An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
By Ryan A. Higgins, Department of Commerce Chief Information Security Officer
The 20th anniversary of National Cybersecurity Awareness Month is an excellent reminder that not only are cyber threats still a serious issue, but they have also grown and become more sophisticated. Thankfully, protecting ourselves online has been made easier than ever with the adoption of new technologies to authenticate our identities and growing research into how to leverage the tools available to us. As the Chief Information Security Officer (CISO) for the Department of Commerce, I work closely with the cybersecurity experts at the National Institute of Standards and Technology (NIST). These experts are at the forefront of cybersecurity research.
One consistent theme you’ll hear from NIST and other cybersecurity experts is how human psychology can be exploited by cyber criminals to compromise our accounts. However, research into how we interact online has shown us several straightforward steps we can take to minimize the risk of common behaviors proven to be insecure.
Over the last few years, we’ve seen this research help us better understand one of the first things that comes to mind when we think about online safety–passwords. Previously, the conventional wisdom was to create passwords using special characters, capitalization, numbers, letters, and a variety of arbitrary rules including forcing you to change your password multiple times per year. Research shows each of us did the same thing in response–re-used passwords or created variations of the same password because we’d been asked to memorize dozens of unique passwords for every site, log-in, or application.
Our natural instincts created a weakness in our online security and cyber criminals took advantage. Research on the use of passwords has demonstrated the inherent weakness in expecting users to memorize arbitrarily complex passwords, and the importance of using multi-factor authentication (MFA) to safeguard our private information. Importantly, our thinking has evolved around this topic, and we’ve identified the following practices to better protect ourselves:
These security practices can be combined with others, like updating software and recognizing phishing, for a more secure online experience. I encourage you to take a few minutes to set up a password manager and enable MFA for all your important online accounts.
To sign up for updates or to access your subscriber preferences, please enter your contact information below.
