The Front Door
Security foundations: passwords, two-factor authentication, and device safety.
THE SAGE CURRICULUM
Module 0
The Front Door
Getting comfortable, getting confident, and getting ready for everything that comes next.
Estimated time |
45–60 minutes — go at your own pace. There is no rush. |
What you need |
Your computer, tablet, or phone. A notecard and pen. Nothing else. |
Before you begin |
Find a comfortable place to sit with good lighting. Make a cup of tea if you like. |
What this is not |
This module is not about AI. It is about you, your devices, and your confidence. AI comes in Module 1. |
aiclassforseniors.com
A Note Before We Begin
If you are already comfortable with passwords, two-factor authentication, and basic device troubleshooting, you may not need this module in full. But we recommend at least skimming it — particularly Part 4 (the “Pause and Don’t Click” protocol), Part 5 (sharing access safely), and Part 6 (the tech support scam). These sections contain information that matters regardless of your experience level.
★ READ FIRST |
If you have tried to learn about technology before and found it overwhelming, frustrating, or just not made for someone like you — this module is an apology on behalf of everyone who designed those experiences. We are going to do this differently. |
Technology education for older adults tends to make one of two mistakes. It assumes you know nothing — and talks down to you. Or it assumes you know more than you do — and loses you in the first five minutes.
This module assumes exactly one thing: that you are an intelligent adult who simply has not had a good reason to learn this material until now. That is all.
We are going to cover practical things in plain language. If something does not make sense, there is an Ask button on every page of this course — type your question and get an answer. No judgment. No record of what you asked. Just an answer.
! IMPORTANT |
This module does not mention artificial intelligence. That is intentional. Before we can talk about AI, we need to make sure you can get to the class. That is what Module 0 is for. |
Part 1: Let's Name the Fears First
Research on why older adults struggle with technology consistently finds the same three things underneath the difficulty. Not intelligence. Not ability. These three things:
Fear #1 — I'm Going to Break Something
This is the most common fear, and it is almost never justified. The computers, tablets, and phones you are using are extremely hard to permanently damage by clicking the wrong thing. In 99% of cases, the worst that happens is that something looks different or stops working — and it can be fixed, often by simply restarting the device.
✓ THE TRUTH |
You will not break your computer by exploring it. The internet is not a minefield. Clicking the wrong thing is annoying, not catastrophic. The only action that can cause real harm — and we will cover this — is willingly handing over your personal information or money to someone who has asked for it unexpectedly. |
What to do when something goes wrong:
Take a breath. The device is not broken. Something has changed, and it can be changed back.
Write down what you see — exactly what is on the screen. This will help if you need to ask for help.
The universal fix: close the program and reopen it. If that doesn't work, restart the device.
If you truly cannot figure it out: call or text a family member, or bring your device to a library or senior center. There is always a next step.
Fear #2 — I'll Be Judged for Not Knowing This Already
This one is understandable, and it is also worth pushing back on directly. The people who design these devices are almost entirely under 40 years old. They design for themselves. The fact that the technology is confusing to you is not a reflection of your intelligence — it is a reflection of their failure to design for everyone.
You have navigated more complicated systems than a smartphone in your life. You have dealt with bureaucracies, raised children, managed finances, weathered medical crises, and done any number of things that required far more adaptive intelligence than learning to use an app. Give yourself credit for that.
✓ THE TRUTH |
The question you think is too basic to ask is the question twenty other people in this course have already asked. Ask it anyway. Use the Ask button on this page. No one is watching. |
Fear #3 — Bad Experiences Have Made Me Distrust This
If you have been scammed online, had a device "fixed" by someone who made things worse, watched software update itself into confusion, or simply spent a frustrating hour trying to accomplish something simple — your skepticism is earned.
This course is not going to tell you that technology is wonderful and simple and perfect. It is going to be honest with you about what it does well, what it does badly, and where the genuine dangers are. We think that honesty is more respectful of your experience than enthusiasm.
✓ OUR COMMITMENT |
Every module in this course will tell you not only what a technology does, but what can go wrong and what to watch out for. We are on your side. |
Part 2: The Password Problem — Solved
The single greatest practical barrier to technology use for most seniors is passwords. There are too many of them. They have to be complicated. You forget them. The rules keep changing. And if you use the same one everywhere (which most people do), a single data breach can expose all your accounts at once.
We are going to solve this problem completely. Right now. In about fifteen minutes.
