How to Create Strong Passwords, Electronic Freedom Foundation (2021)
Why You Need a Password Manager. Yes, You., A. Cunningham (2021). Wirecutter: The New York Times
- Sign Up for free enterprise account through Cornell
- An instructional video (unofficial)
For your most important or most sensitive accounts, consider enabling two-factor authentication (2FA). But don’t use plain SMS texting as your method.
Instead, use an authenticator app, a hardware token — or both, which lets each act as a backup for the other.
Authenticator apps are free for individual end users (like you) because their profit comes from the tech companies that pay for them to be compatible with their sites, and by enterprise customers (like Cornell).
- You probably already use one authenticator app — Duo Mobile — to access your Cornell account. Follow these instructions to add third-party accounts to Duo Mobile.
- Authy is another free and trustworthy authenticator app.
- Authenticator apps explained: There’s a Better Way to Protect Yourself from Hackers and Identity Thieves, S. Morrison (2021). Vox recode.
Authentication with a Hardware Token
A hardware token is the most secure form of 2FA. It’s a small physical item that looks slightly like a thumb drive. Keep it with you — on your keychain, for example — and plug it into your device’s USB or Lightning drive with you need authentication.
- The Yubikey is the most popular brand of authenticator hardware token.
- Hardware tokens explained: Simplify and Secure Your Online Accounts with a Yubikey, J Colt (2018). WIRED.
Writing by Targeted Academics
Confronting Anti-Asian Racism: A Statement on (In)visibility and Online Targeted Harassment, Reanna Esmail (2021). Up//root.
“Are You Willing to Die For This Work?” Public Targeted Online Harassment in Higher Education: SWS Presidential Address, Abby L. Ferber (2018). Gender & Society 32(3).
Risk Assessment one-pager, Electronic Frontier Foundation (2019).
- Create a long, memorable password for your password manager and any other important accounts you’d like to protect. Figure out a strategy for remembering these.
- Set up a password manager and get comfortable using it.
- Ensure that all the passwords in your manager are unique.
- Decide which accounts you will use 2FA with, whether you will use an authenticator app, a hardware token, or both, and set them up.
- Write to us if you get stuck during any of the above steps. Make a list of your additional questions .
- Remember that security is not an all-or-nothing proposition! Each step you take makes you more secure than you were before.