Online security can sound intimidating, but at its core, it comes down to a few simple habits that anyone can learn. This guide walks you through creating passwords that are both strong and memorable, storing them safely, and protecting your devices from unwanted access. Take it one section at a time, and by the end, you'll have practical tools that genuinely keep your accounts safer.

(A quick guide with the key points from this resource can also be downloaded as a PDF so you can read it anytime, even if you are offline. Click here to download your copy.)

SECTION 1: Why Strong Passwords Matter

It's easy to assume that hackers target only businesses or wealthy individuals, but the reality is that everyday people are among the most common targets. Understanding what's actually at risk, and how quickly a weak password can be compromised, is the first step toward protecting yourself. This section lays out the facts clearly, without alarm, so you can make informed decisions about your own security.

You might think you "don't have anything worth stealing online". However, when hackers gain access to the accounts of an ordinary senior, here is what they actually target:

• Your bank accounts and credit cards.

• Your email, which they use to reset passwords for everything else.

• Your social media to scam your friends and family.

• Your shopping accounts to make purchases.

Hackers use computer programs that can guess millions of passwords per minute. For example, a password like "password123" can be cracked in less than a second, and a name plus birth year, like "johnsmith1945," is also quickly cracked.

Key Message: Think of strong passwords like good locks on your house. They keep the casual troublemakers out and slow down the serious ones long enough for other security measures to kick in.

SECTION 2: The Passphrase Method (The Simple Way to Be Strong)

Creating a strong password doesn't mean struggling to remember a jumble of random letters and symbols. The passphrase method works with your memory rather than against it; it turns something personal and meaningful to you into a password that's genuinely difficult for anyone else to crack. Once you've tried this approach, you may find that strong passwords are far less trouble than you expected.

Forget random letters and numbers. We are going to use sentences that mean something to you. This is called the passphrase method.

Step 1: Choose a Memorable Phrase (The Foundation)

Your phrase must be meaningful to you, but not something easily guessed from your social media.

Think about:

• Something you do regularly (e.g., "I walk my dog every morning").

• A hobby you enjoy.

• A place you love to visit.

• A routine you follow.

Step 2: Strengthen Your Phrase (The Transformation)

You will turn your memorable phrase into a secure password by making simple substitutions and adjustments. Start simple and use the same substitutions every time (e.g., 0 for O, @ for A).

Here is an example transformation using the phrase "I walk my dog every morning":

Result: This final password is 30 characters long, has upper and lowercase letters, numbers, and symbols, but is still easy to remember because it started with a meaningful phrase.

Step 3: Length Matters

The minimum "magic number" is 12 characters, but longer is always better. A 12-character password might take years to crack, while a 30-character password would take longer than the age of the universe.

Encouragement: Start with a phrase that gets you to at least 12 characters, then add elements (like the year or symbols) to make it longer. You only need to create this strong password once, then store it safely.

Password DO's and DON'Ts

Password Rotation Strategy

Apply different security levels based on risk:

• High-risk accounts (banking, email, password manager): Change every 3-6 months.

• Medium-risk accounts (social media, shopping): Change annually or after any security breach.

• Low-risk accounts (news sites, forums): Change only if compromised.

SECTION 3: Password Storage - Choose Your Method

Once you have a strong password, the next question is where to keep it safely. There's no single right answer here; the best method is simply the one you'll actually use consistently. This section walks you through both digital and physical options so you can choose the approach that suits your comfort level and daily habits.

You have two excellent choices for storing your passwords safely: digital or physical. Neither method is wrong; choose what feels most comfortable for you.

❖ Digital Storage

Digital storage means your device remembers your passwords for you.

Important Security Note for Digital Storage: If you choose digital storage, your phone or computer MUST have a screen lock. This is non-negotiable, as anyone who picks up an unlocked device can access everything, including your stored passwords.

How to Turn On Your Browser's Password Manager

• Chrome: Click the three dots (top right) > Settings > Autofill > Passwords. Turn on "Offer to save passwords" and "Auto Sign-in".

• iPhone/iPad: Settings > tap your name at the top > iCloud > "Passwords and Keychain" > turn on.

• Microsoft Edge: Click the three dots > Settings > Profiles > Passwords. Turn on both options.

❖ Physical Storage

If you prefer writing things down, a notebook in your locked desk drawer is often safer than a weak password.

