# Safer Authentication: Password Usage Training Framework

|   |   |
|---|---|
|**Audience:** Nonprofit/advocacy staff, mixed tech levels<br><br>**Format:** In-person or virtual, 8–25 participants<br><br>**Duration:** 90 min (or two 45-min sessions)<br><br>**Facilitator needs:** 1Password account + browser extension ready; basic 2FA familiarity<br><br>**Materials:** Slide deck + participant handout (provided)|**Participants will be able to:**<br><br>•      Explain why passwords alone don’t protect accounts<br><br>•      Set up and use 1Password for daily work<br><br>•      Enable 2FA on their highest-priority accounts<br><br>•      Identify their top 5 accounts and concrete next steps<br><br>•      Describe what passkeys are and where to enable them|

|   |
|---|
|**Session Flow**|

|   |   |   |
|---|---|---|
|**#  /  Time**|**Module**|**Key Content + Notes**|
|**1**<br><br>10 min|**Why This Matters**|Opening hook: show of hands on password reuse -- normalize it<br><br>Core problem: credential reuse & phishing, not sophisticated hacking<br><br>Key stat: compromised credentials in ~40% of breaches (Verizon DBIR 2024)|
|**2**<br><br>25 min|**Password Managers: 1Password**|Concepts: master password, Secret Key, Emergency Kit, vaults (5 min)<br><br>Live demo: interface tour, save & generate, autofill, 2FA setup, shared vaults (15 min)<br><br>Q&A (5 min): prep answer for “What if 1Password gets hacked?”<br><br>Have extension installed before the session. Autofill demo doubles as phishing protection explainer.|
|**3**<br><br>20 min|**Two-Factor Authentication**|2FA method ranking: hardware key → authenticator app → 1Password TOTP → SMS<br><br>Priority order: email → financial → cloud storage → CRM → social media<br><br>Worksheet: participants identify their top 5 accounts (5 min)|
|**4**<br><br>10 min|**Introduction to Passkeys**|What passkeys are, why they’re better (no password to steal, phishing-resistant)<br><br>Where they work today: Google, Apple, Microsoft, GitHub, PayPal|
|**5**<br><br>25 min|**Action Plan + Wrap-Up**|Walk through 3-column plan: This Week / Next 30 Days / Ongoing<br><br>Individual reflection: one commitment in next 48 hours (write it down)<br><br>Three takeaways, resources, Q&A|

|   |
|---|
|**Facilitation Principles**|

|   |   |
|---|---|
|**Lead with care, not fear:** capability over anxiety; overwhelm creates paralysis<br><br>**Normalize the starting point:** reused passwords are the norm, not a failure<br><br>**Prioritize action:** better to leave having done one thing than understood everything|**Don’t let perfect block good:** SMS 2FA beats no 2FA; progress over perfection<br><br>**Right-size to the group:** tailor examples to their platforms; pair early adopters with neighbors<br><br>**Optional extension (30 min):** hands-on 1Password install for groups under 15 with a co-facilitator|