This Site Requires JavaScript Enabled.
Action Required!
Please select your Toolkit from the left sidebar.
Action Required!
Please select your Toolkit.

Step 3

Beyond Simple
Passwords

Use these tools to implement stronger passwords and setup multi-factor authentication to better protect your devices and accounts.

Creating a Strong Password

Have I Been Hacked

Lock your virtual doors and windows. Just like in the physical world, when you lock everything down, the bad guys may move on. Your accounts and data (such as email, social media profiles, or sources) are valuable assets – to you and criminals. 

Imagine you’re an independent reporter embedded in a war zone. Ever since a rogue nation attacked the country you’re working in, you’ve published a blog with ground truth reporting, firsthand accounts of human rights abuses, profiles of civilian casualties, and troop movements. You’ve built a trusted network throughout the conflict area, and your work has a global reputation so solid, you’ve been cited by United Nations observers. Like many wars, the action sometimes happens at lightning speed, and other times it’s a slow, frozen conflict. And this is a slow news week.

As you’re preparing your weekly newsletter, though, you notice something new on the blog. “Heavy Artillery Moving in from The North, Prompting Immediate Retaliation” reads the headline. You find this deeply confusing – how could this headline be on the top of the page? Why does it have your byline? Who updated your website without telling you? Maybe it was one of your former collaborators.

By the time you click on the link, it’s dead: “404, Page Not Found.” For a minute, you think it was an odd quirk in your hosting platform and go about your work. But when the web traffic report comes in, you’re astounded how many hundreds of thousands of people clicked to your site today. Friends begin sending you screenshots of your website headed with the now-deleted headline, along with images of panicked civilians fleeing for safety up north.

You’ve never changed your passwords, and, indeed, one of your former collaborators let your credentials slip to malicious operatives. Now soldiers and civilians on both sides of the conflict don’t know what’s going on, and people are sure to get hurt.

Several variations of this story happened in 2020 in Poland and Lithuania. Hackers used password vulnerabilities to log into the back ends of several reputable news sites reporting on the tensions between Russia and NATO. Several fake stories were published, including fabricated images of German soldiers desecrating Jewish gravestones.

Though only online for a short amount of time, attackers shared the stories broadly, propaganda sites cited the stories, and they were copied onto other sites. Analysts fear that the high speed of such planted stories can sow chaos in breaking news situations, leading to lost confidence in elections and even possible violence.

Making sure your passwords remain a tightly-held secret can prevent unwanted access to your public-facing sites. If you change them frequently and implement two factor authentication, then you give attackers a moving target that’s much more difficult to breach, and you can also prevent old passwords from coming back to haunt you.

3.1 Tools for 2FA

Select “Tools for 2FA” under the Category menu, and choose any one of the tools listed to assist you managing your 2FA.

Narrow your search by selecting your OS
Type
1
Level
0h 30min
Time

LastPass

Use this tool to help generate strong passwords, as well as manage and store all your passwords.

Type
1
Level
0h 30min
Time

1Password

Use this tool to store and access your passwords securely.

Additional Training & Resources

Explore training courses, videos, sharable content and other resources about this toolbox topic. Browse additional training resources below.

Understanding Cyber Risk for Journalists

GCA created the GCA Learning Portal to offer additional training and resources supplemental to the Cybersecurity Toolkit....

Read More

Authentication Policy

Use/customize this template to build your company's authentication policy.

Read More

How to Create Strong Passwords

Watch this video to learn how to create strong passwords.

Read More

Why Password Reuse is Dangerous

Watch this video to understand the importance of creating and maintaining strong, unique passwords.

Read More