Search

When making a password , you should make sure that it is unique, i.e. that it is only used for one account or device, long and complex. 

Using the same password for multiple resources is a risk - if one of your accounts is compromised, others using the same password might be as well. 

Having a long password - 10+ or even 20+ characters, the longer the better - makes it harder to crack with brute force attacks. Use of different types of characters and symbols, such as numbers, small and capital letters and special characters (!, ~, *) is strongly encouraged.  

Avoid using online password generators and “how strong is my password” tools - you can’t know who is behind them and where your passwords might end up.

It is also highly recommended to set up multi-factor authentication  on your accounts, if the online service or platform has that option. This creates an additional layer of protection, as an additional step is required to login, usually a one-time code received via SMS or an app such as Google Authenticator.

However, multi-factor authentication (MFA) is not a “silver bullet” solution - people are still susceptible to social engineering attacks, such as phishing scams, and can be persuaded or fatigued to provide the second authentication factor, a one-time code for example. This is why it is important to consider a phishing resistant solution for MFA, such as the use of physical hardware keys.

Multi-factor authentication by default is unfortunately still not an industry standard - there are services which don’t offer it, and for those that do, users still have to navigate through complex security settings in their accounts in order to set it up.

Although any kind of MFA is better than having none, some forms are safer than others. For example, receiving codes via SMS is not reliable due to security flaws in mobile networks and so called “SIM swapping”, i.e. when an attacker gains access to a person’s phone number by tricking their mobile provider’s staff.

However, it should be noted that MFA is not a substitute for regular security training and awareness of threats such as ransomware. It is very important to build a positive, proactive security culture within your organisation with motivating and engaging training - you can improve the digital security on both personal and organisational level if you focus on all three domains of cybersecurity: people, processes, and technology.

Password Authentication Digital hygiene Apps

With so many accounts an average internet user has today, it has become impossible to memorise all passwords and have them be unique, long and complex at the same time. 

That is why you should use applications  called password managers , which securely store your login credentials and protect them with a master password. That way, you only need to remember your master password and you can copy/paste your other credentials directly from the app. Password management software usually has the option to automatically generate a long and complex password, made of randomised characters and symbols.  

Applications commonly used for password management are KeePass, KeePassXC and Bitwarden.

Storing login credentials in browsers '> should be avoided, together with online password managers which are not open source and end-to-end encrypted .

Password Authentication Digital hygiene Apps

Having 2-step authentication  turned on for all of your accounts is an essential security practice. However, in case the verification method you set up (phone number, app) is not working or has changed, you should try accessing the account from a trusted device . Many service providers offer the option (usually just a checkbox on the 2-step page) to mark a device as trusted so you wouldn’t have to enter 2-step security codes each time you log in on that specific device, such as your home computer. 

Make sure that only personal devices (computers, tablets, phones) you use regularly are marked as trusted and never use this feature on public or someone else’s devices. 

Authentication Digital hygiene Phone/Tablet Apps Computer/Laptop