Tech Words, in Plain English

Two-step login

A second check, on top of your password, that proves the person logging in is really you. Usually a code sent to your phone, a tap in an app, or your fingerprint or face.

Security people describe it as proving who you are with two of these three things: something you know (your password), something you have (your phone or a security key), and something you are (your fingerprint or face). A password on its own is just one. Adding a second one is what makes it strong.

Like a bank card: a thief needs both the card (something you have) and the PIN (something you know). Knowing just one of them gets them nowhere. Two-step login does the same for your accounts.

why it works Even if a crook steals or guesses your password, they still cannot get in, because they do not have your phone in their hand. It stops the large majority of account break-ins on its own.

Security key (YubiKey)

A small physical key, often like a little USB stick, that you plug into a computer or tap on your phone to prove it is you. It is the "something you have" in two-step login, in a form a scammer on the other side of the world simply cannot copy.

Like a key to a locked door: even someone who knows your password cannot get in without the actual key in their hand.

good to know Security keys are useful in remote communities and where phone signal is poor, because many of them work without internet or a texted code. If your workplace offers one, it is one of the strongest protections there is.

Passkey

A newer, password-free way to log in. Instead of typing a password, your phone or laptop unlocks the account with your fingerprint or face. There is nothing to remember, and nothing for a scammer to trick out of you.

good to know When an account offers a passkey, it is usually safer and easier than a password. You will see more of these over time.

Password manager

A free app that acts like a locked notebook for your passwords. It makes a strong, different password for every site, stores them all, and fills them in for you. You only remember one strong passphrase to open it.

Like a key safe: all your keys in one locked box, and you only carry the one key that opens the box.

do this Bitwarden is free and works on phone and computer. Your web browser also has one built in.

The cloud

"The cloud" just means your files and information are kept safe on big computers in a data centre somewhere, instead of only on the device in front of you. Because they live there, you can reach them by logging in from any device.

Like a locker you can open from any town: your stuff is kept somewhere safe, and you can get to it wherever you are, as long as you have the key (your login).

good to know There is a personal cloud (like iCloud or Google) and a work cloud. Keep work things in the work cloud and personal things in your personal one; do not mix them.

OneDrive and SharePoint

These are the Microsoft "work cloud". Your work files live here. Because they are in the cloud, they are backed up automatically and can be shared with the right people, and you can reach them from any work device you log in to.

do this Save work files to OneDrive or SharePoint, not onto a personal phone or laptop or a USB stick. That keeps them safe, backed up, and inside the workplace's control.

Backup

A spare copy of your files kept somewhere separate, so that if a device is lost, broken, or locked up by ransomware, you have not lost everything.

Like a photocopy of important papers kept at a relative's house: if the originals are lost, you still have a copy.

good to know Saving work files to OneDrive or SharePoint backs them up for you. For personal photos, a cloud account or a separate hard drive does the job.

HTTPS and the padlock

When a web address starts with https (with an "s") and shows a small padlock, it means your connection to that website is private: scrambled so nobody in between can read what you send, like your password or card number.

Like a sealed envelope instead of a postcard: a postcard (http, no "s") can be read by anyone who handles it; a sealed envelope (https) cannot.

important The padlock does not mean the website is honest. Scam sites can have a padlock too. It only means the connection is private, not that the people running the site can be trusted. So: no padlock means do not enter anything; a padlock means "private, but still check who you are dealing with".

Encryption

Scrambling information so that only the right person can unscramble and read it. It is what the "s" in https is doing, and it is what protects the messages in apps like WhatsApp.

Like a secret code: you and the person you are talking to share the way to read it, and to anyone in between it just looks like nonsense.

VPN

A tool that makes a private, protected path for your internet connection, even over a network you do not trust. Workplaces often give staff a VPN so that people working from home or out in communities can reach work systems safely.

Like a private tunnel through a public space: you are walking through the same place as everyone else, but inside your own tunnel where no one can see in.

do this If your workplace gives you a VPN for working remotely, use it, especially on wi-fi you do not control. If you are not sure, ask IT.

Public wi-fi

The free wi-fi at an airport, shop, club, or shared venue. It is handy, but you cannot be sure who else is connected to it or who set it up.

Like talking in a crowded room: fine for a chat about the weather, not for reading out your bank details.

do this Avoid banking and important logins on public wi-fi. Use your own phone's mobile data, or your phone as a hotspot, for anything sensitive. A workplace VPN makes it safer again.

Shared and community devices

A computer or tablet that more than one person uses, like a shared machine in a community office. The risk is leaving yourself logged in, so the next person is using your account.

Like a shared front door: never walk away leaving your key in the lock.

do this Always log out when you finish. Never let the browser "remember" or "save" your password on a shared device, always say no to that pop-up. And do not tick "keep me signed in".

Cryptocurrency

A kind of digital money that is not held or controlled by any bank. People buy and send it over the internet.

Why scammers love it: once you send crypto, the payment usually cannot be reversed, there is no bank to ring and claw it back, and it is hard to trace where it went. That is exactly why so many scams ask to be paid in crypto.

red flag If anyone you have not met in person pressures you to buy or send cryptocurrency, especially an "investment" or someone you have only chatted to online, treat it as a scam. The same goes for being asked to pay in gift cards.

QR-code scams

A QR code is the little square barcode you scan with your phone camera. It usually just opens a website. But a QR code can send your phone to a fake website just as easily as a dodgy link can, and you cannot tell where it goes by looking at it.

Scammers stick fake QR codes over real ones on posters and parking meters, or put them in emails, to send you to a page that steals your details or takes a payment.

do this Be wary of scanning QR codes from posters, flyers, or emails you were not expecting. After you scan, check the web address that comes up before you type anything or pay. When in doubt, go to the real website yourself instead.