Take small steps to secure your identity online

Have you ever taken a tally of every account you are signed up with? According to a 2021 study, the average person has nearly 100 passwords and associated accounts (i.e. credentials). Whether or not these accounts are active, we all run the risk of having this information exposed and misused. Given this shocking average, it’s important to take simple steps to ensure your identity is protected in cyberspace.

While the use of multi-factor authentication (MFA) can mitigate the threat of credential misuse by requiring at least two pieces of evidence (e.g. password and code sent to mobile phone) to confirm a user’s identity, not all organizations or users have adopted this preferred method of authentication. When MFA is not yet available, the simplest action you can take is to make informed choices when creating passwords, including what mode of protection you apply to them. Cybercriminals are always finding a new way to circumvent what were previously thought to be secure online environments.


A secure way to store passwords is to use an electronic password manager that allows the use of MFA. Not only can a password manager generate strong passwords, but it can also hide them from view. Most password managers will only allow you to view your passwords via MFA. The password manager also generates completely unique and long passwords without the need to come up with one on your own. It also stores each unique password for future use. Computers are much better at randomizing characters than people, so you can rest easy knowing you aren’t inadvertently re-using character patterns – which is a big password no-no. Those previously mentioned 100 passwords likely won’t be learned by heart, and that’s okay. Your password manager has your back!

Below are forms of MFA that can be utilized with password managers to add an extra layer of protection.

  • Voice call: Opt in to receive verification calls from many password managers to confirm your identity.
  • Biometrics: Technology that utilizes fingerprint or facial recognition software for identity confirmation.
  • Push: Download corresponding apps on your phone or laptop that will then trigger a notification to click on and verify identity.
  • Hardware tokens are small devices that are either connected to or separate from your password manager. This generates a randomized code.
  • Email: Receive an email as a form of identity confirmation.
  • SMS is similar to a push notification. You receive a text message to verify your identity.

There is a lot to worry about these days, but taking a small amount of time to research and activate a password manager can help to avoid at least one type of online vulnerability. You don’t have to do much to become cyber-savvy either. Having and using the right tools is sometimes all you need.