The Solution: One Password to Remember All the Rest
A password manager is a program that stores all your passwords in a locked digital vault. The vault is protected by one single master password — the only one you have to remember. Every other password can be long, random, and completely different for each account. You never have to remember or type them; the password manager does it for you.
? BUT IS IT SAFE? |
Yes — and safer than what most people do now. Most people reuse the same password across accounts or write passwords on sticky notes. Password managers encrypt your vault (scramble it into unreadable code) so that even if a hacker broke into the company's servers, they could not read your passwords. The encryption used is the same kind that protects your bank account online. |
Which Password Manager We Recommend
We recommend two options. Both are trusted, tested, and designed to be accessible:
1Password |
Excellent design. Very easy to use. Works on iPhone, Android, Mac, and Windows. $3/month. Best choice if you want the most polished experience. |
Bitwarden |
Free version is fully functional for most people. Open source (its code is publicly audited for security). Works on all devices. Best choice if cost is a concern. |
NOT recommended |
The password-saving feature built into your browser (Chrome, Safari, Firefox) is convenient but less secure and does not work well across all your devices. |
Setting It Up — Step by Step
Do this now, during this module, with your device in front of you. It takes about 15 minutes. The steps below are an overview. If you need more detailed, screen-by-screen instructions, see Appendix A at the end of this module.
Go to 1password.com or bitwarden.com on your computer or phone.
Click "Get Started" or "Create Account."
Enter your email address. Choose a master password. This is the one password you will need to remember — make it a phrase you will not forget, not a random string of characters. Example: "MyDogBiscuit!1942" — long, memorable, includes numbers and a symbol.
Write your master password on a piece of paper. Put it somewhere safe — a fireproof box, the back of a locked drawer, or with a trusted family member. Not on a sticky note on your computer.
Install the browser extension on your computer when prompted. This is what allows the password manager to fill in your passwords automatically. If you are not sure how to install a browser extension, see Appendix B at the end of this module for step-by-step instructions.
Add your first account. Start with your email — it's the most important one. Click "Add Item," choose "Login," and enter your email address and current email password.
! NEXT STEP |
Over the next week, add three more accounts to your password manager — your bank, your main social media account if you have one, and your healthcare portal. You do not have to do everything at once. One at a time is perfectly fine. |
The Paper Backup — Because Technology Isn't Always Available
For those who are not ready for a password manager yet, or as a backup for emergencies: a physical password notebook is better than no system at all. Here is how to do it safely.
Use a small notebook. Label it something neutral — not "Passwords."
Write the name of each account on the left. Write your username. But do NOT write the complete password.
Instead, write a hint that only you would understand. If your password is "MyFirstCarWasBlueFord1978," you might write "first car" as the hint.
Keep the notebook somewhere safe — not next to your computer. A locked drawer, a fireproof box, or with a trusted family member is ideal.
Tell at least one trusted person where it is, in case you need help or in case of a medical emergency.
Part 3: Two-Factor Authentication — A Second Lock on the Door
Imagine your front door has both a lock and a deadbolt. Even if someone somehow got a copy of your key, they still could not get in without the deadbolt.
Two-factor authentication — often abbreviated as 2FA — works exactly the same way. Even if someone learns your password, they cannot get into your account without a second verification: usually a code sent to your phone as a text message, or generated by an app.
How It Works in Practice
When you log in to a protected account:
You type your username and password as usual. (First lock.)
The site sends a 6-digit code to your phone via text message — or you open an app that generates the code.
You type that code into the site.
You are in.
A scammer who knows your password but does not have your phone cannot get past step 2. This is why 2FA is the single most important security step you can take for your most important accounts.
✓ WHICH ACCOUNTS |
Enable two-factor authentication on these accounts first — in order of importance: your email account, your bank and financial accounts, your healthcare portal, and your social media accounts if you use them. These are the accounts where unauthorized access causes the most harm. |
How to Turn It On — General Steps
Every site does this slightly differently, but the pattern is almost always the same:
Log into the account.
Go to Settings or Account Settings (usually found by clicking your name or a gear icon).
Look for "Security," "Privacy," or "Two-Factor Authentication."
Follow the prompts. Most sites will text a code to your phone to verify your number the first time.
Save any backup codes the site gives you. These are one-time-use codes for if you lose access to your phone. Store them in your password manager or your paper notebook.
! IF YOU GET STUCK |
Use the Ask button on this page. Tell us which account you are trying to protect (Gmail, Bank of America, etc.) and we will walk you through the exact steps for that specific site. |
Part 4: When Your Device Misbehaves
Here is something the technology industry would prefer you did not know: a large percentage of technical problems are solved by one of three things. We will call this the Three-Step Reset.
