It seems like every week we hear about a new data breach involving passwords, and as frequent targets of digital attacks, journalists are at particular risk. Most online attacks, however, aren’t fancy. Attackers most commonly try to access your accounts by guessing short, predictable passwords, or by sending phishing emails designed to trick you into sending them your credentials in a malicious login webpage. Fortunately, the defenses are also simple. These guides and resources will help you learn how to protect information in online accounts.
One of the most common security threats journalists face is phishing — convincing you to enter your real credentials in a fake login form. Read about how to identify hints of phishing, and some simple defenses.
One of the best, and easiest, ways to strengthen login security is by enabling two-factor authentication. This just means requiring a second piece of information beyond your password. This guide describes the strategy behind two-factor authentication, a few common types of two-factor authentication methods, and how to set it up step by step.
We know from publicly available data breaches that many people use short, predictable passwords, and this introduces unnecessary risk to account safety. This guide introduces three ways to create more secure, and hard-to-predict passphrases — passwords composed of memorable codes and random words.
Most people use one or a small number of passwords across multiple websites. The problem is that, if one website you use suffers a password breach, hackers can reuse your password on other websites as well. Password managers help solve this problem by making it easy to generate long, unique passwords across every website, so that if one password is breached, the breach is isolated to just one website. Many password managers even allow you to automatically fill out your credentials on web browsers and your smartphone, making sign-in faster, easier, and more secure.
You can't get phished if you don't type in your password! This guide gets into the "why" and "how" of using passkeys, which will allow you to log into online services without logging in by simply proving you have an authorized device. Passkeys aren't supported everywhere just yet, so classic two-factor authentication is still usually necessary, but it's worth setting up wherever you can.