Cybersecurity for everyone: passwords, two-factor, and the new AI scams (Part 2)

In Part 1 we covered three common traps: public WiFi, suspicious links, and QR codes. Here we move into what happens behind your accounts: passwords, two-factor authentication, the new voice-cloning scams, and how to tell if you've already been compromised.

Passwords: the most common mistake and the easiest to fix

Most hacks on regular people start the same way: reused passwords. If you use the same password on five sites and one of them gets breached, attackers try it on the other four. It usually works.

How to fix it once and for all:

• Don't reuse passwords across sites. If one leaks, all of them leak.
• Use a password manager like Bitwarden, 1Password, or your browser's built-in one. They create and remember long unique passwords for you. You only memorize one master password.
• Minimum 12 characters, mixing letters, numbers, and symbols. Even better: a long phrase only you understand, like "my-dog-eats-tacos-on-thursdays". Easier to remember and harder to crack than P@ssw0rd123.
• Check if your email was leaked at haveibeenpwned.com. If it shows up, change that password immediately.

Changing all your passwords sounds exhausting — don't do it all at once. Start with the four most critical: main email, bank, WhatsApp, and the social network you use most. The rest, change as you log into them during the month.

Turn on two-factor (2FA) on everything that matters

It's the single most effective thing you can do today against account theft. Even if your password gets stolen, without the second step they can't get in.

Activate 2FA in this order:

1. Main email. It's the master key to everything else — if attackers get your email, they can recover any other password.
2. Bank and financial apps.
3. WhatsApp and social networks.
4. Cloud storage (Google Drive, iCloud, Dropbox).

App-based 2FA is better than SMS. Authenticator apps (Google Authenticator, Authy) are safer than getting a code by text, because SMS can be intercepted via SIM swapping — where the attacker convinces your phone carrier to transfer your number to their SIM. If you handle serious money, consider a physical key like YubiKey: it's the most secure option for critical accounts today.

Keep everything updated (yes, really)

Sounds boring, but more than 60% of successful attacks exploit vulnerabilities that are already patched — people just didn't update.

Turn on automatic updates on your operating system (Windows, macOS, iOS, Android), browser, and banking apps. When an "update and restart" prompt shows up, don't postpone it for three weeks — do it that night.

Watch out for public chargers and USB ports

There's a technique called juice jacking: modified USB ports at airports, cafés, and hotels that can inject malware or steal data when you plug in your phone.

Easy fix: bring your own charger and plug it into a wall outlet, not someone else's USB. If only USB is available, use a "charge-only" cable (no data lines) or a data-blocking adapter. They're cheap and sold in any tech store.

AI voice and video scams: the new frontier

This is new. Scammers now clone voices from just a few seconds of audio (pulled from a video you posted, a voice note you sent, a public interview). They call your relatives pretending to be you in an emergency, demanding urgent money.

There are also deepfake videos where an "executive" appears asking employees to wire money urgently. Real cases have cost companies millions.

Simple defense: set up a family code word that only your family and inner circle know. If someone calls demanding money or data urgently, ask for the word. If they don't know it, they're not who they claim to be. Works for family, work teams, and any group where authority or affection can be exploited.

And the golden rule: if anyone calls demanding money or data urgently, hang up and call back the number you already have saved. Not the number on the screen, not the one they dictate. The one already in your contacts.

Make backups

If you get hit with ransomware or lose your device, backups are your only lifeline. Without one, you either pay the ransom or lose everything.

The rule is 3-2-1: three copies of important files, on two different media, one off-site. For most people that means: your laptop + an external drive + Google Drive (or iCloud, or OneDrive). Cloud apps count as "off-site".

You don't have to back up everything. Start with the irreplaceable: important documents, photos, work files. The rest can be re-downloaded.

How do I know if I'm already infected or hacked?

These are the most common signs. One alone means nothing — several together do.

On your computer or phone:

• The device is much slower than usual or heats up for no reason.
• Battery drains very fast.
• Apps or programs you didn't install appear.
• Aggressive pop-ups and ads, even outside the browser.
• Your browser redirects to strange pages or your default search engine changed on its own.
• Unusually high mobile data usage.
• The cursor moves on its own or the device does things you didn't ask for.

In your accounts:

• You receive verification codes you didn't request.
• Login alerts from unknown places or devices.
• Your contacts tell you they're getting weird messages from you.
• Emails sent from your account that you didn't write.
• Tiny banking transactions appear (attackers test with small amounts before draining the account).
• You can't log in with your usual password and nobody changed it.

If you think you're infected or hacked, in this order:

1. Disconnect from the internet to stop further damage.
2. Change passwords from a different clean device, starting with your main email.
3. Enable 2FA on every account that doesn't have it yet.
4. Close active sessions from each account's settings. Google, Facebook, WhatsApp all have that option.
5. Run a reputable antivirus (Malwarebytes, Bitdefender, fully updated Windows Defender).
6. Notify your bank if you suspect financial data is compromised.
7. If serious, factory-reset the device and restore files from a clean backup.
8. Notify your contacts if your account got hijacked, so they don't fall for scams in your name.

The practical wrap-up of the whole series

If you only remember five things from both parts, make them these:

1. Turn on two-factor (2FA) on email, bank, and social networks. Today.
2. Use unique passwords for every site, with a password manager.
3. Don't click links or scan QR codes without verifying where they lead.
4. Use a VPN on public WiFi, or use mobile data for sensitive things.
5. Keep everything updated and back up regularly.

Cybersecurity isn't paranoia, it's digital hygiene. With these basics you stop being the easy path.

Kiin Hub runs on 500 Mbps dedicated, private fiber. If your work depends on internet daily and you'd rather not gamble on the WiFi of every café, come try it with a daypass. Bookings and questions: +52 990 403 6041.