Total Defense

Security & Safety Resource Center

Learn about today's current internet threats and how to stay safe and secure.

Security Tip of the Day

Daily tips to create awareness of cyber threats and empower Total Defense users to be safer and more secure online with our security tips and resources..


July 2025
07.05.25

Fresh password, fresh security: why you should keep your Microsoft account password updated

Hey everyone! In our digital lives, our online accounts are like valuable vaults, holding everything from personal photos and documents to financial details and communication history. And for many of us, our Microsoft account is one of the biggest vaults out there, connecting our emails, cloud storage, Windows logins, and more. If a cybercriminal gets their hands on that password, they could wreak serious havoc.

You already know that using a strong, unique password is super important. But here’s another crucial layer of protection: regularly updating your Microsoft account password. Think of it like changing the locks on your house every so often. Even if no one has broken in, it’s a good habit to keep things fresh and reduce the risk of someone ever finding an old, forgotten key. While the recommendation for how often to change passwords has evolved, for a central account like Microsoft, keeping it fresh is still a solid move against unauthorized access.

Why a Fresh Password Matters:

  • Minimizing Breach Impact: Even if you’re super careful, passwords can sometimes be exposed in data breaches from other websites you use. If you’ve been reusing passwords (which we all know is a no-no, but sometimes happens!), or if a service you use gets hacked, changing your Microsoft password ensures any compromised credential is no longer valid for your most important account.
  • Combatting Guessing Games: While strong passwords are hard to guess, continuous attempts can sometimes succeed. A fresh password resets the clock, making it harder for persistent attackers.
  • Protecting Against Older Threats: Some older, less sophisticated malware might slowly try to collect passwords over time. A regular change ensures those collected, older passwords become useless.
  • Enhanced Peace of Mind: Knowing your password is new and unique gives you an extra layer of confidence in your account’s security.

How to Give Your Microsoft Account Password a Refresh:

Ready to update your Microsoft account password and boost your security? It’s a quick and easy process!

  1. Log In to Your Microsoft Account: Open your web browser and go to account.microsoft.com. Sign in with your current username and password.
  2. Navigate to the Security Page: Once you’re logged in, look for the “Security” tab in the top navigation bar. Click on it.
  3. Select “Change password”: On the Security page, you’ll see various options related to your account’s protection. Find and click on the “Change password” option.
  4. Enter Your Current and New Passwords: You’ll be prompted to enter your current password, and then create and confirm your new password. Remember to choose a strong, unique password!
  5. Enable Automatic Reminders (Optional but Smart!): Here’s a neat feature: on the change password page, you should see a checkbox that says something like, “Make me change my password every 72 days” (the exact number of days might vary). Check this box! This will automatically remind you to update your password at regular intervals, so you don’t have to remember it yourself. It’s a great way to stay consistent with your security hygiene.
  6. Save Your Changes: Once you’ve entered your new password and checked the box (if desired), click “Save” or “Confirm” to finalize the change.

Enabling two-factor authentication for your Microsoft account is one of the most impactful steps you can take to protect your digital life. It makes it dramatically harder for hackers to break in, even if they somehow compromise your password. Don’t leave your valuable data vulnerable – turn on 2FA today and stay two steps ahead!

07.04.25

New phone, no problem: transferring Google Authenticator to your new Android

How often do you upgrade your smartphone? Most of us switch to a new device every couple of years. It’s exciting to get that shiny new gadget but then comes the dreaded “transfer everything” process. While moving your photos and contacts is usually straightforward, there’s one app that often causes a little panic: Google Authenticator.

If you’re smart (and we know you are!) you’ve got two-factor authentication (2FA) enabled on your important online accounts. And if you use Google Authenticator for those constantly changing codes, you know how crucial it is. But what happens when you get a new phone? You definitely don’t want to be locked out of your banking, email, or social media because your authenticator codes are stuck on your old device!

Think of Google Authenticator like a special key-making machine. Each key (the code) it makes is only valid for a short time and is unique to your device. When you get a new phone, you’re essentially getting a new key-making machine, and you need to tell all your online accounts to recognize this new machine. Luckily, Google has made the process of transferring your Authenticator accounts to a new Android device surprisingly simple.

