Stump the chumps. Create strong passwords and use Multifactor Authentication (MFA).
Your password tells us that you are who you say you are.
A bad password keeps scammers in your rearview mirror. A better password places them in another state.
The best passwords use Multifactor Authentication (MFA). This one-two punch adds a layer of protection, making it almost impossible for them to catch you.
Power up your passwords!
Use strong passwords for all accounts
- Create passwords that contain 12 or more characters
- Use a passphrase, where possible. A passphrase is a string of words with spaces for example:
- My motto is lux et veritas
- I have the biggest dog on my street
- Include special characters (such as @ ! * %) if the password is less than 12 characters in length
- Do not use the same password for different accounts
Information to avoid
- The names or initials of you, your children, pet, partner, or celebrities
- Numbers like your birthday, anniversary, or important years
- Letter or number sequences (e.g., 1234, qwerty, abcd)
- Personal information like your email, phone number, or address
Remember Yale ITS will never ask for your password by phone or email. If you believe someone has stolen your password or there has been unauthorized access to your NetID account, report it immediately.
- Use a unique password for each site you log into.
- Consider using a password manager to keep all your passwords in one place.
- Use a passphrase that is long in length but easy to remember. This way you don't have to write your password down.
- Re-use your NetID password on non-work-related websites such as Amazon or Facebook.
- Display your password in a location where others can find it—this happens more than you think!
- Share your password with anyone. Your password is your business. Yale ITS will never ask for your password by phone or email.
- Include your NetID in your passwords. Your NetID password cannot contain your NetID.
Do you know the passwords that are most commonly used are easy to hack?
Check out this list and be sure you’re not using these easy-to-crack passwords on any of your Yale or personal accounts.
MFA: Here, There & Everywhere!
Boost security on the sites you access
MFA adds a second layer of security to your accounts. It makes it more difficult for hackers to sign in — even if they know or guess your password.
Yale’s easy-to-use MFA tool is DUO. Find out more about DUO/MFA for a more secure Yale, what this means for you, and where you can get help.
Don’t fall for multi-factor hijacking
Did you know cybercriminals will try to get you to approve MFA requests or provide your MFA credentials? This is called MFA hi-jacking and can be a sign that your NetID account is compromised.
If you suspect your NetID account has been compromised, call the Yale Information Security 24x7 number: 203-627-4665.
Here’s a few tips to avoid MFA hijacking and keep bad actors out of your accounts.
- Only approve MFA requests when you are actively logging in to Yale IT Systems.
- Be wary of frequent or unexpected DUO requests
- Remember that DUO authentication is typically only required once every 90 days.
Did you know you can use MFA for your personal accounts?
This can include online retailers, bank accounts, retirement accounts, and email accounts.
Using Password Managers
What is a password manager?
A password manager is exactly as it sounds - an application to store and manage your passwords. This can simplify remembering your many different passwords for different accounts. But how do you know those passwords are secure?
Secure password managers use encryption for secure storage. Encryption “locks” the data by converting the stored passwords into unreadable code. The passwords you store can only be unlocked using one master password.
Can you recommend a password manager?
While Yale doesn’t endorse any one password manager for personal use, we encourage you to review recommendations by PC Magazine for their favorites.
This helpful article recommends password managers for different uses and includes features and prices.
Did you know using a password manager can also help you avoid entering your credentials on fraudulent websites?
A password manager automatically populates your passwords on websites where you’ve saved a password. If you believe you’re on a website for which you’ve saved a password but your credentials don’t automatically populate, it’s probably a fake website designed to steal your credentials!
Additional resources to build your cyber muscles!
- Download our Use Secure Passwords infographic.
- Adding MFA to a Google account
- Adding MFA to an Amazon account
- Sign up for cybersecurity awareness alerts and subscribe to our Bee Cyber Fit monthly tip, newsletter, and podcast.
- Request cybersecurity awareness training, presentations, and activities for your team or department.