NCSA’s World Password Day statement following report of massive data breach at major email providers

Many of us woke up to new reports that more than 272 million user names and passwords from major email accounts and other websites had been stolen. According to Reuters, it is one of the biggest stashes of stolen credentials reported in the last two years.
“Logging on multiple times daily to our most frequently used accounts seems like second nature, but incidents like this reminds us of the need to be vigilant in protecting our personal online information,” said Michael Kaiser, executive director of the National Cyber Security Alliance. "A simple, critical first step in this process is securing all email, social media and financial accounts, by making use of available security tools such as multi-factor authentication that provide an additional layer of protection and make it significantly harder for accounts to be accessed by others. For accounts, where multi-factor or stronger authentication tools are not available, ensure passwords are long and strong.”
Email accounts in particular are extremely important to protect as once breached, hackers can use them to reset passwords and break into other accounts, steal identities, target contacts and put an individuals' reputations at risk.
As we recognize World Password Day, it is a good time to remind everyone to take the following proactive steps to better secure their digital lives:
  • Get two steps ahead and protect core accounts ‒ such as email, financial services, and social networks ‒ with multi-factor authentication. Multi-factor authentication requires a second step, such as a text message to a phone or the swipe of a finger to be used in addition to a password to log on to an account.
  • Change passwords on accounts that don’t offer multi-factor authentication. Change and make better passwords. Passwords should be strong and easy to remember. It is always better if they are longer and consist of combinations of passphrases, numbers and symbols. Important accounts should have unique passwords not used to access any other accounts.
  • Clean and keep all machines clean. Immediately update all software on every Internet-connected device. All critical software including PCs and mobile operating systems, security software and other frequently used software and apps should be running the most current versions.
  • Monitor activity on your financial and credit cards accounts. If appropriate, implement a fraud alert or credit freeze with one of the three credit bureaus (this is free and may be included if credit monitoring is provided post breach). For more information, visit the Federal Trade Commission website,
  • When in doubt, throw it out. Scammers and others have been known to use data breaches and other incidents to send out emails and posts related to the incident to lure people into providing their information. Delete any suspicious emails or posts and get information only from legitimate sources. 
For more information, including links to sites that offer multi-factor or stronger authentication,  visit

Media Contact

Jessica Beffa