Aware360 Pro – Module 11: Password Security & Account Protection

Module 11 • Password Security • Aware360 Pro

Password Security & Account Protection

For teens and adults who use phones, games, banking, email, socials and everything in between. Learn how to lock things down, spot hacks early, and recover fast if something goes wrong.

🔐 Strong passwords & passphrases

📲 Two-factor authentication (2FA)

🧠 Password managers

🕵️ Breach & leak checks

🚨 Hacked account warning signs

🧰 Reset templates & lockout guides

✅ 10Q + 20Q quizzes

📘 Module Overview

Most “hacks” don’t look like movie hackers typing green code. They look like: reused passwords, weak logins, fake emails, or someone guessing your pet’s name.

      Big idea: If your passwords are strong, unique, protected by 2FA, and you know how to respond fast,  
      you are already safer than most of the internet.
    

What this module covers 🧩

How to build passwords people can’t guess – but you can still remember.
How 2FA adds an extra “door lock” to your accounts.
How password managers can remember everything so you don’t have to.
How to check if your details were in a data breach.
Exactly what to do if you think an account has been hacked.

Who this is for 👥

Teens who game, stream, use socials or online banking.
Adults balancing work logins, personal logins and family devices.
Anyone who’s ever thought: “I’ll change that password later” – and never did.

You don’t have to be “techy” to be secure.

💡 Tip: As you go through this module, make a mini action list: 3 accounts to lock down first (e.g. email, banking, main game).

🔐 Strong Passwords & Passphrases

A password is the key to your digital front door. If it’s weak or reused, one copied key opens every door you own.

Foundations

What makes a strong password? 🧱

At least 12–16 characters (the longer, the better).
A mix of upper/lowercase letters, numbers and symbols.
Not based on personal info: names, birthdays, pets, team names.
Not reused across lots of different accounts.

Passphrases

Use passphrases, not random pain 💬

Pick 4–5 random words that don’t naturally go together.
Add numbers or symbols in between or inside words.
Example style (don’t copy this one): Blue!River9Coffee_Fence
Easy to remember, hard for attackers to crack.

Long + weird = strong.

Common mistakes

Passwords to avoid ❌

“Password123”, “Qwerty!”, “Football1”, “Liverpool2024”.
Using your name + year of birth.
Only changing one number when forced to update (e.g. 1 → 2).

Adult + teen agreement

Family rules for passwords 👨‍👩‍👧‍👦

Everyone protects email, banking and primary game accounts with strong, unique passwords.
No sharing passwords in chats or DMs – ever.
Parents never post or shout passwords where others can see or overhear.

📲 Two-Factor Authentication (2FA)

2FA adds a second lock on top of your password. Even if someone steals the password, they still need the second key.

Why bother?

What 2FA actually does 🛡️

When you log in, you must prove “something you know” (password) + “something you have” (phone, app, key).
Makes stolen passwords much less useful on their own.
Essential for email, banking, socials, cloud storage and main gaming accounts.

Types of 2FA

Common 2FA methods 🔑

Text message codes (better than nothing, but can be weaker).
Authenticator apps (Google Authenticator, Authy, Microsoft Authenticator etc.)
Hardware keys (physical USB/NFC keys for high-security accounts).

Authenticator app usually best for most people.

For teens & adults

Where to switch 2FA on first 📌

Your main email (Gmail, Outlook, school email).
Your primary social accounts (Instagram, Snapchat, TikTok, Facebook).
Gaming platforms (PlayStation, Xbox, Steam, Epic, Roblox).
Online banking / PayPal / shopping accounts.

Backup codes

Don’t forget backups 🧾

When you turn on 2FA, save backup / recovery codes somewhere safe OFF your phone.
For teens: consider storing a copy with a trusted adult.
For adults: treat them like spare house keys – secure but reachable.

🧠 Password Managers

You can’t remember 50 strong, unique passwords – and you don’t need to. Password managers remember them and fill them in securely.

What is a password manager? 📚

A secure “vault” that stores all your logins in one encrypted place.
Protected by one strong master password (and ideally 2FA).
Can autofill logins on phone, tablet and laptop.

Why it helps 🧩

You can finally stop reusing the same password everywhere.
Lets you use super-long, random passwords without memorising them.
Can generate new secure passwords for you with one click.

Strong + unique becomes easy.

Family use ideas 👨‍👩‍👧‍👦

Adults manage shared logins (Netflix, family devices) in a shared vault.
Teens have their own private vault for personal accounts.
Agree what is okay to share and what must stay private.

Golden rule for managers 🌟

Protect the master password like a crown jewel – long, unique, never written on a sticky note.
Turn 2FA on for your password manager account if available.

If the master password is weak, the whole system is weak.

🕵️‍♀️ Data Breaches & Security Checks

Even if you’ve done everything right, a company you use can still get hacked. Your email + old password might already be in the wild.

