Family Skills A field guide

06 of ten

Self-Protection

Staying safe in a digital and physical world

A college student gets a panicked message from her best friend’s account. I’m in trouble, please send money to this number. It sounds like her. The phrasing is right. There is even a follow-up voice note that sounds exactly like her voice. She nearly sends the money. Then, on instinct, she calls her friend on a different channel — and her friend, in the middle of a perfectly ordinary afternoon, has no idea what she’s talking about. Someone has cloned her friend’s voice from public videos. The whole attack took the scammer fifteen minutes.

This is the world you have been handed. Most threats you’ll face are no longer dramatic. They are ordinary, fast, and engineered to slip past you while you are distracted. Some are digital — phishing, identity theft, social engineering, cloned voices, manipulated images. Some are physical — situations you walked into too easily, places you stayed in too long, people you trusted too soon. Most of them are preventable, almost entirely, by a small set of habits.

The aim of this chapter is not paranoia. Living afraid is its own kind of harm. The aim is appropriate caution — the version of safety that lets you say yes to most of life while quietly sidestepping the small number of situations that go badly.

The core principles

Trust the slow channel, not the fast one. Almost every successful scam works by creating urgency. Send money now. Click this link or your account will be locked. Confirm this code or we cannot help you. The urgency is the manipulation. When you feel rushed, that is the exact moment to slow down. Switch to a different channel — a phone call, a face-to-face check, the official app. If a request cannot survive a five-minute pause, it was not a real request.

Your accounts are protected by the weakest link. Most account takeovers happen not because someone “hacked” you, but because the same password was reused across many sites and one of those sites leaked. Use a password manager. Use it for everything. Turn on two-factor authentication on every important account — email, banking, social media — and prefer authenticator apps over SMS where possible. This single set of habits prevents the overwhelming majority of digital harm.

Privacy is a default to choose, not a setting you check once. Every app you use is set up to extract more from you than you’d give if asked directly. Review permissions periodically. Turn off what you don’t need. Be deliberate about what you post — once a photo, location, or personal detail is online, it is not coming back. The default of every platform is more sharing; the default you should set is just enough.

Situational awareness keeps you out of most physical danger. The largest single factor in physical safety is whether you noticed the situation early enough to leave. Walking with your phone out, headphones in, in an unfamiliar place at night, signals to a small set of people that you are not paying attention. Pay attention. Know your exits. Trust your gut — that uneasy feeling has saved more people than any martial art ever will.

The body knows before the brain does. When something feels off — a person, a place, a request — that signal is information. It is not paranoia to act on it. Leave the situation. Decline the favor. Take the longer route. You owe no one an explanation for keeping yourself safe.

The cost of a precaution that turns out to be unnecessary is small. The cost of failing to take a precaution that turns out to have been necessary is enormous. Asymmetry is your friend.

Specific things to set up — once, then forget

  • A password manager (1Password, Bitwarden, the built-in one in your browser) with a strong master password you can actually remember. Generate unique passwords for every site.
  • Two-factor authentication on email, banking, primary social accounts. Use an authenticator app (Authy, Google Authenticator) where the option exists.
  • A separate, less-used email for sites where you are skeptical. Your primary email becomes a smaller target.
  • Backup of phone and laptop. Loss, theft, and ransomware all stop being catastrophes if your data is backed up.
  • A trusted adult and a code word. A word that, if used in a message, signals “this is a real emergency, drop everything.” It also doubles as a check — if a message claims to be from a family member in crisis but doesn’t include the word, it’s probably not them.

On physical threats

Most physical danger to young people comes from one of three sources: walking into the wrong situation, staying in the wrong situation too long, or being where alcohol and unfamiliar people mix without a clear way home. The countermeasure is not avoidance of life — it is structure: tell someone where you’ll be and when, have a way to leave, never let your phone go below 20% in places you don’t know well, never accept a drink you didn’t see poured.

If something feels wrong, it is almost certainly wrong. Leave first, explain later — to anyone, including yourself. The cost of being slightly rude to a stranger is approximately zero. The cost of being polite past your instincts can be much higher.

  1. Set up the password manager and 2FA this week. Block out two hours. Do it once. Future you will thank present you many times over.
  2. Audit your phone's app permissions. Twenty minutes. Anything that doesn't need your location or camera, turn off. Anything you no longer use, delete.
  3. Pause-and-verify drill. Whenever a message creates urgency — money, codes, account warnings — explicitly switch to a different channel before acting. Make this mechanical, like seatbelts.
  4. Establish a code word with your closest people. Decide it once. It will save someone's worst day, possibly yours.
  5. Build the leaving habit. When something — a place, a person, a situation — feels wrong, leave first and reflect after. Trust the signal.
  • Book The Gift of Fear by Gavin de Becker — the single best book on physical situational awareness. Read it once, remember it forever.
  • Site haveibeenpwned.com — check whether your email has appeared in any data breach. Most have.
  • Tool A password manager (Bitwarden free, 1Password paid) and an authenticator app.
  • Guide EFF's Surveillance Self-Defense (ssd.eff.org) — practical, digestible, free.
  • Course Any reputable self-defense or Krav Maga class — not because you'll fight, but because it builds the leaving instinct.

Start here

Block two hours this week to set up a password manager, generate unique passwords for your top ten accounts, and turn on two-factor authentication on email and banking. This single afternoon eliminates more risk than any amount of vigilance afterwards.