Cyber Security Awareness Month: Week 2 - Strong Authentication & Safe AI Use
Why This Matters
Most cyber incidents start with one thing: weak or stolen credentials.
If someone gets into your account, they can steal your data, impersonate you, or even compromise your workplace systems. And with AI tools now part of daily life, there’s a new layer of risk - sharing the wrong information with the wrong tool can be just as damaging.
The good news? You can protect yourself with a few simple habits.
Step 1: Build Strong Passphrases
Forget short, complex passwords you can’t remember. Passphrases are longer, easier to recall, and much harder to crack.
How to create a strong passphrase:
- Build a passphrase from four or more random words (minimum 16 characters total)
Example:Kangaroo-sunset17-bicycle-ocean - Make each passphrase unique - never re‑use it
- Store them in a reputable password manager
- Where possible, enable passkeys - a phishing-resistant login method
- Check if your passwords have been exposed using Have I Been Pwned
- Never share your passphrases
Step 2: Turn On Multi‑Factor Authentication (MFA)
Even the strongest passphrase can be stolen. MFA adds a second lock on the door.
MFA Options
- Authenticator App
Use a time-based one-time password (TOTP) app for strong, phishing-resistant codes. - Hardware Security Key
A physical device that provides the highest level of phishing resistance. - SMS codes (better than nothing, but less secure)
Turn on MFA for:
- Email accounts
- Banking and financial services
- Social media
- Work systems
Step 3: Enable Biometrics on Your Devices
Your phone, laptop, or tablet is a gateway to your accounts.
Biometric authentication, like fingerprints or facial recognition, adds speed and security.
How to Enable Biometrics on Your Device
- ** Apple (Face ID / Touch ID)** – Set up Touch ID or Face ID on iPhone and iPad
- ** Android (Fingerprint / Face Recognition)** – Enable biometric authentication on Android
- ** Windows (Windows Hello)** – Configure Windows Hello for facial recognition, fingerprint, or PIN
Tips:
- Use biometrics where available, they’re fast and secure
- Keep a strong passcode or passphrase as a backup
- Avoid simple swipe patterns, they’re easy to observe and guess from smudge marks
Step 4: Use a Password Manager
A password manager securely stores all your passphrases in one encrypted vault, you only need to remember one master passphrase. It can also generate strong, unique passphrases for every account.
Benefits:
- No need to memorise dozens of logins
- Auto‑fills credentials on websites and apps
- Syncs across devices
- Alerts you if a password is weak or breached
Popular Free & Paid Options
(Always download from official sites or app stores)
| Type | Service | Notes |
|---|---|---|
| Free | Bitwarden | Open‑source, unlimited devices, strong security |
| Proton Pass | Free syncing, dark web monitoring | |
| KeePass | Locally stored on your Computer, but more technical to set up | |
| Paid | 1Password | Good Reputation, multiple features |
| Dashlane | Good Reputation, multiple features | |
| NordPass | Good Reputation, multiple features | |
| Built‑in | Apple iCloud Keychain | Works across Apple devices, syncs via iCloud |
| Google Password Manager | Integrated with Chrome & Android | |
| Microsoft Autofill | Works with Microsoft Edge & Microsoft Account |
Step 5: In Public - Watch Out for Shoulder Surfing & Physical Device Security
Not all attacks are digital, sometimes people just watch you type.
How to prevent it:
- In public, shield your screen or keyboard when entering credentials.
- Be extra cautious in public spaces such as cafés, airports, or trains.
- Don’t leave your devices down on tables or unattended in public places.
- At work, lock your device when stepping away, even for a moment.
Quick Lock Shortcut (Windows): Press Windows + L to lock your screen.
Step 6: Use AI Tools Safely
AI can be a powerful assistant, but it’s not always safe to share sensitive information.
Safe AI habits:
- Never upload confidential or work data to public AI tools
- Only use approved AI platforms for sensitive information
- Review privacy settings before using a new AI service
- Keep an eye out for breach reports or privacy policy changes
- Treat AI like a public forum, if you wouldn’t post it online, don’t put it in a chatbot
🇦🇺 Key Australian Government Cyber Security Websites
- Australian Cyber Security Centre (ACSC) – Official government hub for cyber security alerts, advice, and resources for individuals, businesses, and government.
- Australian Signals Directorate – Cyber Security – Information on ASD’s role in national cyber defence, threat intelligence, and security frameworks like the ISM.
- Act Now, Stay Secure – Public awareness campaign with simple, everyday cyber‑safe actions for Australians.
Quick Takeaway
Strong authentication is your first line of defence.
Combine long, unique passphrases with MFA, enable biometrics, use a password manager, stay alert in public, and treat AI tools with the same caution you’d use when speaking to a stranger.