IRS Tax Tip 2018-187, December 4, 2018 The IRS urges everyone with any type of online account to review new, stronger standards to protect their passwords. Doing so will help protect against savvy cybercriminals who wants to access people’s accounts and steal their identities. Here are three steps people can follow to build a better password: Step 1: Leverage powers of association. People can identify associated items that have personal meaning and use them in their passwords. Step 2: Make unique associations. Passphrases should be words that can go together in your head, but no one else would ever suspect. Good example: Items in a living room such as BlueCouchFlowerBamboo. Bad example: Names of children or pets. Step 3: Create a passphrase that you can picture in your head. The key is to create a passphrase that is hard for a cybercriminal to guess, but easy for the user to remember. In addition to creating strong passwords, people can: Use a different password or passphrase for each account. People can consider using a password manager if necessary for multiple accounts. Use multi-factor authentication whenever possible. They should not rely on the passphrase alone to protect sensitive data. Multi-factor authentication means returning account holders need more than just their username and password to access an account. They also need, for example, a security code sent as text to a mobile phone. Change all factory-set passwords. They should do this for wireless devices such as printers and routers. More information: Taxes. Security. Together Publication 4524, Security Awareness for Taxpayers PDF Protect Your Clients; Protect Yourself Tax Security 101 Subscribe to IRS Tax Tips