[{"content":"","date":"25 May 2026","externalUrl":null,"permalink":"/","section":"Cyber Aware","summary":"","title":"Cyber Aware","type":"page"},{"content":"In Part 1, we covered how to create strong, memorable passwords and why a password manager is a non-negotiable tool for staying secure. Now let\u0026rsquo;s go further — adding a second layer of protection and looking at where authentication is headed.\nStep 3: Adding the Second Layer of Defense # If your password is ever stolen, adding a Multi-Factor Authentication method (MFA or 2FA for short) will likely still keep your account secure. After all, two walls are better than one, and setting up MFA is not very difficult. You have probably seen MFA before when a service asks you to check your phone for a login code or to scan your fingerprint after you have put in your password.\nMFA\u0026rsquo;s security is derived from three factors:\nSomething you know, like a PIN or a personal question Something you have, like your smartphone Something you are, like your fingerprint or face Also, when setting up MFA, avoid using SMS text codes if other options are available. SMS is unencrypted and therefore less secure, so try to use other methods like one-time passwords (OTP) and authenticator apps like 2FAS or Authy.\nMFA requires at least two of these three factors, so a stolen password alone won\u0026rsquo;t be enough. Step 4: The Future is Here - Switching to Passkeys # To combat the ever-growing threat of cybercrime and account theft, the FIDO Alliance—along with companies like Apple, Google, and Microsoft—has invented a new technology that aims to replace passwords, called passkeys. They do this by storing a cryptographic \u0026ldquo;key\u0026rdquo; on your device, which allows you to log in with biometrics or a PIN instead of entering a password.\nPasskeys are beneficial because they are essentially phishing-resistant and remove the necessity for memorization. Furthermore, they are more convenient and accessible, so use them wherever you can, as more and more sites adopt them.\nTo setup passkeys, go to your accounts\u0026rsquo; Security settings and look for a \u0026ldquo;Passkeys\u0026rdquo; or \u0026ldquo;Sign-in methods\u0026rdquo; section. You will then be asked to enter a PIN, scan your fingerprint, etc, to store your passkey on your device or in an authenticator app.\nWith passkeys, your secret never leaves your device, which makes phishing attacks ineffective. Start Small, Stay Secure # These steps are simple ways to level up your security, but don\u0026rsquo;t try to fix everything at once. Start off by securing some of your most important accounts, like your email and banking. Remember that modern security is actually getting simpler than before. Making yourself secure takes only a few extra seconds, but makes a big difference when a hacker tries to steal your identity, money, or digital life.\nFour steps to a secure account: steps 1 and 2 from Part 1, steps 3 and 4 from Part 2. ","date":"25 May 2026","externalUrl":null,"permalink":"/posts/mastering-passwords-part-2/","section":"Posts","summary":"","title":"Mastering Passwords: Part 2","type":"posts"},{"content":"","date":"25 May 2026","externalUrl":null,"permalink":"/posts/","section":"Posts","summary":"","title":"Posts","type":"posts"},{"content":"In 2004, Bill Gates predicted that \u0026ldquo;passwords will be a thing of the past.\u0026rdquo; Nearly two decades later, passwords are still our first line of defense against cyber threats, but both the way we create and manage them and the cyberthreats aimed against them have evolved significantly.\nThe End of \u0026ldquo;Password123!\u0026rdquo; # The average person has around 100 online accounts, and many still rely on weak passwords like \u0026ldquo;password123!\u0026rdquo; or \u0026ldquo;opensesame\u0026rdquo; that are easily guessable. Even if you have a strong password, using the same one across multiple accounts can lead to a domino effect if one account is compromised. For many, the convenience of a single, simple password outweighs the risks, since memorizing that many different passwords is just impractical. Password reuse is more common than you may think, with about 65% of people reusing their passwords across sites.\nSource: NordPass Most Common Passwords Report 2024 One method you might think of to get around this is to add a short suffix to a base password, like password123!facebook and password123!twitter. While this does provide some variation, this method is still vulnerable to attacks that can identify common patterns in passwords.\nStep 1: Creating an \u0026ldquo;Uncrackable\u0026rdquo; Password # The National Institute of Standards and Technology (NIST) has issued guidelines on how to create strong passwords, which have been recently updated in 2026 to shift the focus from complexity to length and uniqueness. For example, they recommend a minimum length of 12 characters, with longer passwords being more secure. They also encourage utilizing the entire range of Unicode characters, including emojis or other language-specific characters if possible, to make passwords more resistant to brute-force attacks.