Enable multi-factor authentication where available to add an extra layer of security to all of your online accounts.

Multi-factor authentication requires 2 or more proofs of identity to log into your account. For example, after entering your password or passphrase, you will be prompted to provide a second verification such as entering a code sent to you via an authenticator app, email or text message.

Multi-factor authentication makes it harder for a cybercriminal to access your account, even if one of your accounts’ other authentication methods – such as a passphrase – has been compromised.

Pairing multi-factor authentication with a unique and strong passphrase will provide an extra layer of security to your online accounts. Learn how to set up multi-factor authentication(Opens in a new tab/window). 

Using a unique and strong passphrase for each of your online accounts is one of the most effective actions you can take to stay secure online. 

A passphrase is a more secure password. It contains a sequence of random words making it easier for you to remember but harder for cybercriminals to guess.

Strong and unique passphrases:

• contain 4 or more random words
• contain 14 or more characters
• are different for every account
• do not include identifying information such as family names, birth dates or addresses
• include symbols, capital letters, or numbers, if required by the website or service.

Learn about creating secure passphrases(Opens in a new tab/window).

Password managers can help you create, manage and store passwords for each of your accounts. Learn about choosing a reputable password manager(Opens in a new tab/window).

Combining a unique and strong passphrase with multi-factor authentication where possible will provide an extra layer of security.

Installing software updates for all of your internet-connected devices, like your phone or laptop, is critical to keeping yourself secure online.

Software updates fix weaknesses or gaps in your devices’ security. Installing regular updates will keep your devices secure and makes it harder for cybercriminals to access them.

Turn on automatic updates so you are notified when an update is available, and be sure to install software updates when prompted. Learn how to update your devices.(Opens in a new tab/window)

Information you share on public internet forums, social media or through your device settings can put you at an increased risk of becoming a victim of cybercrime.

It is important to check your privacy and location settings often to make sure you are not accidentally sharing any personal or identifying information about yourself with the public. Information like your suburb, family or pet names can be used by cybercriminals to impersonate you and access your accounts.

Settings to check:

• Review the default privacy settings on your online or social media accounts to control who can see your information. Limit the visibility of your profile to trusted friends and family.
  - This will help stop cybercriminals from learning more about you.
   
• Disable geolocation tracking on your internet-connected devices and apps if not needed. Geolocation is a method of determining a device’s location.
  - Always check location services for each of your apps under device settings. Most apps don’t need to know your location.
  - Be careful not to share your location online with strangers or on public sites.
   
• Disable photo and camera access on your devices if not needed.
  - Some apps will ask for access to your camera and photos. Always check and adjust this setting for each of your apps. Most apps don’t need to access your camera and photos.

Learn more about updating your privacy settings on social media.(Opens in a new tab/window)

Be aware of your browsing when using public Wi-Fi.

Public Wi-Fi is the free, open-access Wi-Fi often available in public locations like shopping centres, airports, hotels and cafes. These networks are often not secure and are an easy target for cybercriminals seeking to access personal information and passwords.

When using public Wi-Fi, do not access any sensitive or personal information, or log in to online banking, social media or email accounts, as the connection is not secure. Any information you enter while using public Wi-Fi could be accessed by cybercriminals.

Find out more about the risks when connecting to public Wi-Fi.(Opens in a new tab/window)

Education and awareness are critical to keeping yourself, your family and friends secure online.

If you share internet-connected devices with family and friends, such as a phone, laptop or a gaming console, it is critical you are all aware of the important actions that will keep you secure online.

In particular, make sure you have all set up multi-factor authentication, are using unique and strong passphrases and are installing software updates on all devices as soon as they are available.

Talking regularly about online security is a great way to ensure that you and those around you have the most up-to-date information.

Learn how to talk to your family and friends about staying secure online(Opens in a new tab/window).

Reporting cyber incidents is critical to helping the government identify new trends, collate data, alert the community and help you recover from the incident.

To report a cybercrime, visit the Australian Signals Directorate's website(Opens in a new tab/window).

Scammers are criminals who deceive people into paying money or providing their personal information. Scams are always evolving and becoming increasingly sophisticated, making them more difficult to detect. That’s why it’s important to learn how to spot and avoid scams.

Scammers may contact you by email, text message, phone call or social media. They may create fake websites that look real and even publish sponsored ads online.

There are many techniques that scammers use to deceive people. Some common warning signs to be aware of:

• Pressure to act quickly  
• Amazing opportunities to make or save money – for example an investment or job offer 
• Requests to make payments in unusual or specific ways 
• Requests to set up new accounts or PayIDs 
• Messages with links or attachments 
• Requests for help, including financial, from someone you haven’t met in person. 

Phishing is a common scam tactic where someone pretends to be from a trusted organisation in order to get personal information from you. Scammers may send emails or messages with links that direct to websites designed to steal the details you enter, or with attachments containing malware. Do not click on any links or attachments in emails or messages.

To keep safe from scams: 

• Stop – Scammers will try to get you to act quickly, sometimes by worrying you or offering ‘too good to miss’ opportunities. Never give money or personal information to anyone if you are not certain who you are dealing with.
• Check - You can be contacted by scammers in many ways, including by phone, email, text message or social media. It’s important that you know who you’re really communicating with. Always check by contacting the person or organisation using details you find yourself from an official website or app.
• Protect - Act quickly if something feels wrong. If you have had money or personal information stolen, contact your bank immediately. Help others by reporting scams to Scamwatch(Opens in a new tab/window).  

At Scamwatch.gov.au(Opens in a new tab/window), you can learn about different types of scams, how to protect yourself from scams and what to do if you’ve been scammed. You can also access resources like the Little Book of Scams(Opens in a new tab/window).