Passwords and Accounts: Best Cybersecurity Practices

A majority of account take-overs start with weak or compromised passwords. The Secret Service recommends following these protective measures when creating passwords to take control of your digital accounts and protect yourself from malicious actors.

•   Step 1 - Get a password manager. A password manager is a secure encrypted electronic vault, designed to store and organize your passwords across all your devices. It comes with a password generator tool, to help you create strong and randomized passwords.  A password manager simplifies your login experience by securely logging into your accounts for you.
•    Step 2 - Secure your password manager with a strong password and multiple factor authentication in form of biometrics and passkeys replacing traditional passwords with cryptographic keys stored on your devices.
•    Step 3 – Register all your accounts into your password manager. Use the password generator to create strong and unique passwords for all your accounts. 
•    Step 4 – Turn on Multifactor Authentication on all your accounts. Leverage Passkeys whenever possible as they are phishing resistant and extremely secure. 

Other best practices:

•   Use phishing-resistant authentications, like FIDO passkeys, or hardware-based security tokens.  Wherever possible, disable SMS, email, or phone one-time passwords (and similar authentication or account recovery options) to ensure effective protection using multifactor authentication.  
•    Change passwords regularly and use different passwords for each system and account.
•    Immediately change factory preset passwords on devices, to include Wi-Fi routers and smart devices.
•    Use answers only you know, for security questions.