ntworld.ink
AI Literacy · Course 1

Your Accounts and Your Data

The practical habits that protect you online. Strong passwords without the pain, two-factor authentication in plain English, what's safe to share with AI tools, and a couple of privacy settings worth actually changing.

Back to AI Literacy overview
// on this page
// why this matters

Why This Matters

Almost everything about modern life runs through online accounts: email, banking, MyGov, Centrelink, power bills, the kids' school, Facebook, WhatsApp, photos, medical records. If someone gets into one of those accounts, they can often get into many of the others.

You don't need to become an IT expert to stay safe. You need three habits:

Strong passwords you don't have to remember. A second layer of protection on important accounts. A sensible rule for what you put online.

That's the whole session.

// what personal data

What Personal Data Is

"Personal data" is anything that, on its own or combined with other information, could identify you or be used to pretend to be you. Some of it is obvious, some less so.

The very private stuff. Tax file number. Medicare number. Driver's licence number. Passport number. Bank account and card numbers. These are what criminals want. Treat them like cash.

The moderately private stuff. Your full date of birth. Your full address. Your mother's maiden name. The suburb you grew up in. Your first pet's name. These are the answers to "security questions", so sharing them publicly means someone might be able to reset your accounts.

The stuff that seems harmless but isn't always. Your daily routine. Photos of the inside of your house. When you're away on holiday. The school your kids go to. Useful to a stranger with bad intentions.

The stuff you probably don't need to worry about. Your name. The town you live in. Your age (roughly). Opinions, interests, photos of food. Normal life.

The rule of thumb

Before you post or paste something, ask: "if a stranger saw this, could they use it to pretend to be me, or to guess the answer to one of my security questions?" If yes, don't share it.

// strong passwords simple version

Strong Passwords, the Simple Version

Everyone tells you to use "strong passwords" and nobody says what that actually means. Here's the honest version.

A strong password is long. Length matters more than adding symbols and capitals. Twelve characters minimum, and longer is better.

A strong password is unique. Using the same password on multiple sites is the single biggest mistake people make. When one site gets hacked (they all do, eventually), the attackers try that same password on your email, your bank, and everything else.

A strong password is not based on your life. Your kid's name, your birthday, your pet, your footy team. Anything a stranger could guess from your Facebook isn't strong.

Stronger

correct-horse-battery-staple-42

Long, random, easy for you to remember, almost impossible to guess or crack.

Four random words plus a number is a solid recipe.

Weaker

Sarah2019!

Short, based on a real name and a real year, with the "!" that hackers expect. Easy to crack with modern tools.

The passphrase trick. Instead of one word with symbols jammed in, string four random words together with a few extras: wombat-stereo-rocket-yellow-88. That's much harder for a computer to guess than P@ssw0rd1, and easier for you to remember.

// password manager trick

The Password Manager Trick

Here's the secret everyone in IT uses but rarely explains clearly: you don't remember your passwords. A program remembers them for you.

A password manager is an app that stores all your passwords safely, fills them in for you when you log in, and generates strong new ones when you need them. You only ever have to remember one password (the one for the manager itself). That one should be very strong and never used anywhere else.

You remember one good password. The manager remembers everything else.

Good free options:

Bitwarden. Free, well-regarded, works on everything. Probably the easiest start.

Built into your browser. Chrome, Safari, Firefox and Edge all have built-in password savers. Not quite as strong as a dedicated manager, but miles better than reusing passwords.

Built into your phone. iPhones (Keychain) and Androids (Google Password Manager) both offer to save passwords. Again, not perfect, but a huge improvement over typing the same password into 30 sites.

The notebook method is OK, with caution

Writing your passwords in a little notebook and keeping it at home is safer than reusing passwords, and way better than nothing. The risk is different, someone in your home, not someone on the internet. If that works for you, use it. Just don't write the name of the site right next to the password, use a hint only you'd understand.

// two-factor authentication

Two-Factor Authentication

Two-factor authentication, or "2FA", is a second lock on your most important accounts. Even if someone steals your password, they can't get in without the second factor, which is usually a code sent to your phone or generated by an app.