Best Practices for Physical Storage:

1. Use a small notebook or dedicated password logbook.

2. Keep it locked away—do not leave it next to your computer.

3. Never leave it in public areas.

4. Consider writing hints instead of full passwords.

The Hint Method: Instead of writing the full, complicated password (e.g., IW@lkMyD0gEveryM0rning2024!), write a hint that only you would understand.

Example: Write "Bank: Dog walking phrase with 2024". Reasoning: If someone finds your notebook, they still cannot access your accounts without knowing your personal phrase and your substitution system.

Dedicated Password Manager Apps

A password manager app offers the most comprehensive protection and is one of the best decisions you can make for your online safety.

• One Master Password: You only need to remember one strong password to access all the others.

• Automatic Generation: The app creates impossibly strong passwords for you.

• Auto-Fill: No more typing; it fills everything in automatically.

• Sync Across Devices: Works on your phone, tablet, and computer simultaneously.

• Offline Access: Passwords are stored locally, so you can access them even without internet.

Even if a password manager were hacked, your passwords are encrypted so thoroughly that hackers cannot read them. It is like having a safe within a safe. Write your master password down and store it somewhere physically secure, such as a home safe or safety deposit box. This is far safer than having passwords written on sticky notes around the house.

SECTION 4: Essential Account Management

Setting up a new online account or recovering a forgotten password are two situations that trip up even confident technology users. Having a clear, repeatable process for both takes the stress out of the moment and helps you stay organized as your list of accounts grows over time. The steps below are straightforward and worth keeping nearby as a reference.

❖ How to Set Up a Password for New Accounts (Step-by-Step)

Follow this process every time you create a new online account:

About Two-Factor Authentication (2FA): Think of 2FA as two locks on your door. The website sends a code to your phone when you log in. It is extra security, but your strong password is still good protection on its own. Only enable 2FA if you are comfortable with it.

❖ Forgotten Password Recovery

Everyone forgets passwords—it is normal. Here is what to do when it happens:

1. Look for the "Forgot Password" link (it is usually right on the login page) and click it.

2. The website will ask for your email address, then send you a link to reset your password. Check your email (sometimes the link goes to your spam folder).

3. Follow the link, create a new strong password, and store it safely. Do not reuse your old password.

Troubleshooting: If you forgot which email you used, check your inbox for old welcome messages from that website. If you are still stuck, contact the website's support team.

SECTION 5: Device Security Basics (Screen Locks)

A strong password protects your accounts online; a screen lock protects everything stored on your device itself. If your phone or tablet were ever lost or left unattended, a screen lock is the one thing standing between a stranger and your personal information. Setting one up takes only a minute or two and is one of the most effective security steps you can take.

Even with great passwords, you need to protect access to your devices—this is like locking your front door. A screen lock protects everything: your email, banking apps, photos, and all your stored passwords.

Screen Lock Options

Recommended Settings:

• Set your screen to lock after 2–5 minutes of inactivity.
• Also, make sure your device locks immediately when you press the power button.

Why Screen Locks Matter: Imagine these scenarios:

• Your phone falls out of your pocket at a restaurant.

• You leave your tablet at the coffee shop.

• Someone visits your home and sees your computer open.

A screen lock prevents anyone who finds your device from immediately accessing your sensitive data.

SECTION 6: Two-Factor Authentication (2FA)

Even the world's strongest password can sometimes be obtained by hackers through a fake website or a company data breach. Two-factor authentication (2FA) is a second layer of security that stops them even then. Think of it as a deadbolt added to a door that already has a strong lock.

How 2FA Works

2FA means you need two things to get into your account:

• Something you know: your password.

• Something you have: your phone.

It is like using an ATM. You need your card and your PIN. A thief cannot use just one without the other. Here is the sequence every time you log in:

1. You enter your username and password as usual.

2. The website sends a code to your phone.

3. You enter that code to complete the login.

4. Even if someone has your password, they cannot get in without your phone.

Types of 2FA

• Text Message: A code sent to your phone via SMS. The easiest option to start with.

• Authenticator App: A special app generates codes directly on your phone. More secure than text messages. See Section 7 for full setup instructions.

• Email: A code sent to your email address.

Which Accounts to Protect First

• Your email account — most important, as it controls everything else.

• Banking and financial accounts.

• Social media accounts.

• Any shopping accounts with saved payment information.