Why Transferring Authenticator Accounts is Essential:

  • Avoid Lockouts: If you wipe your old phone or lose it before transferring, you could lose access to all the accounts protected by those Authenticator codes.
  • Maintain Security: 2FA is your best defense against hackers. You want to ensure it’s always working seamlessly on your primary device.
  • Convenience: Once transferred, you’ll continue to get your codes instantly on your new phone, keeping your logins smooth and secure.

Your Step-by-Step Guide: Moving Authenticator to a New Android Phone

Ready to transfer those precious Authenticator codes? Make sure you have both your old Android phone and your new Android phone handy, and that the Google Authenticator app is installed on both.

  1. On Your OLD Android Phone:
    • Open the Google Authenticator app.
    • In the upper right corner, tap the vertical ellipsis menu ().
    • From the dropdown menu, select “Transfer accounts.”
    • Then, tap “Export accounts.”
    • You might be asked to verify your identity (e.g., with your fingerprint or PIN). Do so.
    • The app will then let you select which accounts you want to export. Select all the accounts you want to move to your new phone.
    • Once selected, the app will generate a QR Code (or multiple QR codes if you have many accounts). Keep this screen open and don’t close the app!
  2. On Your NEW Android Phone:
    • Open the Google Authenticator app.
    • If it’s a fresh install, it might prompt you to “Add your first account” or “Get started.”
    • Tap on “Scan a QR code” or a similar option.
    • Use your new phone’s camera to scan the QR code(s) displayed on your old phone. Make sure your new phone’s camera can clearly see the entire QR code.
    • Once scanned successfully, all your selected accounts from the old phone should instantly appear in the Google Authenticator app on your new phone!

A Few Important Notes:

  • Don’t Delete from Old Phone Yet: After the transfer, the accounts will still be on your old phone. Don’t delete them until you’ve confirmed they’re working perfectly on your new device by testing a few logins.
  • Factory Reset Old Phone: Once you’re confident everything is transferred and working, perform a factory reset on your old phone before selling, donating, or recycling it. This permanently wipes your data and the Authenticator app from the device.
  • What if You Don’t Have the Old Phone? This is tougher. If you lose your old phone before transferring, you’ll need to use your recovery codes for each account or go through the account recovery process for each individual service (Gmail, Facebook, etc.) to disable 2FA and re-enable it on your new device. This is why having those recovery codes stored safely is SO important!

Transferring your Google Authenticator accounts might seem daunting, but as you can see, it’s a quick and easy process. By taking these simple steps, you ensure your 2FA remains active, keeping your online accounts super secure, even with a brand-new phone.

07.03.25

The digital disguise: why you can’t always trust who you meet online

The internet is an amazing place for connecting with people, right? We chat with old friends, make new ones, join communities, and explore common interests. But here’s a super important truth we all need to remember, regardless of our age: people aren’t always who they say they are online. Sadly, it’s incredibly easy for criminals to hide their identity, pretend to be someone trustworthy (or even someone you know!), and trick you.

Think of it like Halloween, but with much scarier consequences. Online, anyone can put on a digital mask. They can create a fake profile, use stolen photos, and weave convincing stories, all to gain your trust. Their goal? To get your money, steal your identity, or trick you into doing something you shouldn’t. This is why having a healthy dose of skepticism is your best friend when navigating the digital world.

The Sneaky Tactics of Online Imposters:

Cybercriminals use various tricks to build trust and then exploit it:

  • Friend Impersonation: They might create a fake profile of a friend or family member (claiming it’s their “new account” or “old one got hacked”). They’ll then reach out, trying to get money for an “emergency” or ask for sensitive info.
  • Romantic Scams (Romance Scams): These are particularly devastating. Scammers build deep emotional connections with victims over weeks or months, pretending to be a loving partner. Eventually, they create a “crisis” and ask for money.
  • Job Scams: We’ve talked about these before! Fake recruiters offering amazing jobs, just to get your bank details or make you “pay for training.”
  • “Long Lost Relative” Scams: Messages from someone claiming to be a distant relative who needs help, often with a story about an inheritance.
  • Fake Customer Support: You might get a message or pop-up looking like it’s from your bank, tech support, or a social media platform, trying to get you to click a link or call a fake number.

