It’s time to leave the 12345 passwords behind for good. The Cybersecurity and Infrastructure Security Agency (CISA) is asking Americans to take four simple steps to protect their families online and gain the upper edge on cybercriminals.
A public service announcement, as part of a nationwide awareness campaign called Secure Our World, is currently airing on stations around the US.
“Cybercriminals are working just as hard to find ways to compromise technology and disrupt personal and business life,” the press release reads.
The CISA was tasked by Congress with providing guidance and tools for small businesses, communities, and individuals to protect themselves online. The public awareness campaign will run throughout October during Cybersecurity Awareness Month.
Here are the four simple steps to make Uncle Sam happy and keep your family safe.
1) Strong passwords: Use passwords that are long, random, and unique to each account, and use a password manager to generate and save them.
2) Multifactor authentication: Use MFA for all accounts that offer it. We need more than a password to protect our most important data, including email, financial accounts, and social media.
3) Recognize and report phishing: Think before you click! Be cautious of unsolicited emails, texts, or calls asking you for personal information. Resist the urge to click on these links and don't click on links or open attachments from unknown sources.
4) Update software: Enable automatic updates on software so the latest security patches keep our devices continuously protected.
CISA also provides a detailed explanation of how to achieve each of these steps.
1) How to make passwords strong
Simple passwords, such as 12345, or common identifying information, like birthdays and pet names, are not safe for protecting important accounts holding critical information.
Using an easy-to-guess password is like locking the door but leaving the key in the lock. Weak passwords can quickly be broken by computer hackers, the CISA explains.
“But it’s impossible to remember a unique, strong password for every account!”
Creating and storing strong passwords with the help of a password manager is one of the easiest ways to protect ourselves from someone logging into our accounts and stealing sensitive information, data, money, or even our identities.
An easy-to-use manager stores all your passwords, tells you when they’re weak or re-used, and generates strong alternatives. It can also automatically fill logins into sites and apps as we move from one to another.
Here are some tips, on how to make passwords strong:
1. Make them long: At least 16 characters – longer is stronger!
2. Make them random: There are two ways to do this. Use a random string of mixed-case letters, numbers, and symbols. For example:
Or create a memorable phrase of five to seven unrelated words. This is called a “passphrase.” To make it even better, get creative with spelling and/or add a number or symbol. For example:
- Strong: HorsePurpleHatRunBaconShoes
- Stronger: HorsPerpleHatRunBayconShoos
- Strongest: HorsPerpleHat#1RunBayconShoos
3. Make them unique. Use a different strong password for each account.
- Bank: k8dfh8c@Pfv0gB2
- Email account: LmvF%swVR56s2mW
- Social media account: e246gs%mFs#3tv6
If you use a password manager, you only need to remember a single password – the master password.
2) How to enable Multifactor Authentication (MFA)
MFA provides extra security by confirming our identities when logging in to our accounts, like entering a code texted to a phone or one generated by an authenticator app. Even if our passwords become compromised, unauthorized users will be unable to meet the second step requirement that MFA provides and will not be able to access our accounts.
CISA asks users to turn on MFA for each account or app.
1. Go to Settings: It may be called Account Settings, Settings & Privacy, or similar.
2. Look for and turn on MFA: It may be called two-factor authentication, two-step authentication, or similar.
3. Confirm: Select which MFA method to use from the options provided by each account or app. Examples are:
- Receiving a numeric code by text or email
- Using an authenticator app: These phone apps generate a new code every 30 seconds. Use this code to complete logging in.
- Biometrics: This uses our facial recognition or fingerprints to confirm our identities.
3) How to recognize and report phishing
Phishing occurs when criminals try to get us to open harmful links, emails, or attachments that could request our personal information or infect our devices. Don’t take the bait.
Phishing messages usually come in the form of an email, text, direct message on social media, or phone call. These messages are often designed to look like they come from a trusted person or organization, to get us to respond.
To avoid the phishing hook and keep our accounts secure:
1. Recognize: Look for these common signs:
- Urgent or emotionally appealing language, especially messages that claim dire consequences for not responding immediately
- Requests to send personal and financial information
- Untrusted shortened URLs
- Incorrect email addresses or links, like amazan.com
A common sign used to be poor grammar or misspellings, although, in the era of artificial intelligence (AI), some emails will now have perfect grammar and spelling. So, look out for the other warning signs.
2. Resist: If you suspect phishing, resist the temptation to click on links or attachments that seem too good to be true and may be trying to access your personal information. Instead, report the phish to protect yourself and others. Typically, you’ll find options to report near the person’s email address or username. You can also report via the “report spam” button in the toolbar or settings.
3. Delete: Don’t reply or click on any attachment or link, including any “unsubscribe” link. Just delete the message.
4) Take a break and update!
Many people might select “Remind me later” when they see an update alert. However, those updates are there for a reason. Many software updates are created to fix security risks.
To make updates even more convenient, turn on the automatic updates in the device’s or application’s security settings!
1. Watch for notifications: Our devices will usually notify us that we need to run updates. This includes our devices’ operating systems, programs, and apps. It’s important to install ALL updates, especially for our web browsers and antivirus software.
2. Install updates as soon as possible: When notified about software updates, especially critical updates, we should be sure to install them as soon as possible. Malicious online criminals won’t wait, so we shouldn’t either!
3. Turn on automatic updates: With automatic updates, our devices will install updates without any input from us as soon as the update is available—Easy! To turn on the automatic updates feature, look in the device’s settings, possibly under Software or Security.
October is Cybersecurity Awareness Month
Founded in 2004, Cybersecurity Awareness Month, held each October, is the world’s foremost initiative aimed at promoting cybersecurity awareness and best practices.
“I’m incredibly excited to launch our nationwide Public Service Announcement campaign, which includes resources and tools every individual and organization can use to stay safe online by practicing good cyber hygiene,” said CISA Director Jen Easterly.
“As cyber threats continue to evolve, we encourage everyone to do their part to stay cyber-safe.”
More from Cybernews:
Subscribe to our newsletter