#LockDownURlogin




Why Should You Lock Down Your Login?

72 percent of Americans believe their accounts are secure with only usernames and passwords, yet every two seconds there is another victim of identity fraud. Your usernames and passwords
are not enough to keep your accounts secure.
You have enough to worry about, so what can you do about it?

Luckily, there’s a simple and quick way to put you in control of your personal information and keep your key accounts like email, banking and social media safer - it's called strong authentication.

What is Strong Authentication?

Strong authentication – sometimes called multi-factor or two-factor authentication or login approval – goes beyond just a username and password and is a way to lock down your login. Many online services, including apps and websites, offer free options to help you protect your information and ensure it’s actually you trying to access your account – not just someone with your password.







Here are some of the ways you can lock down your login:






  • Security key
    Using a small device, such as one that plugs into your USB port, that you have in your possession when logging in.



  • Biometric
    Using fingerprint or camera, typically found on your mobile device, tablet or PC, to verify it’s you logging in.



  • One-time code
    Using a unique code that you enter into a website or application sent to you as a text or provided by an app on your mobile device.



How to Turn It On


There are many ways to lock down your login. Here you’ll find easy ways to enable both the most common and the most innovative strong authentication techniques.

Click here to learn how to turn on strong authentication on other websites and services.


Select a service to see setup instructions




Lock down your login: Fortify your online accounts by enabling the strongest authentication tools available, such as biometrics, security keys or a unique one-time code through an app on your mobile device. Your usernames and passwords are not enough to protect key accounts like email, banking and social media.

Spread the Word

Tell your friends and family about how to protect themselves.
The more people that lock down their login, the safer we all are.

Use #LockDownURlogin


Frequently Asked Questions


If I turn on strong authentication, will I have to take an extra step every time when logging in to my account?

Not necessarily. For many services you will only need to take the extra step when logging in from a new device or in a different manner than you have previously.

 
What is the purpose of the Lock Down Your Login campaign?

The “Lock Down Your Login” campaign, a key public-facing pillar of the multifaceted Cybersecurity National Action Plan (CNAP) announced by the White House in February 2016, is a STOP. THINK. CONNECT.™ initiative led by the National Cyber Security Alliance and developed by a coalition of industry leaders and like-minded organizations working in collaboration with government, who understand the importance of cybersecurity awareness and education. The campaign was built upon a broad, coordinated effort to increase consumer awareness of our individual and collective roles in cybersecurity.

What is STOP. THINK. CONNECT.™?

STOP. THINK. CONNECT.™ is the global cybersecurity education and awareness campaign. The campaign was created by an unprecedented coalition of private companies, nonprofits and government organizations with leadership provided by the National Cyber Security Alliance (NCSA) and the Anti-Phishing Working Group (APWG). The U.S. Department of Homeland Security leads the federal engagement in the campaign. Learn how to get involved at stopthinkconnect.org

Why aren’t usernames and passwords enough to protect my online accounts?

Hackers are resourceful, and using just a username and password is no longer enough to keep your accounts secure. Anyone with your username and password can access your account. Locking down your login ensures it’s actually you trying to access your account by offering multiple forms of verification by using a security key or physical feature such as a thumbprint or entering a one-time code through an app on your mobile device. In addition, many people use the same password for several accounts, making your accounts even more vulnerable to cybercriminals. 

What is strong authentication?

Strong authentication – goes beyond just a username and password and is a way to lock down your login that typically includes multi-factor or two-factor authentication. It helps you prove you are who you say you are by providing multiple forms of verification – like something you know, have and/or are. You already do this in your everyday life. Examples include showing multiple forms of ID when completing your I-9 form at a new job and using an ATM that requires your bank card (something you have) and a 4-digit PIN (something only you know)

If I lock down my login, can it help to protect my identity?

Yes! While no security measure is foolproof, adding a layer of protection beyond just a username and password makes it significantly harder for hackers to access your online accounts and personal information.

Does it cost anything?

No – most of the popular online accounts and services offer strong authentication technologies for free. 

Turning on strong authentication sounds complicated; is it?

No – many popular online services and websites have made locking down your login quite easy. Take a look at the “How to Turn It On” section for a step-by-step guide to enabling strong authentication on a variety of services. A better-protected account could be just a few clicks away. 

If I turn on strong authentication, what type of information is collected about me?

Most of the time, turning on strong authentication will be as simple as downloading an app or submitting your phone number. For more information about how your information is collected and used by a website, service or app, check the company’s privacy policy.

If I turn on strong authentication using my biometrics, what happens to my data?

Biometrics, such as fingerprints, facial recognition, voice recognition, or iris-scans, are increasingly being used to protect your account. The security of storing biometric information can vary. For example, when unlocking a phone with a fingerprint, the phone typically uses and stores a representation of the fingerprint, locally affording users more control over their biometric data.

Biometrics used to access online accounts may be handled differently. They may be stored locally or centrally—in the cloud or on a company’s servers. For example, the FIDO Alliance is an industry group that establishes strong authentication standards. Web services and apps using the FIDO standard store biometric data locally on your device, where it can be better protected from hackers attempting to breach the services that you use. Other approaches capture biometric data locally and transmit it over a network to another location for storage.

You should be aware of how companies capture, transmit and store your biometric data by reading the company’s privacy policy and understanding where your biometric data may be stored.

What if strong authentication isn’t offered on a website or app?

Not every site or service currently offers a strong authentication option. Always double-check with the company and ask if added protection is available. It may not always be evident at first glance. If a site you use does not yet offer that option, implement password best practices by creating a strong password that you only use for that site. Contact companies to let them know that you care about security and request they add strong authentication options. You can find more information and online safety resources here:  https://www.stopthinkconnect.org/lockdownyourlogin

Are passwords going away?

While many people believe that passwords have outlived their shelf life, passwords are likely to be around for some time. You might still need to use a username and password to log in as part of the strong authentication process. Therefore, it’s important to still create a strong password – a sentence that is 12 characters or longer and is easy for you to remember – for each account you have and that you only use for that site.

Where can I learn more about ways to stay safe online?

For more information about how to secure your online accounts and stay safe online, visit https://www.stopthinkconnect.org

Are there free online tools that can help me learn more about strong authentication?
Yes. Hacksy, created by Decoded, is a free and simple security tool that can help you check your passwords, repair leaked or hacked accounts and activate strong authentication. Learn more at https://hacksy.decoded.com.
Where can I find supporting research for the Lock Down Your Login campaign?

All of the facts referenced in the Lock Down Your Login campaign can be found in the research fact sheet at https://stopthinkconnect.org/resources/preview/ldyl-research-fact-sheet.

 

 

Media Contact

Tola St. Matthew-Daniel
Thatcher+Co.
917.818.6196
ncsa@thatcherandco.com

About Us
STOP. THINK. CONNECT.™ is the global cybersecurity education and awareness campaign. The campaign was created by an unprecedented coalition of private companies, nonprofits and government organizations with leadership provided by the National Cyber Security Alliance (NCSA) and the Anti-Phishing Working Group (APWG). The U.S. Department of Homeland Security leads the federal engagement in the campaign. Learn how to get involved at stopthinkconnect.org.

Visit Website