A new campaign that empowers Americans to better secure their online lives
Since the beginning of his Administration, the President has made it clear that cybersecurity is one of the most important challenges we face as a Nation. In February of this year, the President issued his Cybersecurity National Action Plan (CNAP). The CNAP directed the Federal Government to take new action now while fostering the conditions required for long-term improvements in our approach to cybersecurity across the Federal Government, the private sector, and our personal lives.
One critical component of the CNAP is the goal of empowering Americans to better secure their online accounts by moving beyond just usernames and passwords and adding an extra layer of security. To accomplish this goal, the National Cyber Security Alliance (NCSA), together with non-profit membership organizations and private sector companies, today launched the “Lock Down Your Login” campaign.
Launching “Lock Down Your Login”
The NCSA’s “Lock Down Your Login” is a public-private campaign designed to enable every American to better secure their online accounts through the use of strong authentication. Strong authentication, such as the use of a fingerprint or the confirmation of a one-time code, for your online accounts could have prevented as many as 62 percent of successful data breaches last year.
Many Americans are concerned about online security. But we all have work to do to improve the security of our online accounts. 72 percent of Americans believe their accounts are secure with only a username and password. Unfortunately, this simple method for protecting ourselves online is not as effective as it once was. But there is some good news. A confluence of emerging technologies, under the banner of strong authentication, is making it easier for everyone to better secure their online accounts.
“Lock Down Your Login” aims to close this gap by focusing on simple and widely available solutions that can and should be adopted by every American online. That’s why industry, government, and like-minded organizations that understand the importance of cybersecurity awareness and education are coming together through this harmonized campaign to make the case to consumers directly.
“Lock Down Your Login” builds upon years of the STOP. THINK. CONNECT.TM campaign’s public-private partnerships to help more Americans stay safe online through public awareness. This new campaign is timed with the launch of National Cyber Security Awareness Month in October. During October, the National Cyber Security Alliance and the U.S. Department of Homeland Security, co-founders and co-leaders of the month, call on all Americans and businesses to share the responsibility and take steps to be safer and more secure online.
“Lock Down Your Login” Partners
In order to launch this public-private partnership, the NCSA has engaged a broad range of “Lock Down Your Login” partners, including technology companies, banks, non-profits, and civil society. “Lock Down Your Login” partners will support the campaign in a number a ways including but not limited to:
- Collaborating closely with the National Cyber Security Alliance to promote the “Lock Down Your Login” messaging and content by using the brand and logo with their own. This includes utilizing media space online and on television as well as other platforms to spread the word about “Lock Down Your Login.”
- Encouraging customers to use strong authentication technology. By making new technologies available and generating awareness of those currently offered, partners will empower their customers to better secure their accounts.
- Creating original content for their audience and promoting it through their own platforms and spokespeople. “Lock Down Your Login” encourages campaign partners generate awareness and inspire action by creating their own content designed to reach their specific target audience.
Examples of commitments announced by companies today in support of the “Lock Down Your Login” campaign include:
- Facebook is conducting a broadcast and radio media tour to share security tools and advice to keep accounts safe, including strong authentication and password advice. People using Facebook will see promotional videos for tools like Security Checkup, which encourages unique passwords and the use of login alerts to receive a notification when a new computer or phone attempts to access your account. A blog post series on Facebooks’ Security Page will highlight the “Lock Down Your Login” campaign and share other security features, including login approvals, which is Facebook’s two-factor authentication feature involving a code generated from the Facebook app or sent via text message.
- The FIDO Alliance, the Electronic Transactions Association (ETA) and the National Cyber Security Alliance (NCSA) will jointly host a “Future of Authentication Policy Day” to highlight the importance of strong authentication, explore the evolution of the authentication market, and discuss its impact on the policy and regulatory landscape. This event will take place on October 27th, in recognition of National Cyber Security Awareness Month.
- Google will help promote the goals of the “Lock Down Your Login” campaign through a blog post, social media, and a home page promotion in October that will urge users to take an account “Security Checkup” which includes managing any two-step verification protections users have set up. This is in addition to Google’s existing security investments, including ongoing Safe Browsing protection, which shields desktops and Android users from malware, phishing, and unwanted software on the web.
- Intel is committed to working with the National Cyber Security Alliance and its partners to bring easy and actionable digital security education to consumers through engaging content. Intel will support the call for stronger authentication by reaching users on social media and motivating them to take action by making digital security understandable and user-friendly. In product offerings that support this initiative, True Key™ by Intel Security is a multifactor password manager. It secures passwords, ensures only users can access them with unique factors like their face and fingerprint, and logs users in across the web.
- Mastercard continues to be committed to developing consumer solutions that eliminate static passwords, utilize biometrics and make payments both safe and simple. As part of its efforts, Mastercard, with its partner BMO-Harris Bank in the United States, will announce the upcoming commercial launch of the Mastercard Identity Check Mobile solution for BMO Harris Bank’s commercial cards. Mastercard Identity Check Mobile allows a user to authenticate a digital payment transaction with his or her fingerprint or selfie.
- SANS Institute is offering organizations access to an interactive National Cybersecurity Awareness Month Planning Kit, which will include everything organizations need to promote cybersecurity during the month of October. The kit includes resources, materials and templates for every day of the month, including an entire day dedicated just to the Lock Down Your Login campaign.
- Square will continue to implement simple and easy-to-use multi-factor authentication (MFA) tools for all of the businesses that they serve. For user log-in, they have provided customers with the option to enable an MFA feature that sends a text with a verification code. Square will encourage users to enable this tool through a variety of channels with clear instructions on how to do so. Their MFA solution also enables the business to require a second layer of verification for sensitive account actions like changing a linked bank account or password.
- USAA is committing to make it easier for its members to secure their accounts using multi-factor authentication. They support a variety of authentication methods including touch, voice, face, text and token. White these methods have been available to all members since 2011, USAA will now automatically enroll new members in multi-factor authentication. This is part of a multi-year commitment to strengthen account security.
NSCA’s full list of partners on the “Lock Down Your Login” partners are: CompTIA, Consumer Action, Consumer Federation of America, Council of Better Business Bureaus, Decoded, ESET North America, Facebook, Family Online Safety Institute (FOSI), FIDO Alliance, Financial Services Roundtable, Google, Intercede, Intel Corp., Javelin Strategy & Research, Logical Operations – Get IT Certified, MasterCard, mcgarrybowen, Mozilla, Multi-State Information Sharing Analysis Center (MS-ISAC), National Strategy for Trusted Identities in Cyberspace (NSTIC) National Program Office (NPO), NXP Semiconductor, PayPal, Salesforce, SANS Institute, Square, TeleSign, TrueKeyTM by Intel Security, Twitter Inc., Visa Inc., Wells Fargo & Company, and Yubico.
Campaign Development
Led by the NSCA and in coordination with the Administration, the campaign was developed through an active collaboration of partners and consumer research to identify a message that would resonate with Americans and encourage them to take actions to secure their accounts.
Working together since this past spring, partners have provided input and guidance about the best ways to communicate the value of adding stronger authentication to online accounts. Several messages and logos were tested through surveys. Americans responded the most positively to the “Lock Down Your Login” messaging as it is easy to understand, encourages adoption of stronger account security and motivates internet users to take action to prevent identity theft and secure their digital lives.
For more information about how to lock down your login or to become a campaign partner, visit https://www.lockdownyourlogin.com