This Site Requires JavaScript Enabled.
Action Required!
Please select your Toolkit from the left sidebar.

Step 3

Beyond Simple

Use these tools to implement stronger passwords and setup multi-factor authentication to better protect your devices and accounts.

Creating a Strong Password

Have I Been Hacked

Lock your virtual doors and windows. Just like in the physical world, when you lock everything down, the bad guys may move on. Your accounts and data (such as email, social media profiles, or sources) are valuable assets – to you and criminals. 

Imagine you’re an independent reporter embedded in a war zone. Ever since a rogue nation attacked the country you’re working in, you’ve published a blog with ground truth reporting, firsthand accounts of human rights abuses, profiles of civilian casualties, and troop movements. You’ve built a trusted network throughout the conflict area, and your work has a global reputation so solid, you’ve been cited by United Nations observers. Like many wars, the action sometimes happens at lightning speed, and other times it’s a slow, frozen conflict. And this is a slow news week.

As you’re preparing your weekly newsletter, though, you notice something new on the blog. “Heavy Artillery Moving in from The North, Prompting Immediate Retaliation” reads the headline. You find this deeply confusing – how could this headline be on the top of the page? Why does it have your byline? Who updated your website without telling you? Maybe it was one of your former collaborators.

By the time you click on the link, it’s dead: “404, Page Not Found.” For a minute, you think it was an odd quirk in your hosting platform and go about your work. But when the web traffic report comes in, you’re astounded how many hundreds of thousands of people clicked to your site today. Friends begin sending you screenshots of your website headed with the now-deleted headline, along with images of panicked civilians fleeing for safety up north.

You’ve never changed your passwords, and, indeed, one of your former collaborators let your credentials slip to malicious operatives. Now soldiers and civilians on both sides of the conflict don’t know what’s going on, and people are sure to get hurt.

Several variations of this story happened in 2020 in Poland and Lithuania. Hackers used password vulnerabilities to log into the back ends of several reputable news sites reporting on the tensions between Russia and NATO. Several fake stories were published, including fabricated images of German soldiers desecrating Jewish gravestones.

Though only online for a short amount of time, attackers shared the stories broadly, propaganda sites cited the stories, and they were copied onto other sites. Analysts fear that the high speed of such planted stories can sow chaos in breaking news situations, leading to lost confidence in elections and even possible violence.

Making sure your passwords remain a tightly-held secret can prevent unwanted access to your public-facing sites. If you change them frequently and implement two factor authentication, then you give attackers a moving target that’s much more difficult to breach, and you can also prevent old passwords from coming back to haunt you.

3.1 Tools for 2FA

Narrow your search by selecting your OS
0h 30min

1Password for Journalists

Use this tool to store and access your passwords securely.

Project Galileo
0h 30min

Project Galileo: Cloudflare Access

Use this tool to secure internal applications by aggregating sources of user identity and trust, and enforcing rules on every request or login.

Additional Training & Resources

Explore training courses, videos, sharable content and other resources about this toolbox topic. Browse additional training resources below.

Recently Added NCSC logo

Browser-Based Password Managers

Should I use a browser-based password manager? Many web browsers now come with password managers built in, and they can be...

Read More

GCA Cybersecurity Toolkit Workshop

This GCA workshop provides real-world scenarios and walks participants through the implementation of recommendations through...

Read More
Totem training

Totem Project | Secure Passwords

Totem is an online platform that offers interactive courses to learn how to increase digital security and privacy. The optimal...

Read More
Password Manager logo

Password Manager provides information regarding online and password security, including how to choose the best password...

Read More

Authentication Policy

Use/customize this template to build your company's authentication policy.

Read More

How to Create Strong Passwords

Watch this video to learn how to create strong passwords.

Read More