Your Shield: How to Protect Yourself Online

You have the power to protect yourself from these digital disguises!

  1. If You Don’t Know Them, Don’t Accept Their Request!
    • Social media: If someone sends you a friend request on Facebook, Instagram, LinkedIn, or any other platform, and you don’t personally know them, do not accept it. Even if you have mutual friends, verify with your mutual friend offline first.
    • “New Accounts”: Be extremely wary of messages like “Hey, my old account was hacked, add my new one!” Always verify by calling or messaging that friend through a known, trusted method (not through the new, suspicious account).
  2. Money or Sensitive Info? PICK UP THE PHONE!
    • This is the golden rule: If anyone online – whether they claim to be a friend, a love interest, a potential employer, or a long-lost relative – asks you for money or sensitive personal/financial information, your immediate response should be to stop.
    • Call a Trusted Number: Do not reply through the same online platform. Pick up the phone and call them using a phone number you already know is legitimate for them (e.g., your friend’s actual phone number, the official customer service number from their legitimate website, not one given by the suspicious message). If you can’t reach them or verify, assume it’s a scam.
    • Never Send Money to Strangers (or “Friends” You Haven’t Met): Absolutely never send money via wire transfer, gift cards, or money transfer apps to anyone you haven’t met in person and truly trust. Once that money is gone, it’s almost impossible to recover.
    • Sensitive Info is Private: Your Social Security Number, bank account details, credit card numbers, passwords, and driver’s license number should almost never be shared online unless you are on a highly secure, verified website (check for https:// and the padlock!).

Being vigilant and trusting your instincts are your best defenses online. Remember, it’s okay to be skeptical. A moment of caution can save you from huge heartache and financial loss. Stay safe, stay smart and remember not everyone online is who they claim to be.

07.02.25

Why keeping your Google Chrome browser updated is crucial

We spend so much of our lives in our web browsers, right? Whether you’re working, shopping, watching videos, or catching up with friends, your browser is your window to the internet. For many of us, that window is Google Chrome. But here’s a super important, often overlooked security tip: making sure your Chrome browser is always up to date is one of the easiest and most effective ways to protect yourself from the latest online threats!

Think of your web browser like a digital fortress. Cybercriminals are constantly trying to find cracks in its walls – these are called “vulnerabilities” or “exploits.” When they find one, they can use it to sneak malware onto your computer, steal your data, or launch phishing attacks. The good news? Google’s security team is working around the clock to find and patch these vulnerabilities. But those patches only protect you if you actually install them!

Why an Outdated Chrome is a Risky Chrome:

  • Open Doors for Hackers: New vulnerabilities are discovered all the time. If you’re running an old version of Chrome, those known vulnerabilities are like wide-open doors for hackers to waltz right into your system.
  • Malware Magnet: Outdated browsers are more susceptible to drive-by downloads (where malware installs itself without your permission just by visiting a website) and other web-based attacks.
  • Performance Issues: Besides security, older versions of Chrome might also run slower or struggle with new website features, making your Browse experience less enjoyable.
  • Missing Features: You’ll miss out on the latest cool tools and enhancements that Google adds to improve your Browse experience.

Your Quick Checkup: How to Verify Your Chrome Version

Ready to make sure your Chrome fortress is strong and updated? It’s incredibly simple and only takes a few seconds!

  1. Open Chrome: Launch your Google Chrome browser.
  2. Look for the Vertical Ellipsis: In the upper right corner of your browser window, you’ll see three vertical dots (⋮). This is your “Customize and control Google Chrome” menu button. Click on it!
  3. Check for “Update Google Chrome”:
    • If you see an option in the dropdown menu that says “Update Google Chrome,” that means your browser isn’t running the latest version. Click it! Chrome will then start downloading and installing the update. You’ll usually need to restart your browser for the update to complete.
    • If you don’t see an “Update Google Chrome” option, that’s great news! It means you’re already running the most current version of the browser, and you’re good to go. The button might also turn green or orange if an update has been pending for a while.

