With the vast amount of sensitive personal information that many people keep and access online, from bank accounts to tax records to emails, it is important to take basic steps to make sure your online identity is secure from cyber criminals.
Use Multi-Factor Authentication
Multifactor authentication (MFA) is the best way to prevent your online accounts from being taken over by cybercriminals. MFA provides a two-step sign-in process, so if your password is compromised, there is a second step to the log-in process to protect you. It is free, easy to set up and widely available for many popular services.
If the option is available, hardware-based or app-based are the most secure options for MFA. SMS text message is the least secure choice for MFA and should be used only as a last resort.
On any services where you have sensitive information, just search “multifactor authentication” or “two-step verification” to find instructions on setting up MFA. Services that have free MFA include Google/Gmail, Microsoft, social media like Facebook and Twitter, and most bank accounts and financial services.
Don’t Reuse Passwords & Use Strong Passwords
Don’t reuse the same password for different accounts. Cyber criminals regularly hack into organizations and steal customer usernames and passwords. This has happened in well known cases like the hacks of LinkedIn and Yahoo.
Cybercriminals know that people often reuse passwords, so once they have a stolen username and password, they will try to use it to access email accounts, bank accounts, etc. You should assume that any password you use will eventually fall into the hands of cyber criminals, so using a different password for each account is important.
Consider using a password manager to generate random passwords and store them. If you do use a password manager, be sure to protect it with a strong, unique password and MFA.
Above all, you should avoid using simple or common passwords. Cybercriminals know the passwords that are most commonly used and will try those first – such as passwords based on dates or seasons (“Winter2018”), common words (“Password123”), and locations (“NewYork2020”).
Install Updates Automatically
Cybercriminals are constantly exploiting flaws in our technology, and defenders are constantly updating applications and operating systems to remove those flaws. All of our software and devices get regular security updates. In fact, phones, computers, tablets and software all have an option to update automatically, eliminating the need for you to do so manually. It only takes a few minutes to turn on automatic updates. You can get started with these instructions for Apple iOS devices, Windows computers, and Mac.
Once an update is made available, the flaws that it fixes are also made public. Cybercriminals are often quick to try to exploit users who are slow to install the update right away.
The Department is aware that there has been an uptick of coronavirus (COVID-19) scams being spread on social media and websites and via emails and texts. Learn more in our Coronavirus Information for Consumers section.