Every day on the dark web, criminals buy and sell personal information. Identity theft occurs when someone steals and uses personal identifying information, like a name or Social Security number, without permission, to commit fraud or other crimes. According to the 2021 Internet Crime Complaint Center report, identity theft victims lost nearly $300 million. Cybercriminals don’t need to break into secure systems if they can get your password and bypass your other security measures. Here are four tips to help you protect your accounts and passwords.
Use strong and unique passwords.
The Information Security Office at Illinois State University recommends that passwords be 12–16 characters long and use a combination of letters, numbers, and special characters. Longer passwords are more difficult for algorithms to decode, but a random string of letters and other characters can also be tough to remember. A “password phrase” that uses three to four words improves security while still being memorable.
Use password management software.
It is also essential to use different passwords for each account. Now that you have dozens of long passwords for each account, you may ask yourself “How do I remember all of these?” Password management software can save all of your passwords (and randomly generate new ones), so you only need to remember one login password. Apple iOS and Google Chrome have built-in password managers that check your passwords if any are compromised.
Use multi-factor authentication to secure your accounts.
Multi-factor authentication (MFA) provides enhanced security for user accounts. When the system detects a login attempt on your account, you will receive an alert and need to verify that you are logging in. With this extra level of verification, even if your password is guessed or stolen, the attacker will not be able to sign into your account.
Watch out for MFA fatigue attacks!
Criminals may get ahold of your password but cannot log into your account with MFA enabled. Because of this, a common tactic is to use a bot to log in multiple times within minutes. You are barraged with alerts (often late at night) that won’t stop until you verify the login attempt.