Money
Cyber Security for Over 40s: Simple habits to prevent identity theft
Protecting your digital life doesn't require technical expertise; it's about adopting a few high-impact habits to secure your accounts and reduce the overwhelming mental load of modern life admin.
By Toby Ellis
People have been asking me about identity theft a lot recently. It makes sense. It is one of those problems that feels both personal and a bit invisible until it is suddenly very real (and very annoying).
I was at a BBQ recently and one of our friends spoke about having their Apple Account hacked. Nothing to do with Apple, it was because of a data breach with another organisation. The hacked account was an old account they hadn't used in years, but that didn't reduce the sting.
They didn't care about the Apple Account, but it did make them really worried: what other details were on the account? Was the credit card linked? If it was, will they need to spend the next 2 years redirecting direct debits as they discover them (only when the direct debits fail, obviously!). Then came the chorus of backyard support: they weren't alone. There were others. This was real and more prevalent than anyone in the group had assumed. These are smart people, and suddenly, this was a really important conversation.
The point being, lots of very smart people get caught out. Scammers are highly sophisticated and it really can impact anyone.
Also, if you are over 40, there is an extra twist: it is not just “security”. It is security plus life admin. You have more accounts, more money moving around, more subscriptions, more services, and often, you are also helping parents (or kids) with theirs. That is why it can feel overwhelming.
The good news: you do not need to become a cybersecurity expert to protect yourself. A few simple habits do most of the heavy lifting, and they reduce the mental load too.
The “Big 2” (do these first)
1. Lock down your email (because it is the master key)
If someone gets into your email, they can usually reset passwords everywhere else. That is game over.
- Turn on two-factor authentication (2FA)
- Update your password to something long and unique (ideally generated and saved in a password manager)
- Check your recovery email and phone number are correct
2. Lock down your money accounts (because scammers are after dollars, not drama)
Banking, super, buy-now-pay-later, PayPal, Apple ID, Google, the lot.
- Turn on 2FA
- Confirm recovery details are correct
- Review recent logins or devices and sign out of anything you do not recognize
If you do these two, you have covered the most common way identity theft turns into financial damage.
The easy wins (high impact, low effort, less brain space)
We all suffer from password fatigue. If it feels like you have a hundred logins and a new set of complex rules every week, you aren’t imagining it. However, "remembering better" isn't a viable strategy. Instead, I recommend moving toward passkeys. This is a newer, safer way to sign in using your device’s Face ID, Touch ID, or PIN instead of typing a password.
Why passkeys are great?
Passkeys are excellent because they are nearly impossible to phish; a fake login page can’t trick your phone into giving up a passkey the way it can with a password. If an app or website offers to "Create a Passkey," treat it like a seatbelt: it's a small habit that offers massive protection.
Here's how you can manage multiple accounts securely
If your phone pops up “Create a passkey” or “Sign in with passkey”, treat it like a seatbelt: slightly boring, very effective.
1. Use a password manager (this is the grown-up move)
A password manager is a secure vault that creates and remembers strong passwords for you. You only remember one strong “master” password; the rest gets handled automatically.
Why they help, especially over 40:
- They stop the “same password everywhere” problem (how one breach turns into ten)
- They reduce mental load (no more password gymnastics)
- They help you tidy up old accounts from 2014 that you forgot existed
If you do nothing else this weekend: set one up, move your email and banking into it first, then gradually add the rest as you log in to things.
2. Protect your parents’ data
This is a big over 40 reality. If you are helping parents with “just one quick thing” on their phone, you already know how this goes.
Two high-impact steps:
- Turn on 2FA on their email and banking
- Make sure their recovery phone/email are correct (many recoveries fail because this was never updated)
A simple family rule that prevents most scams:
- If a message creates urgency (“payment failed”, “account locked”, “ATO refund”, “unusual login”), do not click the link. Go directly to the official app or website, or call the organisation using a number you find yourself
Scammers are professional. They will sound convincing. Your job is not to outsmart them; it is to avoid playing the game on their terms.
3. Stop and sanity-check urgent messages (this blocks most scams)
Identity theft often starts with a convincing message: “Your account is locked”, “Payment failed”, “Unusual login”. If it feels rushed, pause and do one of these:
- Open the app directly (bank, PayPal, email) and check notifications there
- Type the website address yourself (not via the link)
- If you are worried, call using the number on the back of your card
4. Be a little stingy with your personal info (especially during life admin)
Over-40 life is full of “change moments”: moving house, changing jobs, medical admin, separation, helping parents. That is when details get shared around and accounts get created quickly. Ask: do they really need this? If not, do not hand it over.
Red flags to watch for (the early warning signs)
- Password reset emails you did not request
- New devices logged into your account
- Small “test” transactions you do not recognize
- Mail going missing, or bills suddenly not arriving
If you ever think “this might be happening”,start with the boring but effective order of operations:
- Change your email password first
- Turn on or re-check 2FA and passkeys
- Change banking and key account passwords
- Review “recent activity” or “logged in devices” and sign out of anything you do not recognize
The goal is not perfect cybersecurity. The goal is protecting your money and reducing the chance that one breach turns into months of cleanup. You deserve tech that makes life easier, not a second job. If you do the Big 2 and a couple of easy wins, you are already ahead of most people.
Feature image: iStock/guvendemir
This article contains general information only. It is not financial advice and is not intended to influence readers’ decisions about any financial products or investments. Readers’ personal circumstances have not been taken into account and they should always seek their own professional financial and taxation advice that takes into account their financial circumstances, objectives and needs.
Read these next: