Topic Pillar

Digital

The basics of staying safe online without becoming paranoid. Most attacks rely on the same handful of tricks; recognising them is most of the defence.

The principles

A short list. Almost everything else is application.

01
Use a password manager.
Every account should have a unique password. You cannot remember unique passwords. Let software do it.
02
Turn on the strongest sign-in available.
Passkeys where offered, an authenticator app otherwise, SMS only as a last resort.
03
Email is the master key.
Whoever controls your email controls everything else. Protect it more carefully than any other account.
04
Slow down when something is urgent.
Almost every scam relies on you reacting in the next ten minutes. Almost no real situation needs that.
05
Verify on a separate channel.
If a message asks you to act, contact the person or company through a number or app you already trust, not by replying to the message.
06
Assume your data is already out there.
Email addresses, phone numbers and old passwords leak constantly. The defence is unique passwords and second factors, not secrecy.
07
Update your devices.
Most attacks exploit known holes that have been patched. The update notification you keep ignoring is the fix.
08
Less is more.
Every old account, app and connected service is a forgotten back door. Delete what you no longer use.
09
Save recovery codes.
When a site offers recovery codes, take them and store them where you will still find them in a year.
10
Talk about it.
Scams thrive on shame. Tell friends and family what you have seen. Especially older relatives. Especially before they are targeted.

Articles

Longer pieces on specific situations.

Passwords and passkeysStop reusing passwords. Use a password manager and passkeys where you can. The setup that matters in 2026.Recognising scamsThe patterns most scams in Europe follow in 2026. Fake parcel texts, fake bank calls, AI voice clones, and how to tell.If your account is compromisedWhat to do, in order, when you suspect someone has accessed an email, bank or social account. The first hour matters most.

Printable cardIf they call: rules for the phoneA short, printable one-pager. Stick it on a fridge. Give it to someone older who would never read a long article but might glance at five rules in big text.

Sources and further reading

This pillar leans on public guidance from European cyber agencies, the standards bodies behind passkeys, and writers who have been explaining this clearly for years.

European Union Agency for Cybersecurity (ENISA), Threat Landscape reports.
Annual overview of how attacks evolve in Europe; the patterns this pillar describes come from it.
UK National Cyber Security Centre (NCSC), Cyber Aware.
Plain-language guidance for individuals and small businesses; what this pillar tries to be.
Bundesamt für Sicherheit in der Informationstechnik (BSI), BSI für Bürger.
Germany's federal cyber agency, with practical citizen-facing advice.
Have I Been Pwned, haveibeenpwned.com.
Free service to check whether your email appears in known breaches. Useful, sobering.
FIDO Alliance, Passkeys: User Experience Guidelines.
The standards body behind passkeys; clear explanations of how they work.
Bruce Schneier, Schneier on Security (blog and books).
Long-running thinking on how to reason about security as a regular person.

General information, not professional advice. If you are dealing with identity theft, fraud or a serious breach, contact your bank and your country’s cybercrime authority.

Digital

The principles

Use a password manager.

Turn on the strongest sign-in available.

Email is the master key.

Slow down when something is urgent.

Verify on a separate channel.

Assume your data is already out there.

Update your devices.

Less is more.

Save recovery codes.

Talk about it.

Articles

Sources and further reading