How to Set Up 2FA

5. Find Security Settings: Look for 'Security' or 'Account Settings' in the account menu.

6. Enable 2FA: Find 'Two-Factor Authentication' or 'Two-Step Verification.'

7. Choose Method: Start with text message if you are new to this.

8. Verify: Enter the code sent to your phone to confirm setup.

9. Save Backup Codes: Print these and keep them somewhere safe — not on your phone.

Important Tips

• Keep backup codes in a safe physical location, not on your phone.

• Never share a 2FA code with anyone. Legitimate companies will never ask for it.

• If you lose your phone, contact each account's customer service immediately.

SECTION 7: Google Authenticator

Text message codes are a good start, but authenticator apps are significantly more secure. Criminals can sometimes intercept text messages or convince your phone company to transfer your number to a new SIM card they control. An authenticator app eliminates that risk entirely because the codes are generated directly on your phone and never travel across a phone network.

Key Advantages

• Codes are generated on your phone, making them much harder to steal than SMS codes.

• Works even without cell service or Wi-Fi.

• Codes are generated using your phone's internal clock, so the app works even if the internet is down.

Step-by-Step Setup

Step 1: Download the App

• Go to your app store and search for "Google Authenticator".

• Download and install it. It is free.

Step 2: Enable 2FA on the Account You Want to Protect

• Log in to the account.

• Go to its security settings.

• Choose "Authenticator App" instead of text message.

Step 3: Scan the QR Code

• The website will show you a square barcode.

• Open Google Authenticator on your phone.

• Tap the "+" button and choose "Scan QR code".

• Point your phone's camera at the barcode on the screen.

Step 4: Verify Setup

• The app will show you a 6-digit number.

• Type this number into the website to confirm setup.

• Note: the number changes every 30 seconds. That is normal and intentional.

Step 5: Save Your Backup Codes

• Always save your backup codes when the website offers them.

• Store them somewhere physically safe, such as a locked drawer at home.

Why backup codes matter: If you lose your phone, these codes allow you to get back into all your accounts quickly. Without them, regaining access to each account can take days or weeks of calls to customer service.

SECTION 8: Your Action Plan

People who use strong passwords and two-factor authentication are dramatically less likely to be hacked. These steps do not require technical expertise; they simply require doing them once. The list below tells you exactly where to start.

Do These First

• Change your most important password (email or banking) to a new passphrase using the method in Section 2.

• Store that new password safely using whichever method from Section 3 suits you best.

• Set up or update the screen lock on your phone or tablet.

Do These Next

• Set up 2FA on your email account.
• Set up 2FA on your banking and financial accounts.
• Enable your browser's built-in password manager.

When You Are Ready

• Download Google Authenticator and switch your most important accounts to app-based 2FA.

• Work through your remaining accounts and update passwords using the passphrase method.

• Set a reminder to review your passwords on schedule: banking and email every 3-6 months; social media annually.

Additional Resources

• Canadian Anti-Fraud Centre: 1-888-495-8501

• GetCyberSafe.ca for additional online safety tips

• Your local police department for current scam alerts

Your Action Items

1. Change one old password (start with your most important account, like email or banking) to a new, stronger passphrase using the method you learned today.

2. Store that new password safely (either digitally or physically).

3. Set up or update your screen lock on your phone or tablet.

.

.

Return to the CyberSmarts for Seniors Introduction:

CyberSmarts for Seniors: Practical Lessons to Build Digital Confidence and Safety

.

.

This resource is part of the CyberSmarts for Seniors Project, funded in part by the Government of Canada’s
New Horizons for Seniors Program and ELNOS, and delivered in Elliot Lake by Raknas Inc. and Golden Voices, the seniors-focused division of the DiversityCanada Foundation.

Download PDF

How to download a quick guide with the key points of this article as a PDF:

—Click the File Name below (in blue).

— If your device is set up to download automatically, the file you just clicked will be saved where your downloaded items can be found (usually in your Downloads folder or Desktop).

—If your device is not set up to download automatically, a dialogue box should pop up.

—Click Save.

—According to your device settings, the file may now be saved where your downloaded items can be found (usually in your Downloads folder or Desktop).

—Alternatively, your device may show you a window, and you will have the chance to choose a location where you want to save the file. Choose a place that's easy to find, like Downloads, Documents, or Desktop.

—The PDF will be downloaded to your device.

—You can now open it anytime in the future, even without an Internet connection.