Lock Down Your Login

Lockdown Your Login

Usernames and passwords are no longer enough to keep your accounts secure. Anyone with your username and password can access your account. Compromised accounts cause reputational harm and embarrassment and put others at risk through the spread of malware and viruses.

Six Steps Towards Better Security

  • Use strong authentication: Sometimes called 2-step verification, multi- or two-factor authentication, or login approval – provides an extra layer of security beyond your username and password to protect against account hijacking. Many online services, including email and social networks, offer this free extra security protection to help ensure it’s actually you trying to access your account – not just someone who stole or guessed your password.
  • Keep software up to date: Running out-of-date software can put you at risk of security vulnerabilities that hackers seek out and exploit. Security experts agree that keeping your software — including Internet browsers, operating systems, plugins, and document editors — up to date on internet-connected devices is a fundamental cybersecurity practice and helps prevent malware infections that could compromise your devices and accounts.
  • Avoid phishing attempts: Attempts by cybercriminals, nation states, or hacktivists to lure you into giving away personal information to gain access to accounts or to infect your machine with malware and viruses are called “phishing.” Phishing attempts can happen through a variety of channels, including email, social media, or text messages. It can compromise security and lead to theft of personal and financial data. Highly targeted attacks on groups or individuals are known as “spear phishing”.
  • Use unique passwords or passphrase: Password reuse for multiple accounts is one of the most commons ways accounts are hijacked. When passwords are reused, having your credentials stolen for one account means hackers can gain access to other accounts that use the same login details. Access to more sensitive accounts, such as financial or medical information, should be secured with stronger passwords that are considerably different from ones used elsewhere. Also, consider using a password manager like LastPass® to help manage account credentials.
  • Protect mobile devices: Mobile phones and tablets contain a wealth of personal data, including emails, contacts, schedules, your locations, and direct access to apps. When your mobile device is lost or stolen, your data goes with it, making any information contained on the device vulnerable.
  • Use security tools: Many online service providers offer useful settings and tools to help you manage your online presence, keep your data secure, and get the most out of the services you use. For example, strong authentication is rarely turned on by default, but offered by many online services for users that want an extra layer of protection on their account.

Visit Stop.Think.Connect's www.LockDownYourLogin.org for additional information to easily learn how to move beyond the password and better secure your online accounts.

The National Institute of Standards and Technology has guidance for creating better passwords https://www.nist.gov/video/password-guidance-nist-0.