Passwords & 2FA: the 20-minute upgrade that stops most attacks

June 20, 2026

Most break-ins don’t involve a hooded genius typing fast. They involve a reused password that leaked from some other website. Fix this one thing and you’ve closed the door attackers walk through most often.

Step 1 — Get a password manager

A password manager is a secure app that remembers a long, unique password for every account, so you don’t have to. You memorize one strong master password; it handles the rest.

Pick a reputable one (Bitwarden and 1Password are popular).
Install it on your computer and phone.
Let it generate new, unique passwords as you log in to each site.

Step 2 — Turn on two-factor authentication (2FA)

Two-factor means logging in needs two things: your password and a second code (usually from an app on your phone). Even if your password leaks, an attacker can’t get in without that second code.

Turn it on for your most important accounts first:

Email (this is the master key — if someone owns your email, they can reset everything else)
Banking and payment tools
Your website host and domain account
Social media and cloud storage

Step 3 — Use an authenticator app, not text messages

Where you can choose, use an authenticator app (like Authy or Google Authenticator) instead of codes sent by text. Text messages can be intercepted or hijacked; app codes are safer.

That’s it

Twenty minutes of setup removes the most common way small businesses get compromised. Do email first, today.

Want help putting this into practice?

I can review or set this up for your business.

Work with me →