Strong passwords and two-factor authentication

Passwords are used for protecting your data. Setting up a strong password and two-factor authentication is the easiest thing anyone can do to protect their accounts and data. If you use the same weak password for your email, social media, and in online stores, an attacker could access all your accounts if your password were to be leaked.

It is convenient to choose a simple password that is easy to remember, but it is usually the least secure option. Did you know that there are special programs that can crack internet passwords? Such programs try thousands of different combinations of characters per second until they finally find the right password. Weaker passwords can be calculated by a computer in seconds, while longer and more complex passwords can take years or even decades to crack.

Password recommendations

• Use a different strong password for each account. Only you should know your password. Do not share it with anyone.
• The length of a strong password is at least 12 characters and the password contains both upper- and lowercase letters, numbers, and special characters (%/&).
• To make the password easier to remember, you could use a catchy or funny three-word phrase and replace some letters with a special character, a number, or a capital letter. For example – B@ker5D0zen or Pl@neHas2W1ngs.
• Never use easily recognisable words or numbers as passwords, such as your name, your pet’s name, your birthday, 1234, 0000, qwerty, or similar.
• Only log into your accounts from secure devices. Avoid using public computers (for example at the library or at school), but if you must do it, use an incognito profile, always delete your browsing history, and do not save passwords in the browser. If possible, change your password next time you use a secure device.
• Use a password manager for your complex passwords (free ones are available, such as Keepass, Lastpass). If you decide that you do not want to use a password manager, you can write down or draw your most important passwords on a piece of paper in a way that only you can understand, and keep them out of the reach of others.
• You can check whether your accounts have been involved in a data leak by entering your email address (not your password!) in the search box on the website haveibeenpwned.com (opens in a new window).
  If you suspect that unauthorised persons (even if they are people you know well) have discovered your password, change it immediately.

If the environment offers two-factor authentication, be sure to use it. Two-factor authentication (2FA) is a securityoperation that requires the user to authenticate themselves in two unrelated ways. For example:

• when you log in with your ID card, one form of identification is the ID card itself (something you have) and the other is the PIN (something you know);
• when you log in to your Google account, one form of identification is the password (something you know) and the other form of identification is your phone (something you have), to which a verification code is sent.

Setting up two-factor authentication

• Use two-factor login wherever possible to add an extra layer of security to a strong password. All major service providers – such as Google, Microsoft, Facebook, Apple, and Instagram – offer two-factor authentication.
• How to activate it? On most platforms, such as for Facebook or Gmail accounts, you need to go to the top right corner to view your settings. From there, select security settings and look for two-factor authentication. If you cannot find it that way, enter the platform name and 2FA in a search engine, and you will see detailed instructions among the first search results.
• Choose a method that suits you, such as a text message, then enter your phone number and confirm your number as instructed.

Videos

1:07 min

Strong password?

1:19 min

Different passwords

1:22 min

Two-factor authentication