Account security

- The Latest
  Regular reporting on government secrecy, surveillance, and the rights of reporters and whistleblowers.
  - The Classifieds
  - News Releases
- Technology
  Working open source software products to protect journalists, newsrooms, and their sources.
  - SecureDrop
  - Dangerzone
- U.S. Press Freedom Tracker
  A database of press freedom incidents in the United States.
  - Data Visualizations
  - Explore the Database
- Digital Security Education
  Digital security trainings and resources for journalists.
  - Request a Training
  - Guides & Resources
- About Us
  Protecting and defending press freedom when we need it the most.
- Our Team
  - Staff & Contributors
  - Board of Directors
- Transparency
  - Reports & Financials
  - Announcements
- Get in Touch
  - Jobs & Internships
  - Contact Us
Donate

Featured Items

First steps for online safety
Communication security•Article
The environment in the U.S. surrounding digital security threats to journalists is evolving. What should journalists do to better protect themselves, sources, and colleagues from escalating digital security threats?

Dec. 1, 2020 Olivia Martin
Where does your team store its two-factor authentication codes?
Account security•Article
The choice between storing two-factor authentication codes on your device, versus a remote service in the cloud comes with some usability and security trade-offs.

April 7, 2020 Dr. Martin Shelton
Two-factor authentication for beginners
Account security•Guide
Also available in Spanish.Passwords are the brittle wall that keeps unwanted visitors out of your accounts. When it comes to account protection, two-factor authentication is one of the most effective defenses available.Two-factor authentication, or 2FA for short, strengthens login security by requiring a second piece of information …

Feb. 10, 2020 Dr. Martin Shelton
We ran over some security keys with a car and some still worked
Account security•Article
One of the most common questions we get in training journalists on two-factor authentication (2FA) is: How hard are these hardware security keys exactly? Our digital security team has plenty of anecdotes to support their durability, but we've decided to methodically put them to the test.

Feb. 7, 2020 David Huerta
Your password was breached. Now what?
Account security•Guide
Data breaches, and in particular those including personal passwords for websites or apps, are evergreen news stories that repeat themselves like an Advent calendar for cybersecurity failures. Although these breaches are a regular phenomena, they are trailed by a long, drawn-out window of time where other attackers use breached data …

March 25, 2019 David Huerta
Security, the gift that keeps on giving
Account security•Article
This year we're gifting simple security guidance, which I think we can all agree is better than another internet-connected kitchen appliance.

Dec. 5, 2018 Dr. Martin Shelton
11 tips for protecting your privacy and digital security in the age of Trump
Device safety•Article
Many fear how the Trump admin will use surveillance to stifle dissent. Here's a beginner's guide to upping your privacy and security game.

Jan. 30, 2017 Olivia Martin
Three types of passphrases
Account security•Guide
The first step to a healthy digital life is an easy-to-implement strategy for managing your account credentials. You’ll notice that we’re using the term “passphrases” instead of “passwords.” Do you wonder why? In short, because passwords are obsolete. They’re too short, they tend to be unimaginative, and chances are, they’re …

Dec. 6, 2016 Harlo Holmes
Phishing prevention and email hygiene
Account security•Guide
Journalists and Journalists and newsrooms are increasingly the victims of hacking and malware, and hackers often target them through email. Virtually every “sophisticated” hack of an individual reporter or entire newsroom involves a relatively simple email attack: phishing and spear phishing.Phishing is a social-engineering attack where an adversary crafts …

Dec. 6, 2016 Harlo Holmes