Skip to main content

Securing Your Information: Best Practices for Passwords, Authentication and Email

A close-up photo of a man on a laptop in his living room.

PURE Staff


Record-high rates of cyberattacks continue to impact U.S. consumers. According to The Identity Theft Research Center, there were more than 340 million victims last year1. The total cost of these crimes is expected to reach $10.5 trillion by 20252.

Whether you are logging on to your work or personal email, accessing your bank account or signing into your Instagram, these best practices can keep hackers at bay and reduce your chances of falling victim to a cyber-related crime.

Passwords

While it may seem small, the importance of strong passwords cannot be overstated, particularly when you’re using services like cloud-based email or online banking. Here are a few recommendations to help you log in more securely.

  • Add unique characters and special symbols. Use special characters, numbers or capital letters in the middle of your password rather than only at the beginning or end.
  • Avoid personal information. Never use your birth date, social security number, mother’s maiden name or other personal information as part of your password.
  • Do not reuse passwords. Do not use the same passwords across different websites and services.
  • Use obscure security questions. Avoid password reset questions that anyone could answer by simply researching you or your family online.
  • Always use a passcode for apps and mobile devices. Adjust the settings on your devices so they lock if they are idle for sixty seconds or more.

Multifactor authentication

Also known as two-step authentication, this typically combines something you know (like your login credentials) with something you have (like your device) and something you “are” (like your fingerprint). The use of multiple data points together can greatly improve security because a hacker would need to complete multiple authentication requirements—one of which may involve a physical identifier, like a fingerprint—to access your account.

Multifactor authentication can be enabled on devices; in email; and on most banking, investing and social media websites.

Note that the prevalence of multifactor authentication as a security measure has led to a rise in fraudulent porting of cellphone numbers. Using this technique, criminals redirect your cellphone number to their own phone in order to complete your multifactor authentication requirements. Contact your wireless carrier to inquire about the security measures they offer to help you protect your account.

Email is one of the most common methods by which cybercriminals gather information or commit crimes. Phishing and ransomware attacks are both prevalent and potentially devastating. The information that could be exposed could enable a criminal to access bank accounts, intercept purchases and hold valuable and confidential files hostage.

  • Phishing. It’s a common situation experienced by many: you open an email containing a short urgent message or a trusted company tells you your account is at risk. In 2023, there were almost five million phishing attacks, the worst year on record for this type of cybercrime3. Emails that arrive unexpectedly and require prompt action are often phishing emails, designed to make you reveal personal information like passwords and credit card numbers.
  • Ransomware. Some fraudulent emails contain attachments or links that enable a cybercriminal to install ransomware—malicious software enabling them to hold your files or system “hostage” until you pay a sum in ransom. Scrutinize any email sent with an attachment, especially if the message was unsolicited or urges you to take immediate action. Never open an attachment from someone you do not know.

Fighting email fraud

To help you avoid falling victim to malicious emails, here are some questions to ask yourself as you're reading through your inbox.

An unsolicited email warrants extra caution. If you weren’t expecting it, read the email carefully before clicking any links or responding to the sender.

Check the sender’s email address to make sure every single character is accurate. When hackers try to replicate an email address you would recognize, there will likely be an extra character that may go easily unnoticed if you aren’t looking closely.

Look for misspellings, grammar mistakes or logos that aren’t quite right.

Legitimate companies should never ask for personal information through email. If you receive a link via email to log in to your account, don’t click on it. Instead, use your browser search bar to find the official site for the company and log in from there.

Be wary of communications that make an unrealistically attractive offer. Phishing emails often have a sense of urgency in the language. If the sender seems to be pushing too hard, question the validity of the message.

Don’t click until you confirm. Hover over hyperlinks within the message, but don’t click—this should allow you to see a preview of the web address that is hyperlinked. If it’s not a website you are expecting, do not click on the link.