it, came back and read everything else

Tools & Resources I Actually Use

What I Use

Password Managers:

• 1Password - What I use for myself and family ($5/month)
• Bitwarden - What I’d use if I wanted free & open-source

Security Checking:

• Have I Been Pwned - I check this quarterly
• 2fa.directory - How I find out which sites support 2FA
• VirusTotal - I scan suspicious files here

Credit Protection:

• AnnualCreditReport.com - I pull one every 4 months
• IdentityTheft.gov - Where I’d report identity theft

What I Read

Official Sources:

• CISA Cybersecurity Tips - US government security alerts
• FTC Consumer Alerts - Scam warnings
• Privacy Guides - Comprehensive privacy guide

Blogs I Follow:

• Krebs on Security - Best security news blog
• Bruce Schneier - The security expert
• Electronic Frontier Foundation - Digital rights

Questions Mom Asked

“Is this stuff still current?” Last updated January 2025. I review this every year when I do Mom’s annual security checkup.

“I’m not good with computers. Will I understand this?” Mom said the same thing. She figured it out, and I think anyone can.

“How long did this actually take?” For the bare minimum (password manager + 2FA): about an hour. We did the full thing over a weekend - probably 3-4 hours total.

“Should I show this to Grandma?” Mom already did. I think the more people who do this, the safer we all are.

One Last Thing

Perfect security doesn’t exist - that’s simply impossible. Even the Pentagon gets hacked.

But here’s what I told Mom: you don’t need to become Fort Knox. You just need to lock your front door. It won’t stop a determined professional, but it’ll stop the amateur trying doorknobs.

That’s how Mom went from “sticky notes with password123” to having better security than most tech professionals. One thing at a time, over a few months.

Start Reading

→ Begin with Part 1: Recognizing Scams & Social Engineering

Last updated: January 31, 2025