Skip to content

How to secure your online accounts

Our various online accounts can store a lot of private data, such as bank information, credit card numbers, home addresses, phone numbers, etc., making each of us a prime target for phishing, social engineering, and identity theft. With so much on the line, isn’t it worth taking a few minutes to ensure you use a strong password and multifactor authentication, update default account settings, or review your social media posts for sensitive information?

An infographic with facts about passwords.

Select the image for a larger version.

An infographic on passwords, with the Cybersecurity Awareness Month logo in the top right and a pink to blue gradient for a background. A line flows from top to bottom with blue-pink dots marking important facts.

Fact 1: Text that reads, "70% of people admit they use the same password for more than one account." to the left of a jumble of numbers.

Fact 2: Text that reads, "43% of adults have shared their password with someone." to the right of an illustration of a man with brown skin, dark hair, and a beard talking on the phone. The man wears a blue shirt and black pants. A speech bubble filled with asterisks is above his head.

Fact 3: Text that reads, "31% of people keep track of their passwords by wiring them down in a notebook." to the left of a green notebook with gray lined and unlined pages, one of which is turning to the next page.

Fact 4: Text that reads, "65% of Americans don't trust password managers." to the right of an illustration of a man in a black suit and red tie standing with his arms and ankles crossed next to a trash can with a key being placed inside. Around him, locks with pink wings.

Fact 5: Text that reads, "Using a password manager is far superior to other ways of keeping track of your passwords." to the left of a person sitting in a pink hammock. The person, who has brown hair, wears a green shirt and gray pants, and holds a laptop with a pink lock on the screen.

Fact 6: The Consumer Reports logo above text that reads, "reviews password managers to help you pick one" next to green letters."

Learn more at:

Strong passwords

The first step to securing any account is a strong password. Cybercriminals trying every possible password combination can crack a weak password in a matter of hours. The same process may take more than a lifetime if the password is longer, contains lower- and uppercase letters, and uses numbers and special characters, especially when arranged randomly.

Use passwords that cannot be easily guessed, and protect your passwords from others.

  • Do not share your usernames or passwords.
  • Avoid writing usernames and passwords down.
  • Consider using a password manager, which securely stores your passwords across all devices.

The following passwords are weak as they can be easily guessed or deciphered.

  • Eric1995
  • Pa$$word
  • ILikeTurtles

Strong, cryptic passwords contain a mixture of numbers, symbols, and uppercase and lowercase letters. You can create a strong and unique password by using a phrase and incorporating acronyms and shortcut codes.

A strong password should also be:

  • A minimum of 14 characters (as recommended by Microsoft), but the longer the better! 
    • While the U requires a minimum password length of eight characters, increasing password length by even a single character makes it 93 times harder for a criminal to crack.  
  • Difficult to guess. 
    • It should not include personal information, such as usernames; names of family, friends, or pets; birthdays; addresses; hobbies; etc. 
  • Unique for every account, especially critical accounts, such as banking. 
    • Stolen passwords are often posted online for other threat actors to use. If one of your passwords is cracked on one site, a criminal may try using that password on other websites to gain access to more of your accounts.

The following passwords are strong:

  • 2BorNot2B_ThatIsThe?
  • $ponge808_[]pant$
  • !The1Rain2In3Spain4Falls5Mainly6On7The8Plains!

You should password-protect all of your devices. Try our secure password tester to check if your passwords are strong enough or if you should change any of them.

An infographic with facts about multifactor authentication.

Select the image for a larger version.

An infographic on multifactor authentication, with the Cybersecurity Awareness Month logo in the top right and a dark blue to light blue gradient for a background. A line flows from top to bottom with green dots marking important facts.

Fact 1: Text that reads, "There are over 15 billion passwords for sale by cybercriminals on the dark web." to the left of a male robber wearing a black mask and black T-shirt and holding a pink bag over his shoulders. Above him, a light gray cloud rains down gold coins with the dollar symbol.

Fact 2: Text that reads, "81% of breaches leverage stolen or weak passwords." above an illustration of a password field with an open gold and silver lock to the right and one pink line and four white lines next to text that reads, "Weak."

Fact 3: Text that reads, "99.9% of account hacks could have been blocked by MFA." to the left of a smiling illustration of a yellow sun, holding a phone with a white fingerprint on the yellow screen. From the screen, yellow light glows outward to the top left, shining on the percentage in white text.

Fact 4: Text that reads, "Nearly 1/2 of people surveyed say they have never heard of MFA." to the right of an illustration of a man and a woman. The woman, who has dark hair and wears a green T-shirt and pink pants, holds a tablet. The man, who has medium gray hair and wears a light gray T-shirt and black pants, holds a phone. There is a speech bubble with a pink question mark inside it above his head.

Fact 5: Text that reads, "MFA means using your password plus a code sent to your email or phone, or a notification sent to an authenticator app on your phone, or a biometric like your fingerprint." to the left of an illustration of a wrist and hand holding a phone with a white bar containing black asterisks and a gray fingerprint.

Fact 6: Text that reads, "When you use MFA on your accounts, it means a cybercriminal can't access your account with just your password alone." to the right of a pink circle that contains a white lock with four asterisks and a keyhole.

Learn more at:


Multifactor authentication (MFA)

A strong password is only half the battle in keeping your account secure. Also known as two-factor authentication (2FA) and two-step verification, multifactor authentication (MFA) is a highly effective step in securing your account. MFA can take multiple forms, all of which ensure that you are the only one accessing your account.

MFA methods include:

  • A verification code received by email or text
  • Biometric identification, such as facial recognition
  • An additional security question
  • A code from an authenticator app like Duo Security
  • A secure hardware token

The University of Utah requires Duo Security to access university accounts and resources, such as UMail, UBox, Campus Information Services (CIS), and Canvas. Duo’s mobile app works on most smartphones and tablets, and is the preferred method of authentication. You may also purchase a Duo token through the U Campus Store. You can manage Duo 2FA for your U accounts through the Duo Management Portal.

Sharing information on social media

What you share on social media could compromise your account. For example, one common way to reset passwords is by answering security questions, and if you’re not careful, someone may be able to guess your answers from your social media and break into your accounts.

Common social media mistakes include:

  • Providing excessive personal information
  • Ignoring privacy settings
  • Using an easy-to-guess password
  • Commenting on or sharing posts that ask, “What is your favorite hobby?” or “What was your first car?”
    • Online services often use these common security questions as part of the password reset process
  • Not using MFA

What you can do:

  • Be careful about what you share
  • Set your profiles and accounts to private so only your friends can access your posts and information
  • Do not accept unknown connection/friend requests
  • Use complex passwords
  • Turn on MFA when available
Last Updated: 9/16/22