Protecting your digital security is better when everyone works together. It goes well beyond a simple password. It means building a security relationship with the organization you're dealing with - like a business, website, school or club.
You can build the best relationship with a series of important steps.
STEP ONE
You should start relationships by following good security practices at the very beginning. This means creating a unique username for each new account. It should not be based on your email address or other usernames.
Also, create a strong, unique passphrase as your password, and make sure to turn on other available security measures, like extra passcodes and multi-factor authentication.
These measures will help protect your digital identity. They will also help those companies you are doing business with confirm who you are. Those companies want to protect your account, so these added measures give both sides added comfort and confidence that the right person is accessing the right account. Sharing complete and accurate information will allow the company to use all available security measures and verification methods to protect your account.
STEP TWO
Once you start strong, stay strong. Keep using those security measures and don't disable or weaken any of them for convenience. A few moments to log in is nothing compared to the personal cost associated with a hacked account.
STEP THREE
Make your security relationship stronger by protecting information and not sharing with anyone. Any information you use to establish an account or that the company shares with you - even as simple as a recent billing amount - can be used by a bad guy to break into your account.
Guard the unique security information protecting your accounts – including a PIN or passcode sent for authentication. Make sure you are not innocently sharing things on social media that bad guys could use to get in. And always keep your guard up for unsolicited requests for information. Don’t fall for social engineering.
In order to best protect your accounts and devices, don't share your log-in credentials with anyone - not even friends and family members. Each time you share your ID and password combination, it potentially weakens your security.
SECURITY DEFINITIONS
There are some consistent ways companies may help secure your account and confirm your identity. But companies may call them different things, so it can be confusing. We'd like to help you figure out which is which.
Username
This is the first half of your credentials. Create a unique username for each online and digital account to help prevent someone from getting log-in credentials for one account and being able to use them to access other accounts you own. The best 'first line of defense' is to combine unique log-in IDs with unique passphrases for each account.
Strong Passphrase (a.k.a. password)
The latest guidance about passwords suggests transitioning to long phrases from single words or a series of random characters. These longer passphrases are more secure and can actually be easier to remember. They can still incorporate various characters and numbers, and don’t need to be changed as frequently. You can read more about passphrases here.
Added account passcode (some companies may call this an account PIN)
A passcode is another layer of secret information you and the company can include to protect access to an account. It can be used to quickly confirm your identity and should never be shared unless you initiated the access request. Companies won't just call and ask you for this and say it needs to be confirmed or changed. These security elements may be numbers or a word.
One-Time PIN/Verification code
This is a one-time temporary code which is normally sent to you through a text message to confirm your request to access an account. It’s intended that only you will receive it and use it to verify your identity. Companies may call this a PIN (personal identification number), OTP (one-time PIN or password), verification code, sign-in code, etc. Whatever they call it, do not share it with anyone. You can learn more about authentication methods in our blog.
Security Questions
When choosing and answering security questions make sure information is not easy to find or posted on your social media platform, such as where you went to high school or your pet's name. Select different questions for different accounts and try to use ones that only you would know the answer.
FINAL REMINDERS
The most important thing to remember is you should never share any of these items with anyone else – username, passphrase, PIN or passcode, one-time temporary codes, or answers to security questions.
It's a RED FLAG if you get an unsolicited email, text or phone call asking you to share security information. Companies will not contact you and ask you to share a password or code.