Refreshing Your Account Security

PHOTO: Male student working on laptop in Turlington Plaza. University of Florida.

UF Information Technology (UFIT) recommends evaluating the security of all of your online accounts. Strengthening your passwords for important accounts such as personal email, online banking access, and social media can protect you from some of the most damaging hacks. 

It is extremely important to use a different password on each site, so hackers can’t use passwords stolen from one account to break into your other accounts. One strategy recommended by security professionals is to use a “passphrase” made up of four or more random, unrelated words. Surprisingly, this is a stronger password than one made up of random letters and characters and is much easier to remember!  UF requires strong passwords for GatorLink account credentials. A common misconception about your GatorLink credentials is that you can’t use words found in a standard American dictionary as your password. But if your password is longer than 18 characters, then words are allowed. So, the next time you update your UF credentials, consider using a passphrase.

UFIT also recommends setting up multi-factor authentication (MFA) on your non-UF critical accounts. MFA solutions for external applications work like how Duo Mobile works at UF: your mobile device generates a one-time access code that you enter to access the account. By configuring MFA on your accounts and using the ‘Authenticator App’ option when doing so, you add an extra layer of security even if hackers compromise your password. All mobile devices can store MFA codes in the same Duo Mobile app you already use for UF. Alternatively, Apple devices can store those MFA codes in iCloud Keychain, where they will sync and autofill across your personal devices (including Windows via the iCloud application).

Beyond MFA, some companies now offer support for passkeys. A passkey uses an on-device verification mechanism, such as Face ID or a screen lock passcode, to verify your identity and allow access to an online account. Passkeys by design are more secure than passwords and provide protection against phishing, because they don’t require you to remember anything! Check out this demo to discover how passkeys work and visit the Passkey Directory for a list of websites that support passkeys today. 

Taking steps to secure your accounts is an investment in protecting your identity, money, and online image and reputation. For more information on creating secure passwords: