Passwords & Authentication

Everyday best practices for greater security.

bad password

The importance of good “password protocol” cannot be overstated. Passwords and login credentials are an important—and sometimes the only—layer in defending your information, particularly when you’re using services like cloud-based email or online banking. Below are recommendations to help you log in more securely.


While no password is completely undefeatable, the more complex a password is, the harder it will be to crack.

  • Strengthen your passwords. A strong password is unique, includes upper-case and lower-case letters, numbers and special characters. Consider using a mnemonic device to help you remember complex passwords. For example, build a password from the first letter of every word in a song: TtL*hiwWYA5 (Twinkle, Twinkle Little Star with special characters and a number).
  • Never use personal information, such as your birth date, social security number or mother’s maiden name, as part of your password.
  • Do not reuse your passwords across different websites and services.
  • Avoid password reset questions that anyone could answer by simply researching you or your family through paid or public services.
  • Always protect your mobile devices with a password or passcode. Adjust the settings on your devices so they lock if they are idle for sixty seconds or more.

Multifactor Authentication

Also known as two-step authentication, this typically combines:

 Multifactor Authentication

The use of multiple data points together can greatly improve security because a hacker would need to complete multiple authentication requirements—one of which may involve a physical identifier, like a fingerprint—to access your account.

Multifactor authentication can be enabled on devices, in email and on most banking, investing and social media websites.

Note that the prevalence of multifactor authentication as a security measure has led to a rise in fraudulent porting of cellphone numbers. Using this technique, criminals redirect your cellphone number to their own phone in order to complete your multifactor authentication requirements. Contact your wireless carrier to inquire about the security measures they offer to help you protect your account.