Skip to main content
Green textured banner

Protect Your Identity

secure passwords logo

Protect your identity and your data by keeping your username and password safe.

Your username and password (aka login credentials) tell us that you are who you say you are.

Strong and unique passwords are our first line of defense. Only entering these passwords into secure login screens ensures we don’t share those credentials with bad actors.

Multifactor Authentication (MFA) adds an extra layer of security. It’s critical we only approve MFA requests when actively logging into systems with our credentials.

Read on to learn simple, effective ways to protect your identity and enjoy the peace of mind that comes with knowing your data is secure!


Simple steps to protect your identity

Protecting your digital identity

Protecting our usernames and passwords is key to protecting our online identity and important information.

Keep your identity and data safe

Passwords 101

Ready for secure password news you can use? Check out these helpful tips to maximize your online password security.

Boost your password security

MFA: Here, there, and everywhere

Do you know that Multifactor Authentication can be used both at work and for your personal use? Learn more about how you can protect more than just your Yale data and systems.

Learn about using MFA at Yale and at home

Protect your digital identity

Protect Your Identity: Smartphone with Biometric Multifactor Authentication (MFA).jpg

Protecting your online identity is about protecting the information most valuable to you. This applies both at home and at Yale. Your username and password, such as your NetID at Yale, give you access to all types of data and systems. This can include High Risk Yale data, or access to your personal health, financial, or other sensitive information.

Don't give cybercriminals access to your most sensitive data. Take control, build strong defenses, and keep your identity safe.

Login credentials

Usernames and passwords are the keys to your work resources, email, online accounts, and more. These credentials allow criminals to impersonate you, steal further data, or even launch attacks on your contacts.

Don't fall for fake login screens

No matter how strong a password is, it can be compromised by falling victim to phishing attacks or inadvertently revealing it. The web can be a maze of trickery. Fake login pages trying to steal your credentials are no exception. Use these tips to protect your credentials and your identity.

  • Be vigilant: Double-check the address bar for typos or subtle variations before logging in.
  • Go straight to the source: Phishing emails often include links that lead to fake login pages.
  • Use bookmarks: Bookmark trusted websites to avoid using a fraudulent login page.
  • Look for the lock: Make sure the URL includes "HTTPS" (not "HTTP") to ensure your credentials are encrypted.
  • Lock your login: Enable MFA, where possible, for an extra layer of security.

By following these tips, you can shield your identity and keep your data safe. Remember, vigilance is key! Next time you log in, you'll be equipped to navigate the login labyrinth and avoid digital dangers.

Passwords 101

Pick of a padlock with a key inserted

Use strong passwords for all accounts

  • Create passwords that contain 12 or more characters
  • Use a passphrase, where possible. A passphrase is a string of words with spaces for example:
    • My motto is lux et veritas
    • I have the biggest dog on my street
  • Include special characters (such as @ ! * %) if the password is less than 12 characters in length
  • Do not use the same password for different accounts

Information to avoid

  • The names or initials of you, your children, pet, partner, or celebrities
  • Numbers like your birthday, anniversary, or important years
  • Letter or number sequences (e.g., 1234, qwerty, abcd)
  • Personal information like your email, phone number, or address

Remember Yale ITS will never ask for your password by phone or email. If you believe someone has stolen your password or there has been unauthorized access to your NetID account, report it immediately.

Changing your NetID password

You can change your NetID password at any time, a simple process that only takes a few moments.

Password hygiene


  • Use a unique password for each site you log into.
  • Consider using a password manager to keep all your passwords in one place.
  • Use a passphrase that is long in length but easy to remember. This way you don't have to write your password down.


  • Re-use your NetID password on non-work-related websites such as Amazon or Facebook.
  • Display your password in a location where others can find it—this happens more than you think!
  • Share your password with anyone. Your password is your business. Yale ITS will never ask for your password by phone or email.
  • Include your NetID in your passwords. Your NetID password cannot contain your NetID.

Do you know the passwords that are most commonly used are easy to hack? 

Check out this list and be sure you’re not using these easy-to-crack passwords on any of your Yale or personal accounts.

Top 200 most common passwords

Post It Notes with passwords on a laptop

Password Managers

What is a password manager?

A password manager is exactly as it sounds - an application to store and manage your passwords. This can simplify remembering your many different passwords for different accounts. But how do you know those passwords are secure?

Secure password managers use encryption for secure storage. Encryption “locks” the data by converting the stored passwords into unreadable code. The passwords you store can only be unlocked using one master password. 


Can you recommend a password manager?

While Yale doesn’t endorse any one password manager for personal use, we encourage you to review recommendations by PC Magazine for their favorites.

This helpful article recommends password managers for different uses and includes features and prices.

Read password manager recommendations

Did you know using a password manager can also help you avoid entering your credentials on fraudulent websites?

A password manager automatically populates your passwords on websites where you’ve saved a password. If you believe you’re on a website for which you’ve saved a password but your credentials don’t automatically populate, it’s probably a fake website designed to steal your credentials!

MFA: Here, There & Everywhere!

Screenshot of Yale's DUO prompt

Boost security on the sites you access

MFA adds a second layer of security to your accounts. It makes it more difficult for hackers to sign in — even if they know or guess your password.

Yale’s easy-to-use MFA tool is DUO. Find out more about DUO/MFA for a more secure Yale, what this means for you, and where you can get help.


Don’t fall for multi-factor hijacking

Did you know cybercriminals will try to get you to approve MFA requests or provide your MFA credentials? This is called MFA hi-jacking and can be a sign that your NetID account is compromised. 

If you suspect your NetID account has been compromised, call the Yale Information Security 24x7 number: 203-627-4665.

Here’s a few tips to avoid MFA hijacking and keep bad actors out of your accounts.

  • Only approve MFA requests when you are actively logging in to Yale IT Systems.
  • Be wary of frequent or unexpected DUO requests
  • Remember that DUO authentication is typically only required once every 90 days.

Did you know you can use MFA for your personal accounts?

This can include online retailers, bank accounts, retirement accounts, and email accounts.

Additional resources to build your cyber muscles!