The answer is that security is everyone’s responsibility – including you and the businesses that secure your email address online or physically. That may be a big group. Think about how often you log into a website using your credentials. Now, think about how often you reuse the same password.
Odds are, hackers are thinking about it. Between April 2024 and April 2025, in the US alone, security breaches gave threat actors access to 184 million consumer passwords, according to a recent Yahoo Moneywise article.
The cybercriminals obtained email addresses, passwords, and login links “tied to major platforms like Apple, Google, Facebook, Microsoft, and even government and financial services,” according to the article.
Those credentials can be used to obtain more information about the victims with the goal of accessing their banking accounts.
With so many entities in possession of your credentials, password security is something that you need to manage – but how? By arming yourself with knowledge and making your passwords hard to hack.
Baseline Security Tips
Start your security protocol by checking to see if your email address and/or password have been compromised by using this free tool. This tool even tells you which breach is associated with your stolen passwords. Additionally, you can register to be notified when credentials have been compromised.
If you discover you need to change passwords – or want to take better ownership of your security – use these tips.
- The National Institute of Standards and Technology (NIST) recommends passwords of at least 12-16 characters. Some organizations, such as the Cybersecurity and Infrastructure Security Agency (CISA), recommend even longer passwords. At a minimum, passwords should be:
- Long—at least 16 characters long (even longer is better).
- Random—use a string of mixed-case letters, numbers, and symbols (the strongest!) or a passphrase of 4 –7 random words.
- Unique—used for one and only one account.
- Use Multi-Factor Authentication wherever possible – especially when accessing websites linked to financial records. The First’s Online Banking has Multi-Factor Authentication enabled by default.
- Frequently change your passwords using the above criteria.
- Think twice before clicking on links or attachments in emails. Hover over links to see where they will lead.
Common Email Themes
Speaking of emails, be aware of the techniques scammers commonly use in emails:
- Urgent messages
- Generic greetings
- Suspicious claims
- Unrealistic promises
- Threatening language
- Typos and grammatical errors
- Suspicious links
- Unsolicited attachments
- Requests for personal information:
- Impersonation of a legitimate organization
If You’re a Victim?
Immediately change any passwords you might have revealed. Consider reporting the attack to IC3.gov and the police and file a report with the Federal Trade Commission.
Getting Help
If you identify suspicious activity involving your accounts with The First, contact us immediately.
We hope you find these tips helpful. If you have any questions or need assistance, please don’t hesitate to give us a call. Stay safe and secure!
For more information to protect yourself from cybercrime, visit The First’s Security Center and learn 4 Tips From The First To Stay Safe Online.
