Online account security

Header image of a woman sitting in front of her computer in an office.

WOCinTech Chat. CC-BY-2.0

It seems like every week we hear about a new data breach involving passwords, and as frequent targets of digital attacks, journalists are at particular risk. Most online attacks, however, aren’t fancy. Attackers most commonly try to access your accounts by guessing short, predictable passwords, or by sending phishing emails designed to trick you into sending them your credentials in a malicious login webpage. Fortunately, the defenses are also simple. These guides and resources will help you learn how to protect information in online accounts.

  1. Photo of a man in a Guy Fawkes mask, with a fishing reel in hand.

    Phishing Prevention and Email Hygiene

    One of the most common security threats journalists face is phishing — convincing you to enter your real credentials in a fake login form. Read about how to identify hints of phishing, and some simple defenses.

  2. A title card reading "two-factor authentication," with an image of a login form, two-factor authentication codes on a phone, and a "sign in" button.

    Two-Factor Authentication for Beginners

    One of the best, and easiest, ways to strengthen login security is by enabling two-factor authentication. This just means requiring a second piece of information beyond your password. This guide describes the strategy behind two-factor authentication, a few common types of two-factor authentication methods, and how to set it up step by step.

  3. Diceware at CryptoParty Red Hook

    Three Types of Passphrases

    We know from publicly available data breaches that many people use short, predictable passwords, and this introduces unnecessary risk to account safety. This guide introduces three ways to create more secure, and hard-to-predict passphrases — passwords composed of memorable codes and random words.

  4. Combination lock header

    Choosing a Password Manager

    Most people use one or a small number of passwords across multiple websites. The problem is that, if one website you use suffers a password breach, hackers can reuse your password on other websites as well. Password managers help solve this problem by making it easy to generate long, unique passwords across every website, so that if one password is breached, the breach is isolated to just one website. Many password managers even allow you to automatically fill out your credentials on web browsers and your smartphone, making sign-in faster, easier, and more secure.

  5. Passkey header image that reads "Passkeys for beginners" and showing a traditional username and password login form crossed with a red X, and featuring a thumbprint on a computer screen and "log in" button

    Passkeys: Passwordless Logins for Beginners

    You can't get phished if you don't type in your password! This guide gets into the "why" and "how" of using passkeys, which will allow you to log into online services without logging in by simply proving you have an authorized device. Passkeys aren't supported everywhere just yet, so classic two-factor authentication is still usually necessary, but it's worth setting up wherever you can.

Get Notified. Take Action

Sign up to stay up to date and take action to protect journalists and sources everywhere.

See all newsletters
A woman holding a Yes to Free Press sign