You've probably already used it without knowing the name. When your bank texts you a code to confirm a payment, that's two-factor. The password is the first factor, the code is the second.

Passwords alone are like a front door with one lock. 2FA is the deadbolt.

Accounts that really need 2FA turned on:

Your primary email address. This is the master key. If someone gets into your email, they can reset the passwords to everything else.

MyGov.

Your bank (usually on by default now).

Facebook, Instagram, and any social media where losing access would hurt.

Your Apple ID or Google account (these control your phone).

Text codes are OK, authenticator apps are better

The code texted to your phone (SMS 2FA) is the most common kind and far better than nothing. An "authenticator app" (Google Authenticator, Microsoft Authenticator, or 1Password's built-in one) is a step safer because it can't be intercepted by someone switching your SIM. Start with SMS if that's what the site offers, upgrade to an app when you're ready.

Backup codes. When you turn 2FA on, the site usually offers you a set of backup codes in case you lose your phone. Save them. Print them out, or save them in your password manager. Otherwise if your phone is lost or stolen, you're locked out of your own accounts.

// what share ai what not

What to Share With AI, and What Not To

AI chatbots are useful, and most of what you'd type in is completely fine. But they're not a private diary and they're not your bank. A quick rule of thumb keeps you out of trouble.

Don't paste anything into a free AI tool that you wouldn't want a stranger to read.

Fine to share

Your first name, your general location (town or state), your age, your job type.

Documents with your name and address but not your sensitive numbers.

A copy of a letter where you've blacked out the account numbers.

Photos you'd happily post on Facebook.

Opinions, preferences, plans, ideas.

Don't share

Tax file number, Medicare number, driver's licence or passport details.

Full bank account numbers, credit card numbers, the CVV on the back.

Passwords to any account.

Confidential work documents if the tool isn't one your workplace approves.

Other people's personal details they haven't agreed to share.

Why. Free AI tools may use what you type to improve their model, meaning a future version of the AI could have seen it. Paid and enterprise versions usually don't do this, but the safe default is to assume anything you type could be read by a human reviewer, stored indefinitely, or show up somewhere you don't expect.

The workaround that always works. Blank out the sensitive bits before pasting. Instead of pasting a bill with your account number, type "[account number]" where the number was. The AI still understands the letter, you stay safe.

// privacy settings that actually matter

Privacy Settings That Actually Matter

You could spend a full day tweaking privacy settings on every app. Here are the five that return the most benefit for the time.

The five quick wins

Your Facebook profile privacy. Set who can see your posts to "Friends" not "Public" by default. Set who can send you friend requests to "Friends of friends".

Your Google account. Visit myaccount.google.com once a year. Check which apps have access to your data, remove any you no longer use.

Your phone's app permissions. On both iPhone and Android, you can see which apps have access to your location, microphone, camera and contacts. Turn off any that don't genuinely need it.

Location on photos. Modern phones tag every photo with the exact GPS location it was taken. Turn this off if you share photos online, or at least know it's happening.

Two-factor on the big three. Primary email, MyGov, main bank. If you do nothing else from this session, do this.

Ask the AI for a walkthrough

You don't need to remember where each setting is. You can literally ask an AI: "Can you walk me through turning on two-factor authentication for my Gmail account, one step at a time?" It'll take you through it. Same for any of the settings above.

// try it yourself

Try It Yourself

Activity, 15 minutes

Do one thing from this session before you leave the room.

Option 1. Check whether your email address has been in a data breach. Go to haveibeenpwned.com and paste in your email. If it's been in a breach (it probably has), change that password today, starting with any site where you were reusing it.

Option 2. Turn on two-factor authentication for your primary email account. Ask an AI to walk you through it if you need help.

Option 3. Install Bitwarden (free) on your phone and save five passwords into it. Not all at once, just start.

Option 4. Go into your phone settings and check which apps have access to your location. Turn it off for anything that doesn't genuinely need it.

One is enough. You don't need to fix everything today. One new habit, done properly, is worth more than a long list you'll never do.