The Three-Step Reset
Step 1: Close and Reopen |
Close the program or app that is misbehaving — not just minimize it, but close it completely. Then reopen it. This fixes most small problems because programs sometimes get confused in the middle of doing something. |
Step 2: Restart the Device |
Turn your computer, phone, or tablet completely off and on again. Not sleep — off. This clears the device's short-term memory and solves probably 70% of all technical problems. It is always worth trying before doing anything else. |
Step 3: Write Down What You See |
Before calling for help, write down: what you were trying to do, what happened instead, and the exact words of any error message. This information saves significant time when you ask for help. |
The "Pause and Don't Click" Protocol
The most dangerous moment with any device is when something unexpected appears on the screen asking you to click, call, or act immediately. This includes:
A pop-up warning that your computer is infected and you should call a number right now.
A message that your account has been suspended and you should click here to fix it.
An alert that looks like it is from Microsoft, Apple, or your bank, appearing suddenly.
Anything that creates a sense of panic and urgency.
! THE RULE |
Legitimate organizations do not create panic. They do not demand immediate action. They do not ask for your password or credit card number in a pop-up window. If something appears on your screen creating urgency, the correct response is to stop, close the window (or turn off the screen), and call someone you trust before doing anything else. |
The “Don’t Tell Anyone” Warning Sign
There is one tactic scammers use that is so effective and so common that it deserves its own section: they tell you not to tell anyone what is happening.
This happens across every type of scam. A caller pretending to be from your bank says “Keep this confidential — don’t mention it to anyone at the branch.” A fake tech support agent says “Don’t discuss this with your family — it could compromise the investigation.” A romance scammer says “Please don’t tell your children about us yet — they won’t understand.” A caller posing as a grandchild in trouble says “Don’t tell Mom and Dad — I don’t want them to worry.”
The reason scammers do this is simple: they know that the moment you talk to someone you trust — a family member, a friend, a real bank employee — the scam falls apart. Isolation is their most powerful tool. They use urgency to keep you from thinking clearly, and secrecy to keep anyone else from helping you think clearly. According to the FTC, losses to fraud exceeded $12.5 billion in 2024, and seniors over 60 saw their losses quadruple in just four years. The secrecy demand is a major reason these scams succeed.
They may also use shame — making you feel embarrassed about the situation so you are less likely to bring it up with others. Or they may use authority — claiming to be law enforcement or a government agency conducting a “confidential investigation” that you must not disclose. Or manufactured trust — insisting they are the only person trying to protect you, and that others (including your bank) cannot be trusted.
! CRITICAL |
If anyone — by phone, email, pop-up, or text — tells you not to tell your family, your bank, or anyone else about what is happening, that is not a sign of a legitimate situation. It is a near-certain sign of a scam. Real banks, real government agencies, real tech companies, and real family members will never ask you to keep a financial matter secret from the people in your life. If someone says “don’t tell anyone,” do the opposite: hang up, and call someone you trust immediately. |
Getting Help When You Need It
You always have options when something goes wrong:
Ask Button |
Every page of this course has an Ask button. Type your question. You will get an answer in plain language. |
Family members |
The most common source of tech help. Most family members are glad to help — and if you use this course to build your knowledge, the questions you ask them will get more specific and easier to answer over time. |
Your local library |
Many public libraries offer free one-on-one technology help sessions. No appointment needed at most branches. Call ahead to confirm. |
Senior centers |
Many senior centers offer technology help classes and drop-in sessions. Often free. |
The manufacturer |
Apple has a free support line: 1-800-275-2273. Google has online help chat. Microsoft: 1-800-642-7676. These are legitimate numbers — save them in your contacts. |
What NOT to do |
Do not call a number from a pop-up on your screen. Do not allow someone to remotely access your computer unless you initiated the contact with a company you trust. Do not pay for tech support from an unsolicited caller. |
Part 5: Sharing Access Safely with a Trusted Person
This section may be the most important practical preparation you can do — not for yourself right now, but for you in a future where you may need help quickly, or where someone else may need to help you.
Every year, families lose access to important accounts, cannot retrieve vital documents, or are unable to manage a loved one's affairs in a crisis — because no one knew the passwords and no plan had been made. This is entirely preventable.