\nHere are some tips for creating strong passwords:\nUse a passphrase: Link four or more random and unrelated words together to create a long password. After generating the words, you can create a story to help you remember it more easily. This famous comic from XKCD illustrates the strength of passphrases compared to traditional complex passwords: Password Strength by XKCD Use spaces/symbols: More platforms are now allowing spaces in passwords, which can make them easier to remember and more natural to type. By using spaces or symbols to separate words in a passphrase and ending with a unique suffix, you can create a strong password that is also memorable. For example, instead of maytheforcebewithyou, you could use may.the.force.be.with.you!1977. Use the poetic method: Think of a line from a poem, song, or quote that you will never forget, and write down the first letter of each syllable, including punctuation and capitalization. For example, \u0026ldquo;Twinkle, twinkle, little star, how I wonder what you are\u0026rdquo; becomes Tk,tk,lts,hIwdwya. Step 2: Letting a Password Manager Do the Heavy Lifting # While creating strong passwords is important, it gets harder and harder to remember them as you create more accounts. This is where password managers come in. A password manager is a software application that helps you generate, store, and manage your passwords securely, and is considered vital for maintaining good cybersecurity hygiene.\nEssentially, instead of manually creating and remembering passwords, a password manager can generate much more secure and unique passwords and store them in an encrypted vault. You only need to remember one master password to access all of your stored passwords. Many password managers also offer features like auto-filling login forms, syncing across devices, and alerting you if any of your passwords have been compromised in a data breach.\nHow a password manager works Some popular password managers in 2026 include 1Password and Bitwarden. When choosing the right one for you, consider factors such as ease of use, pricing, and security features.\nWith strong, unique passwords and a manager to keep track of them, you\u0026rsquo;ve already put yourself ahead of most people online. But passwords alone aren\u0026rsquo;t the full picture. In Part 2, we\u0026rsquo;ll cover how to protect your accounts even when a password is stolen, and how a new technology called passkeys is quietly making passwords obsolete.\n","date":"18 May 2026","externalUrl":null,"permalink":"/posts/mastering-passwords/","section":"Posts","summary":"","title":"Mastering Passwords: Part 1","type":"posts"},{"content":" Jeremy Yu is an accomplished student at Mountain View High School, Class of 2027, with a dedicated focus on pursuing a career in cybersecurity. A nationally ranked competitor, he has secured first-place finishes in both individual and team National Cyber League (NCL) competitions and was selected for the US Cyber Games Combine and Pipeline Team. His technical experience includes developing an audio streaming protocol at UCLA COSMOS and conducting AI-focused research through the Aspiring Scholars Directed Research Program (ASDRP).\nBeyond his technical achievements, Jeremy holds several leadership roles, serving as the President of the Information Security and Puzzle Clubs and Vice President of the Computer Science Club. He is proficient in multiple programming languages, including Python, Java, and C++, and has furthered his education through supplemental coursework at De Anza Community College. Outside of his primary academic pursuits, he is active in the Service League of Boys and enjoys strategy games and engineering projects.\nJessen Yu is Vice President of Platform Engineering at Valo Health, where he leads the team building the computational platform behind the company\u0026rsquo;s drug discovery work. He has spent more than twenty years working on machine learning and AI for drug discovery, and on the engineering work needed to make those systems run at scale. He holds a BS in Computer Science and Chemistry from Stanford University and lives in Mountain View, California.\nIn his advisory role, he brings a professional perspective to both the technical and editorial side of the project, helping students like Jeremy develop the judgment that good engineering and good communication require.\n","externalUrl":null,"permalink":"/about/","section":"Cyber Aware","summary":"","title":"About Me","type":"page"},{"content":"","externalUrl":null,"permalink":"/authors/","section":"Authors","summary":"","title":"Authors","type":"authors"},{"content":"","externalUrl":null,"permalink":"/categories/","section":"Categories","summary":"","title":"Categories","type":"categories"},{"content":"","externalUrl":null,"permalink":"/resources/podcasts/","section":"Resources","summary":"","title":"Podcasts","type":"resources"},{"content":"","externalUrl":null,"permalink":"/resources/","section":"Resources","summary":"","title":"Resources","type":"resources"},{"content":"","externalUrl":null,"permalink":"/series/","section":"Series","summary":"","title":"Series","type":"series"},{"content":"","externalUrl":null,"permalink":"/resources/software/","section":"Resources","summary":"","title":"Software","type":"resources"},{"content":"","externalUrl":null,"permalink":"/tags/","section":"Tags","summary":"","title":"Tags","type":"tags"},{"content":"","externalUrl":null,"permalink":"/resources/websites/","section":"Resources","summary":"","title":"Websites","type":"resources"},{"content":"","externalUrl":null,"permalink":"/resources/youtube/","section":"Resources","summary":"","title":"YouTube Channels","type":"resources"}]