Pro-Tip: Let Chrome Update Automatically!

Most of the time, Chrome handles updates automatically in the background. However, if you rarely close your browser, you might not get the update until you restart it. It’s a good habit to close and reopen Chrome every now and then (or your whole computer!) to make sure any pending updates get applied.

By ensuring your Chrome browser is always running the latest version, you’re actively guarding yourself against a huge range of online threats. It’s a fundamental step in digital hygiene that keeps your internet Browse experience secure and smooth. Don’t skip this easy but powerful security step!

07.01.25

Your Microsoft account’s superpower: turn on two-factor authentication

Hey everyone! In today’s digital world, your Microsoft account is likely a central hub for a huge chunk of your online life. We’re talking about your Outlook emails, OneDrive files, Xbox games, Windows logins, and even your Office documents. If a cybercriminal manages to get their hands on your Microsoft password, it’s like they’ve found the master key to a treasure chest full of your personal data!

That’s why enabling two-factor authentication (2FA) for your Microsoft account is one of the smartest and most powerful moves you can make to secure your digital identity. You might also hear it called multi-factor authentication (MFA) or two-step verification. Whatever the name, the idea is simple: it adds an extra layer of security beyond just your password. Think of your password as the first lock on a door; 2FA is the second, super-strong lock that makes it nearly impossible for unauthorized users to get in, even if they somehow manage to steal your password.

Why Your Microsoft Account is a Prime Target:

Cybercriminals absolutely love targeting Microsoft accounts because they often contain or grant access to:

  • Your primary email: This is the “reset button” for countless other online accounts.
  • Cloud storage: Your personal and work files in OneDrive.
  • Device access: If you use a Microsoft account to log into your Windows PC.
  • Gaming profiles: Your Xbox games, progress, and purchases.
  • Payment information: If you have payment methods saved for Microsoft services.

A compromised Microsoft account can quickly lead to identity theft, financial fraud, and a massive breach of your privacy. We definitely don’t want that!

Unlock Your Security Superpower: How to Enable 2FA

Ready to give your Microsoft account the ultimate security upgrade? It’s a straightforward process and well worth the few minutes it takes.

  1. Log In to Your Microsoft Account: Open your web browser and go to account.microsoft.com. Log in with your username and password.
  2. Navigate to the Security Tab: Once you’re logged in, look for the “Security” tab in the top navigation bar. Click on it.
  3. Choose “More Security Options”: On the Security page, you’ll see various settings. Find and click on “More security options.” This section gives you deeper control over your account’s protection.
  4. Find “Two-step verification”: Scroll down the “More security options” page until you locate the section labeled “Two-step verification.”
  5. Follow the Guided Steps: You’ll see an option to “Turn on two-step verification.” Click that, and Microsoft will then guide you through the setup process. This typically involves:
    • Verifying your identity: You might need to confirm your existing password or receive a code to your recovery email/phone.
    • Choosing your second verification method: You’ll be asked how you want to receive your second code. Common options include:
      • Authenticator App: This is generally the most secure and recommended method. You’ll link your account to an app like Microsoft Authenticator (or Google Authenticator, Authy) on your smartphone. The app generates a new code every 30-60 seconds.
      • Text Message (SMS): A code is sent to your registered phone number. While convenient, this is slightly less secure than an authenticator app (due to potential SIM swap scams).
      • Email: A code is sent to a different email address.
      • Security Key: For even higher security, you can use a physical security key.
    • Saving recovery codes: Microsoft will usually provide you with a set of one-time recovery codes. Download or print these and store them in a very safe place! These are your lifelines if you lose access to your primary 2FA method.

Enabling two-factor authentication for your Microsoft account is one of the most impactful steps you can take to protect your digital life. It makes it dramatically harder for hackers to break in, even if they somehow compromise your password. Don’t leave your valuable data vulnerable – turn on 2FA today and stay two steps ahead!