What is a data breach? 💥

When a company’s database is accessed by attackers (email, passwords, addresses, etc.).
Your details can be sold or shared on the dark web.
Attackers then try those email + password combos on other sites.

Why reused passwords are dangerous ⚠️

If one site gets hacked and you reused that password elsewhere, attackers can unlock multiple accounts.
Criminals use “credential stuffing” – trying the same login on different sites automatically.
One weak link can unlock everything.

One breach + reused password = chain reaction.

What you can do 🧭

Check if your email has appeared in known breaches using trusted breach-check services.
Immediately change passwords on any affected services.
If you reused that password, change it everywhere you used it.

Good habits after breaches 🔄

Turn on 2FA for important accounts if you haven’t already.
Switch from reused passwords to password-manager generated ones.
Keep an eye out for suspicious login emails or alerts.

🚨 Signs Someone Hacked Your Account

The sooner you spot a compromise, the easier it is to lock the doors again.

Warning signs in any account ⚠️

Login alerts from locations or devices you don’t recognise.
“Password changed” emails you didn’t trigger.
New messages or posts sent from your account that you didn’t write.
Friends saying “Why did you send me that weird link?”

Banking & money accounts 💸

Transactions you don’t recognise.
New payees or cards added without your knowledge.
Emails or texts about loans, purchases or logins you didn’t make.

Treat this as urgent.

Gaming & socials 🎮📱

Skins, coins or items missing from your game accounts.
Being locked out because the email/password was changed.
Followers receiving spam or scam messages from you.

Gut feeling 🔍

Anything that makes you think, “That is not me.”
If your instinct says something is wrong, act. It is easier to double-check than to fix a mess later.

If in doubt, reset & secure.

🧰 Tools: Reset Templates & Lockout Guides

When something goes wrong, panic is normal. This section gives you step-by-step actions and words you can literally copy-paste.

If you still have access

Immediate actions when you suspect a hack ⏱️

Change the password immediately to a strong, unique one.
Log out of all devices / sessions if the platform allows it.
Turn on 2FA if it’s not already enabled.
Check recovery email and phone number are still yours.

If you are locked out

Account recovery steps 🔐

Use “Forgot password” and follow the official recovery flow.
Use backup codes or authenticator if you set them up.
If needed, contact support using their official help pages – never via random links in email or DMs.

Message template

Tell friends / contacts what happened 📣

Copy-style text:
“My account was compromised earlier. If you received strange messages or links from me, please delete them and don’t click anything. I’ve reset my password and secured my account now.”

Parent-teen support

How adults can help teens 🧑‍🤝‍🧑

Stay calm – focus on fixing, not blaming.
Help with the technical steps (resetting, checking devices, contacting support).
Agree clear next steps so it feels under control: new passwords, 2FA, checking other accounts.

      Checklist idea: Print a simple “Account Emergency Plan” for your home or device notes:  
      1) Change password, 2) Log out everywhere, 3) Turn on 2FA, 4) Check recovery details, 5) Tell trusted adult / support.
    

🎭 Real-World Scenarios

Use these stories to practise what you’d actually do – as a teen, as an adult, or as a team.

Scenario 1 – “New login from a device you don’t recognise”

Suspicious email alert

You get an email from a big platform (like Google, PlayStation, or Instagram) saying: “New login from Windows in another country.” You’re at home and haven’t logged in anywhere new.

Possibilities:

Someone has your password and used it on their own device.
The email could also be a fake trying to make you click a bad link.

Safe steps:

Do NOT click any links in the email yet.
Instead, open the website/app directly yourself (e.g. type instagram.com or use the app).
Check “Login activity” / “Security” settings to confirm if there was a strange login.
If yes: log out of all devices, change your password, and turn on 2FA.

Adult + teen conversation:

“We’ll treat every strange login as real until we’ve checked, but we won’t panic.”
“Let’s look at the official security page together instead of trusting the email link.”

Scenario 2 – “My game account is empty”

Fortnite / Roblox / Steam loot gone

You log into your favourite game and notice your rare skins, coins or items are gone. You also see messages in your chat that you didn’t send. You can still log in, but something’s clearly wrong.

Likely issue:

Someone else has access to your account and is using it.
They may have logged in from a different device and traded or gifted your items away.

Steps to take:

Change your game account password to a strong, unique one immediately.
Log out of all devices / sessions if the game allows it.
Turn on 2FA for that gaming account.
Contact game support with exact details and any proof (screenshots, times, usernames involved).

For adults helping:

Validate feelings: losing digital items can feel like losing something real.
Help with the support ticket, and use it as a chance to upgrade security on all major accounts.

Scenario 3 – “We texted you a code”

Fake password reset message

You get a text: “Your bank account is locked. We texted you a code. Reply with the code to unlock.” At the same time, you see a genuine code notification from your bank app saying, “Do not share this code with anyone.”