Most people know they should be doing more to protect their accounts. They've heard about two-factor authentication, maybe downloaded a password manager, and thought about it. But there's a gap between knowing and doing, and that gap is where real risk lives. I work with individuals and small offices in San Francisco and Washington, DC to close that gap, one account at a time. This is hands-on help for regular people who want to feel genuinely confident about their digital safety, not enterprise security consulting.

My approach

Security advice online tends to be generic, overwhelming, or both. I take a different approach: I look at what you actually have and actually use, then we make targeted improvements together. For most clients, the biggest wins come from three places: making sure you're using a password manager with unique passwords everywhere, turning on the right kind of two-factor authentication, and locking down the accounts that matter most. Your email and Apple ID are the keys to everything else, and they're where I always start.

For clients who are fully in the Apple ecosystem, I recommend Apple's built-in Passwords app. It's included with your devices, syncs across all of them through iCloud Keychain, stores passkeys alongside passwords, and handles two-factor authentication codes. For clients who work across Apple and Windows or Android, I recommend 1Password, which handles cross-platform sync better. Either way, I'll help you get it properly set up and working, not just installed.

For two-factor authentication, I steer away from SMS codes whenever possible and toward app-based codes or passkeys. Text message codes are better than nothing, but a sophisticated phishing site can prompt you for a code in real time and use it before it expires. Passkeys are resistant to that attack entirely, which is why I encourage clients to set one up any time a site offers it.

What I can help with

Password manager setup and migration. If you've been meaning to start using a password manager, or if you have one installed but aren't really using it, I can walk through it with you from scratch. That includes importing passwords from Chrome or another browser, cleaning up duplicate and compromised entries, and making sure autofill is working reliably across your devices.

Changing passwords to unique ones. Having a password manager isn't enough if all your passwords are variations of the same phrase. I can work with you, account by account, to replace reused or weak passwords with strong unique ones, prioritizing the accounts that matter most.

Two-factor authentication. I'll help you turn on 2FA on your most important accounts and set it up the right way: app-based codes or passkeys rather than SMS wherever the site supports it.

Passkeys. Passkeys are the strongest way to protect an account from phishing and password theft, and a growing number of major websites now support them. I can show you how they work, help you create them on the sites you use most, and make sure iCloud Keychain is syncing them across your devices.

Email and iCloud account review. I'll go through your Apple ID and email settings with you to check which devices are signed in, whether any look unfamiliar, and whether your recovery options are set up correctly. For iCloud specifically, this includes checking iCloud Advanced Data Protection and setting up a Recovery Contact so you're not locked out if something goes wrong.

Scam recognition. Knowing how scams work is one of the most reliable ways to avoid them. I'll walk you through what current phishing emails and fake invoices actually look like, including ones that bypass spam filters because they're sent through legitimate services like PayPal, how to tell a real message from a fake one, and what to do when you're not sure.

Stolen Device Protection. If your iPhone were stolen by someone who had watched you type your passcode, they could reset your Apple ID password and access nearly everything within minutes. Apple's Stolen Device Protection prevents exactly that. I'll make sure it's on and explain how it works.

iCloud Advanced Data Protection. This setting extends end-to-end encryption to your iCloud backups, photos, notes, and more. With it enabled, Apple holds no key to your data. It requires setting up a Recovery Contact or Recovery Key first, and I'll walk you through both.

Credit freeze. A credit freeze at all three bureaus is one of the most effective steps you can take to prevent someone from opening accounts in your name. I can walk you through the process at Experian, Equifax, and TransUnion.

What "secure" actually means

There is no such thing as perfect security, and anyone who tells you otherwise is selling something. The goal is to make yourself a harder target: someone whose accounts require more effort to compromise than average, so that automated attacks and opportunistic scammers move on. Most of the steps involved are one-time changes that, once made, require very little ongoing attention. A session or two is usually enough to make a substantial difference.

How it works

I work with individuals and small offices in San Francisco and Washington, DC, and with clients anywhere via Zoom. Sessions are one-on-one and move at your pace. Nothing is rushed and nothing is assumed; if something isn't clear, we slow down until it is.

