MFA and Password Manager Setup for Perth Individuals: Make Phishing and Scam Messages Harmless to Your Accounts

You get a text that looks like it is from Australia Post, or your bank, or the ATO. The link goes to a page that looks right. You type your email and password without thinking, and a minute later you realise something was off — but the attacker is already inside your inbox, resetting your bank and super logins from the password reset emails sitting there. MFA and Password Manager Setup from Cyber by Exegesis is the hands-on engagement that closes the door phishing depends on — before the next message lands.

The problem

ACCC Scamwatch consistently lists phishing as the top reported scam category in Australia by volume, and the National Anti-Scam Centre tracks losses across phishing, identity theft, and account takeover that run into the hundreds of millions each year. The mechanics are almost always the same: a fake message, a fake login page, a real password handed over.

What turns a phishing click into a financial loss is what happens after the password is captured. If your email is protected by only a password — no second factor, the same password reused on three other sites, no password manager warning you that the login page is wrong — then a single click can cascade through your bank, your super, your MyGov, and your work accounts in under an hour.

The ACSC’s guidance for individuals and families is direct: turn on multi-factor authentication, use a password manager, and use long unique passphrases. None of those are hard. They are just fiddly enough that most Perth adults never quite get them set up properly across every account that matters.

What MFA and Password Manager Setup does

Cyber by Exegesis runs a fixed-scope, hands-on engagement that sits with you (in person in Perth, or over a screen-share) and gets it actually done:

• A practical inventory of your most important accounts — primary email, banking, super, MyGov, ATO, work logins, social media, and any account tied to recovery of the others.
• Hands-on setup of a password manager (1Password or Bitwarden), including importing existing passwords from your browser and replacing the weak and reused ones with long unique passphrases.
• Turning on multi-factor authentication on every account that supports it, using an authenticator app rather than SMS where possible (SMS MFA is better than nothing, but app-based MFA resists SIM-swap).
• A recovery-code storage plan — printed and stored somewhere physically safe, plus a backup in the password manager’s secure notes.
• A short walk-through on how to recognise a phishing page now that your password manager will refuse to autofill on the wrong domain (which is one of its quieter but most useful protections).

Cyber by Exegesis is the cyber consultancy line of Exegesis — the same company behind DRMO. Our scope here is preventive hardening for one person. We are not your IT support and we are not a managed service; we set this up properly once, leave you with a written handover, and step back.

How it works

1. We confirm scope on a short call and you list the accounts that matter most to you — typically eight to fifteen.
2. We book a two-hour session (in person in the Perth metro area, or over screen-share) and work through password manager install, vault setup, and master passphrase generation.
3. We go account by account: change the password to a long unique passphrase stored in the manager, turn on MFA, store the recovery codes.
4. We set the password manager to warn you about reused and breached passwords, and walk you through the autofill behaviour that helps you spot phishing pages.
5. We leave you with a one-page written handover covering what was changed, where your recovery codes are, and what to do if you lose your phone.

Why this matters in Perth

Perth’s three-hour time difference from the east coast means a lot of fraud happens overnight, while you are asleep, and you wake up to discover an account has already been drained or locked. The defence is not faster reaction — it is making the credentials useless to whoever phished them. A password manager that refuses to autofill on a lookalike domain, plus MFA on every account that matters, means a phished password on its own does not get the attacker in. That is the difference between an annoying morning and a six-month identity-recovery project.

Sources

• ACCC Scamwatch (National Anti-Scam Centre): https://www.scamwatch.gov.au/
• ACSC guidance for individuals and families: https://www.cyber.gov.au/protect-yourself
• OAIC Notifiable Data Breaches scheme (relevant if a phishing-driven account takeover exposes data held by an organisation about you): https://www.oaic.gov.au/privacy/notifiable-data-breaches
• Cyber by Exegesis — MFA and Password Manager Setup (waitlist)

Join the waitlist

Join the waitlist — first access when Cyber by Exegesis opens MFA and Password Manager Setup for Perth individuals

We are sequencing engagements by location and by password manager preference (1Password first, Bitwarden second). Join the waitlist with your suburb and your preferred password manager — we will tell you when we are ready to book your session.