What to Prepare
For at least one trusted person — a spouse, an adult child, a close friend — prepare the following:
Email access |
Your email address and how to access it. Email is the master key: most account recovery options go to email. |
Password manager access |
Your master password, or the location of your password notebook. |
Device PINs and passcodes |
The PIN for your phone, the password for your computer, and any tablet passcodes. |
Healthcare portal login |
So they can access your records and communicate with providers on your behalf if needed. |
Bank and financial logins |
At minimum, where your accounts are held and how to reach the institutions. |
Location of important documents |
Will, healthcare proxy, insurance cards, Medicare card, Social Security card, property documents. |
! STORE SECURELY |
Do not email this information. Do not text it. Write it on paper and store it in a physically secure location — a fireproof box, a safe, or with an attorney. Tell your trusted person where it is. Review it once a year to make sure it is current. |
We have created a printable Trusted Person Information Sheet — a one-page template with fields for every item listed above. Print it, fill it out by hand, and store it securely. You can download it from the course page for this module at aiclassforseniors.com.
A Digital Alternative: Secure Notes in Your Password Manager
If you set up a password manager in Part 2, there is a digital option as well. Both 1Password and Bitwarden allow you to create “Secure Notes” — encrypted text entries stored alongside your passwords. You can use a Secure Note to store your trusted-person information digitally, protected by the same encryption that guards your passwords.
Even better: both 1Password and Bitwarden allow you to share specific items securely with another person. In 1Password, you can create a shared vault that you and your trusted person both have access to. In Bitwarden, you can use the “Send” feature or create an Organization with a shared collection. This means your trusted person does not need your master password — they can access only what you have specifically chosen to share with them, and everything remains encrypted.
This is strictly optional. The paper method works perfectly well. But if you are comfortable with your password manager and want a backup that is both encrypted and shareable, Secure Notes are an excellent tool for this purpose.
Healthcare Proxy — A Brief Note
If you do not have a healthcare proxy on file — a legal document designating someone to make medical decisions on your behalf if you cannot — this is an important next step that goes beyond technology. The Medical Prompt Companion module of this course covers this in detail. For now, simply note it as a priority.
Part 6: The Tech Support Scam — Know It, Refuse It
! CRITICAL |
Tech support scams are one of the leading causes of financial loss for seniors. This section is short but important. Please read it carefully. |
Here is how the tech support scam works:
You are on your computer when a large pop-up appears. It says your computer is infected. It tells you to call a number immediately. It may make a loud alarm sound.
You call the number. A person answers, speaking in a friendly, professional tone. They say they are from Microsoft, Apple, or a security company.
They ask permission to "remotely access" your computer to fix the problem. You agree. You can see your mouse moving on your own screen.
They show you things on your computer that look alarming — they are normal. They say you need to pay for a "service plan" or "protection." Sometimes they ask for payment in gift cards or wire transfer.
You are either charged money, or they install software that steals your information, or both.
How to Recognize and Stop It
Microsoft, Apple, and Google do not call you. They do not send pop-ups with phone numbers. If you see a pop-up with a phone number and urgent language, it is a scam.
No legitimate company will ask you to pay with gift cards. Ever. For any reason.
If someone is already remotely accessing your computer and you become suspicious: unplug your internet cable, or turn on Airplane Mode on your phone/tablet, or simply turn the device off. This stops their access immediately.
If you have already given someone access and you are concerned: change your most important passwords immediately (email first), call your bank to alert them, and call a trusted family member.
✓ THE REAL NUMBERS |
Save these in your phone contacts right now: Apple Support: 1-800-275-2273 Microsoft Support: 1-800-642-7676 FTC Fraud Report: 1-877-382-4357 If anyone other than these numbers contacts you claiming to be these companies — hang up. |
Module 0 Complete — What You Have Done
If you have read through this module — and especially if you have taken a few of the actions described — you have accomplished something real. You have:
Named and examined the fears that make technology difficult, without letting them stop you.
Either set up a password manager or made a plan to do so.
Understood two-factor authentication and why it matters.
Learned the Three-Step Reset for when things go wrong.
Learned to recognize tech support scams.
Made a plan (or a mental note) to share critical access with a trusted person.
None of this is about AI. It is about you, and your ability to move through a digital world safely. The foundation is in place.
YOUR HOMEWORK — Before Moving to Module 1 |
|
→ WHAT'S NEXT |
Module 1 — What Is AI, Really? We will meet you there when you are ready. Take a day. Take a week. The course will be here. The Ask button on the next page will be ready for your questions. |
The Sage Curriculum · aiclassforseniors.com
AI, explained for the rest of us.
Appendix A: Setting Up 1Password — Detailed Instructions
These instructions are for 1Password, our primary recommendation. If you chose Bitwarden, the process is very similar — use the Ask button on this page and we will walk you through it.