For a security audit, I usually suggest a longer session so there's time to go through the most important accounts and settings without feeling rushed. Many clients follow up with a second session to finish password changes or cover anything we didn't get to the first time. Rates are on the booking page.

Book a session at jimmytechsf.com/book

FAQ

Do I need to already have a password manager to book a session? No. We can set one up together from scratch. If you've never used one, a security session is a good time to get started, because I can show you the setup and then immediately put it to use.

I have iCloud Keychain turned on. Is that the same thing as a password manager? iCloud Keychain is the secure system running in the background that keeps your passwords synced across your Apple devices. Apple Passwords is the app that gives you a user-friendly interface to see, manage, and use everything Keychain is storing. If you have Keychain enabled and have been saving passwords in Safari, you already have a solid foundation. What most people need help with is the next layer: making sure all those passwords are unique, adding two-factor codes, and setting up passkeys.

What accounts should I be most worried about? Your email and your Apple ID are the highest priority. If someone gets into either of those, they can reset the password on almost everything else. After those, the focus shifts to financial accounts, anything with a stored payment method, and social media accounts tied to your real name.

I've heard I should change my passwords regularly. Is that actually true? This is one of the most persistent pieces of security advice that has turned out to be wrong. The current guidance from NIST and most security researchers is that routine password changes don't improve security unless there's reason to believe a specific password was compromised. Worse, forcing regular changes tends to encourage sloppy habits: passwords that are slightly easier to remember, or ones written on a sticky note next to the computer. What actually matters is that your passwords are unique and strong.

What is iCloud Advanced Data Protection and should I turn it on? It's an optional iCloud setting that extends end-to-end encryption to your backups, photos, notes, and more. With it enabled, Apple holds no key to your data, so it can't be accessed even in a breach or legal demand. The requirement before turning it on is setting up a Recovery Contact or saving a Recovery Key, because Apple genuinely cannot help you recover your data if you lose access. I'll walk you through all of it.

What's the difference between two-factor authentication by text message and by an app? SMS codes are better than nothing, but they have a real weakness: a phishing site can prompt you for the code in real time and use it before it expires, which means even careful people can get compromised. App-based codes are harder to intercept. Passkeys go further and are resistant to phishing entirely, because your device checks the site's address before it responds, and a fake address gets nothing.

Do you help with scam calls and texts, not just email? Yes. We can talk through how to recognize phone scams, smishing (fake text messages), and social engineering. Scammers increasingly impersonate Apple Support, banks, the IRS, and delivery services. Knowing what legitimate organizations will and won't ask you to do makes a big difference.

I think I may have already been compromised. Can you still help? Yes, and the sooner the better. If you're not sure whether an account has been accessed by someone else, I can help you check sign-in history and connected devices, walk through a password and recovery-options reset, and remove any access that shouldn't be there.

Do you help with Android or Windows, or only Apple? My focus is Apple products: iPhone, iPad, and Mac. I don't work with Android or Windows directly, so I can't guarantee those setups are optimized. That said, if you're primarily on Apple but need a password manager that also works on other platforms, I can get you set up with something like 1Password, which handles cross-platform sync well. The account-level work, reviewing sign-ins, enabling 2FA, creating passkeys, works the same regardless of device.

How long does a session usually take? Most clients find that a 90-minute to two-hour session covers the essentials: reviewing key accounts, auditing or setting up the password manager, enabling the most important settings, and going through scam recognition. If there are a lot of passwords to change or more accounts to go through, a follow-up session is usually worthwhile.

Related reading

• What are passkeys, and why should you use them instead of passwords?: A full explainer on how passkeys work, why they're phishing-resistant, and which sites already support them.

• Turn on Stolen Device Protection right away: What this iPhone feature does and why it matters if your passcode is ever observed in public.

• Passwords is now a real app in macOS 15, iOS 18, and iPadOS 18: What's in Apple's built-in password manager and how to get started.

• Essential steps to secure your identity: credit freeze explained: How to freeze your credit at all three bureaus and why it matters if your Social Security number has ever been exposed.