- Home
- Our Programmes
- Campaigns and Outreach
- Cybersecurity Campaigns
- "Stop and Check" Campaign
- Enable 2FA and Use Strong Passphrases
Enable 2FA and Use Strong Passphrases
Notified of suspicious login attempts? Stop and Check if it's real
On this page
Enable Two-Factor Authentication (2FA) where available
Enabling 2FA ensures that if your password is phished or compromised, your account will be protected if the cybercriminal is unable to receive the second factor.
2FA uses more than one type of information to identify who you are to grant you access to your online account. The first factor in 2FA is usually something that you know, such as a password, while the second factor is usually something you have, such as a One-Time Password (OTP) from a digital token or an SMS that is sent to your mobile device. Another form of authentication involves biometrics, which includes fingerprints and face recognition. This second layer of security ensures that even if hackers obtain your password, your account is still protected if they are unable to get hold of the second factor.
2FA is readily available for many of your online accounts, including your email and social media accounts.
Use Strong Passphrases
Cybercriminals can use automated tools to steal your passwords. They can conduct dictionary or brute-force attacks to guess your password by checking it against ‘password dictionaries’, which compile lists of commonly-used passwords and character combinations. The shorter and less complex your password is, the quicker it is for cybercriminals to hack. For example, the password ‘123456’ can be hacked in less than one second.
Passphrases are passwords, but longer and made up of a string of words. Strong passphrases are important for keeping your online accounts and personal information safe from cybercriminals.
How to Create a Strong Passphrase
A passphrase that is long (with at least 12 characters) and random is harder to guess. Here’s how to create a strong passphrase that you can remember easily.
Step 1: String together five different words that relate to a memory that is unique to you. For example, you may have learnt to ride a bike when you were five years old.
Step 2: Use uppercase and lowercase letters, numbers or symbols to make it even harder to crack. e.g. Learnt2RIDEabikeat5
Do remember not to use personal information such as your name, NRIC or birthdate, or other easily obtainable information such as those found on your social media accounts. Ensure that your passphrase does not have an obvious pattern and is unpredictable. Some examples include:
- Using commonly-used phrases e.g. maytheforcebewithyou, 
- Capitalising the first letter of the password e.g. Livelongandprosper 
- Adding a number at the end e.g. password1 
- Replacing a letter with a number or symbol e.g. p@ssw0rd 
Maintain Good Password Hygiene
It is important that you also take steps to maintain good password hygiene:
- Use different passwords for each of your online accounts 
- Don’t share your passwords with anyone or write them down 
- Don’t log in to online services over unsecured Wi-Fi networks 
- Don’t reveal your passwords or OTP in response to unsolicited phone calls, emails or messages as it could be a phishing scam 
If you believe that your password has been compromised, change it immediately and check your accounts for signs of unauthorised activity.
Use Reputable Password Managers
A password manager is a software application designed to store and manage your passwords.
Using a password manager will only require you to remember the master password that unlocks the password manager, eliminating the need to remember multiple passwords for multiple accounts.
Select a reputable one with 2FA so that even if cyber criminals have the primary password, they will be unable to access your account. Consider product reviews on reputable websites and only download them through official app stores such as the official Play Store (Android) and App Store (iOS).
Remember, even if your passwords are hard to guess with the usage of passphrases, they can still be stolen from an organisation that suffers a data breach.
By enabling 2FA, it can help to keep cybercriminals out of your accounts even if they know your passwords.
Resources