Step 1: Create Your Account
Open your web browser (Chrome, Safari, Firefox, or Edge — whichever you normally use).
In the address bar at the top, type 1password.com and press Enter.
Look for a button that says “Try free” or “Get Started.” Click it. 1Password offers a 14-day free trial, so you can try it before being charged.
Enter your name and email address. Use the email address you check most often — this is how 1Password will contact you if needed.
1Password will send a verification code to your email. Go to your email, find the message from 1Password, and enter the code on the 1Password page.
Step 2: Choose Your Master Password
This is the only password you will need to remember. Everything else will be stored inside 1Password.
Make it a phrase, not a random string. Something personal and memorable. Examples: “MyDogBiscuit!1942” or “GrandmaLoves2Ski!” or “RedFord.Mustang.1968”
It should be at least 14 characters long and include a number and a symbol (!, @, #, ., etc.).
Write it down on paper immediately. Store it in a fireproof box, a locked drawer, or with a trusted family member. Not on a sticky note on your monitor.
Step 3: Save Your Emergency Kit
After creating your account, 1Password will show you an “Emergency Kit” — a document containing your account details and a space to write your master password. This is important.
Click “Download” or “Save PDF” to save it to your computer.
Print it. Write your master password in the space provided. Store it with your other important documents.
The Emergency Kit also contains your “Secret Key” — a long code that 1Password uses as extra security. You will need it if you ever set up 1Password on a new device. You do not need to memorize it; that is what the printed copy is for.
Step 4: Install the Apps
1Password works best when it is installed on every device you use. Here is how:
On your computer: Go to 1password.com/downloads. Click the download for your system (Mac or Windows). Open the downloaded file and follow the installation prompts. When it asks you to sign in, use your email and master password.
On your phone or tablet: Open the App Store (iPhone/iPad) or Google Play Store (Android). Search for “1Password.” Download the app. Open it and sign in with your email, Secret Key (from your Emergency Kit), and master password.
Step 5: Add Your First Login
In the 1Password app or browser extension, click the “+” button or “New Item.”
Choose “Login.”
Give it a name (e.g., “Gmail” or “Bank of America”). Enter the website address, your username or email, and your current password for that site.
Click “Save.” That login is now stored in your vault. Start with your email account — it is the most important one — then add your bank, healthcare portal, and any other accounts over the coming days.
Step 6: Using It Day to Day
Once the browser extension is installed (see Appendix B), 1Password will recognize when you visit a website you have saved. It will offer to fill in your username and password for you. Click the 1Password icon in your browser toolbar, select the correct login, and it fills everything in. No typing, no remembering. When you create a new account on a website, 1Password will offer to generate a strong random password and save it for you automatically.
Appendix B: Installing Browser Extensions
A browser extension is a small add-on program that gives your web browser extra abilities — in this case, the ability to fill in passwords automatically. Here is how to install one.
First: Which Browser Are You Using?
Your web browser is the program you use to go to websites. The most common ones are Google Chrome (a colorful circle icon), Safari (a blue compass, comes with Mac and iPhone), Microsoft Edge (a blue-green wave, comes with Windows), and Firefox (an orange fox around a purple globe). If you are not sure which one you use, look at the icon you click to “go to the internet.”
For Google Chrome:
Open Chrome. In the address bar, type 1password.com/downloads/browser-extension and press Enter.
Click the button for Chrome. This takes you to the Chrome Web Store.
Click “Add to Chrome,” then click “Add extension” in the pop-up that appears.
You will see a small 1Password icon appear in the top-right of your browser (it looks like a keyhole). Click it and sign in with your 1Password account.
For Safari (Mac):
If you installed the 1Password desktop app (from Appendix A, Step 4), the Safari extension is included automatically.
To enable it: open Safari, click “Safari” in the top menu bar, then “Settings” (or “Preferences”), then click the “Extensions” tab.
Find “1Password” in the list and check the box next to it to enable it.
For Microsoft Edge:
The same process as Chrome works for Edge: go to 1password.com/downloads/browser-extension, click the Edge button, and follow the prompts to add it to your browser.
How You Know It Worked
Visit a website where you have a saved login (like your email). You should see the 1Password icon appear in the login fields, or clicking the 1Password icon in your toolbar should show you the saved login for that site. Click it, and it fills in your username and password automatically.
? STUCK? |
If any of these steps are not working for you, use the Ask button on this page. Tell us which browser you are using and what you see on the screen, and we will walk you through it. |