October is Cybersecurity Awareness Month, and the Ohio Attorney General’s Office proudly supports this annual awareness effort by promoting the “Core 4” steps to improved security in cyberspace:
- Use strong passwords and a password manager. Long, unique and randomly generated passwords are much harder for cybercriminals to crack. A password manager helps you securely store these unique passwords for all your accounts, many times across multiple devices.
- Turn on multifactor authentication (MFA). MFA adds a layer of security beyond a password only – such as a code sent to your phone or a fingerprint scan. It protects your account even if your password is stolen.
- Recognize and report phishing. Be cautious of unsolicited messages or links that attempt to steal your information. Knowing the common signs of phishing helps you identify such scams; reporting the scam helps protect you and others.
- Update your software. Regularly install software updates for your operating systems, browsers, and apps to ensure that your devices have the most up-to-date security.
Safety in cyberspace demands strong passwords – at least 16 characters, including uppercase and lowercase letters, numbers and special characters (such as #, !, : or @).
Strong passwords help to prevent unauthorized access, guard against cyber-attacks and enhance overall online security. Although reusing passwords across multiple accounts can make them easier to remember, the practice is discouraged because if one of those accounts is compromised, all accounts using that password could be compromised.
A newer tool in password maintenance and security is a password manager using passphrases as passwords and passkeys. Password managers offer numerous benefits. They enable the creation and use of strong, unique passwords for each account. Password managers also streamline the login process with autofill features. A final benefit: A password manager allows passwords to be shared and remembered across devices – such as your phone and your computer.
Passphrases are longer alternatives to traditional passwords. They typically consist of a sequence of multiple words, making them easier to remember while still providing strong protection against hacking attempts. Because passphrases utilize a phrase developed by the user, they are generally easier to remember. An example of a passphrase:
I like to read books and pet cats. As the password, this phrase could be entered as:
Ilike2ReadB00ks&petcat$
When using passphrases, be sure to:
- Avoid using famous quotes.
- Avoid personal information.
- Vary the capitalization of letters and add special characters.
- Avoid the same passphrase for multiple accounts.
Using passkeys is a new way to protect your security with your online accounts. Passkey examples include using your fingerprint or face scan to log in to your account through your own smartphone instead of typing a password. A passkey requires a bit of work upfront. After the initial setup, the passkey uses either facial recognition or fingerprint, eliminating the need to remember a password for that account.
- Register passkey on device: When you create a passkey, your device generates a unique, encrypted pair of cryptographic keys – a public key and a private key. The public key is sent to the website you're signing up for; the private key remains securely on your device.
- Log in to account: When you try to log in, you're prompted to authenticate using a local method, such as a fingerprint, facial recognition, or a device PIN.
- Verify: After the first login, you may be asked to verify your account by a code sent via text message or email.
For more information about passwords and related issues, visit the
Cybersecurity & Infrastructure Security Agency.
Consumers who need help resolving a complaint against a business or suspect a scam or an unfair business practice should contact the Ohio Attorney General’s Office at
www.OhioProtects.org or 800-282-0515.