For Mom: Using a Computer

• Finding Help
• Email Security
• Account Passwords
• Two-Factor Authentication (2FA)

# Finding Help

If you don't understand or don't know how to do something, use the Internet:

1. Go to a search engine like google.com.
2. Enter the term or question you want to investigate. You don't need punctuation.
3. Click "Search".
4. Peruse the results. The first result or two are usually sufficient — search engines prioritize useful results — but sometimes you'll need to synthesize answers from multiple results. Some search engines like Google provide useful AI-compiled summaries. If you don't find what you want, reword your search and try again.

For example, suppose you forgot how to bold or un-bold text in Microsoft Word. Follow the steps above and search for "how to bold text in microsoft word on mac". The results:

• Google's AI summary:

  To bold text in Microsoft Word on a Mac, select the text you want to make bold, then press the keyboard shortcut "Command+B"; you can also click the "B" icon in the formatting toolbar at the top of the Word window.

• The first webpage result (as of this writing) is from Quora, a forum where people post questions and get answers. The page's title is "How to make your font bold in Microsoft Word on a Mac computer". Sounds promising!

Wikipedia is a good encyclopedia. It's great for introductions to concepts, especially uncontroversial ones, and most articles link to sources.

The usual advice about seeking advice applies:

• Think before you do.
• If someone urges you to do something, they're probably playing on fear. You probably don't need to do it, at least not right away. Step back.
• Check the source. More well-known and reputable sources are usually more trustworthy.
• Beware people trying to sell you things.
• Don't click links or download anything unless you're sure it's from a reputable company (one you do business with) and absolutely necessary. Some links and downloads contain malware. What you have on your computer is pretty much all you need.
• Check a website's URL (the "http://www" or "https://www" blah blah blah part at the top of your browser). Reputable sites have well-known URLs, such as "https://chase.com" or "https://www.chase.com" for Chase Bank. Criminals sometimes impersonate businesses and agencies with similar-looking URLs; for example, one might create a website called "https://www.chas.com" (notice the missing 'e') or "https://www.chase.net" (notice the different ".net" suffix). If you're careless, you might visit a criminal's imitation website, which might look exactly like the real thing.

  If in doubt, search google.com for the company's or agency's name. Its official website URL will usually be the first or second result.

# Email Security

Criminals frequently target people with fake emails that look like they're from legitimate sources, such as your bank. These are called phishing emails because they're "fishing" for your passwords, personal data, and bank accounts.

Keep these in mind when you're checking email:

• Old advice applies: If it sounds too good to be true, it probably is.
• Criminals play on urgency, fear, authority, threats ("The IRS has found problems with your tax return and is going to audit you. You have $215 of unpaid tax. Send the amount to the following account or face the possibility of jail time."), and other psychological tricks to force compliance. In reality, things are rarely urgent.
• Beware totally unexpected emails. For example, if you get an email about an undelivered package (with a link to enter your information for re-delivery) but you weren't expecting a package, ignore the email! Same for email messages from businesses you've never heard of or don't do business with.
• If you get a fishy-looking email that says it's from a business you use (say, your bank), search the business via google.com and call or email them using their official contact information. Ask them whether the email's contents are legitimate. (This has a dual benefit: If the email is fake, you'll alert the business.)
• Carefully check each email's sender. In Gmail, if you hover your mouse over a sender's name, your web browser will show a pop-up box with the sender's full email address.
  • Check the website portion of the email address ("...@somewebsite.com"). Look carefully for typos in the website's name: If it isn't the alleged business's official website, the email is suspect.
  • Some businesses have alternative email addresses for certain kinds of email. Compare the sender's email address with sender email addresses in legitimate emails you've received from the business.
• If in doubt, NEVER reply to a suspicious email message or use its contact information. Find the business's or person's official contact information (as I mentioned above) and use that instead.
• Beware all links and attachments. If you have any doubts about an email, don't click its links or download its attachments.
• Before you click a link, hover your mouse over it for a few seconds. Your browser will show the full link on the bottom of your browser window or as a tooltip pop-up by your mouse cursor. Check the beginning of the link's URL (the "http://www" or "https://www" blah blah blah part) for suspicious websites. (Also beware typos there!) If you're unsure whether it's a link to a legitimate website, search the real business or website's name via google.com and compare their URLs.

# Account Passwords

Give every critical account its own unique password.

Some websites impose strict password length and formatting requirements.

• If they do, create passwords of the maximum permitted length with random letters (both uppercase and lowercase), numbers, and symbols.
• If they don't, create a password with 8 random words. Look around you and pick 8 random things you see or think of. For example, looking around your kitchen, I think of "coffee waffles red horn fidelity net balding diploma". That string of words (without spaces) is a fine password. (Of course you shouldn't use this specific one: It's just an example.)

Handwrite your passwords on a sheet of paper and keep it in your desk drawer or tucked between two books in your bookcase. This might sound insecure, but part of the reason for passwords is to keep remote hackers from easily accessing your accounts. If a robber breaks into your house, you probably have bigger problems to worry about. If you're paranoid about losing your passwords to robbers, occasionally give Zach a paper copy as a backup.

Never write your passwords in a document on your computer or on your phone. Such password documents are convenient but insecure.

Never send passwords by email. Email is insecure.

# Two-Factor Authentication (2FA)

This is advanced but increases your accounts' security.

Two-factor authentication (2FA) means requiring a password plus something else to log into one of your accounts. That "something else" is usually a one-time code texted to your phone. For example, if your email account has 2FA, you'll need to type your password and enter a numeric code that Gmail texts to your phone to log in.

The downside: If you lose your phone number, you cannot log in.

Not all websites provide 2FA, but most banks, online retail stores (Amazon), and email providers (Gmail) do.

The procedure for enrolling in 2FA varies from website to website, but it usually requires logging in, going to a "settings" page, going to a "security" or "logins" page, and finding an option to enable 2FA, often called "SMS codes" or "one-time SMS codes." "SMS" and "text message" are synonymous.