Most account breaches come from weak passwords, reused logins, or phishing. The good news: a handful of habits blocks the majority of attacks. Here’s what to do today.
Turn on multi-factor authentication (MFA)
MFA adds a one-time code on top of your password, stopping most unauthorised logins even if your password leaks.
Best option: authenticator app
Use an authenticator app over SMS where possible. It resists SIM-swap attacks and works offline.
Backup codes
Generate backup codes and store them offline (not in email or cloud notes). Treat them like keys.
Never share codes
No one from KangarooJackpotLottery will ask for your password or full MFA code via email, SMS or chat.
Use strong, unique passphrases
- Length over cleverness: aim for 14+ characters (passphrases beat short “complex” words).
- Unique per site: never reuse the same password across services.
- Password manager: store and generate strong passphrases; protect the manager with MFA.
Keep your devices clean
- Update your OS and browser promptly; enable automatic updates.
- Lock screens with PIN/biometrics; auto-lock after short idle time.
- Only install apps from official stores; remove unused extensions.
- Avoid public/shared computers for sign-in and withdrawals.
Spot phishing fast
Phishing aims to trick you into entering credentials on a fake page or downloading malware.
- Check the domain: type our address manually or use your own bookmark. Look for
kangaroojackpotlottery.au, not look-alikes. - Beware urgency: messages saying “act now or lose funds” are classic bait.
- Don’t open unknown attachments, especially from unsolicited emails or DMs.
- Hover before you click: preview where a link goes; mismatched text vs URL is a red flag.
If you clicked a suspicious link
Change your password immediately, revoke sessions (see below), enable MFA if not already on, and contact support with details.
Manage sessions & notifications
- Review active sessions and sign out from devices you don’t recognise.
- Enable login notifications so unexpected sign-ins are caught early.
- Use one verified bank account for withdrawals to reduce checks.
Public networks & travel
- Avoid public Wi-Fi for account access; use your mobile hotspot instead.
- Never save passwords on a shared device; log out and clear the browser.
Recovery plan
Lost phone?
Use backup codes to sign in, then re-enrol MFA on your new device.
Account suspected compromised?
Change password, revoke all sessions, check withdrawal details, and contact support.
Keep records
Store backup codes and recovery email/number securely and update them when they change.
Quick security checklist
✓ MFA enabled
Authenticator app + backup codes stored offline.
✓ Unique passphrases
Password manager in use; no reuse.
✓ Updated devices
OS/browser auto-updates on; screen locks set.
✓ Phishing aware
Verify domain, ignore urgent bait, distrust attachments.
FAQs
Authenticator app or SMS?
Authenticator apps are preferred because they resist SIM-swap attacks; SMS is better than nothing.
Are password managers safe?
They’re designed to store secrets securely. Use a strong master passphrase and MFA.
How often should I change passwords?
Change immediately after any breach or suspicious activity; otherwise focus on uniqueness and length.
Will support ever ask for codes?
No. We will never ask for your password or full one-time code via email, SMS or chat.
