The holiday season is a prime time for identity thieves to target victims. With the growth of online shopping, millions of Americans are potentially exposed to online fraudsters. The first line of defense against online attacks is strong passwords.

A previous IRS Commissioner noted, “Taking a few simple steps to protect your passwords can help protect your money and your sensitive financial information from identity thieves, which is critically important as tax season approaches. Protecting your information makes it harder for an identity thief to file a fraudulent tax return in your name.”

Cybersecurity experts have changed their recommendations related to password strategies. Previously, they suggested complex passwords that were different for every online account. Because most individuals have accounts for financial services, social media, online shopping and other purposes, the number of complex passwords needed became too overwhelming and difficult to recall. 

As a result, security experts now recommend longer phrases such as “SomethingYouCanRemember@30.” Here are nine IRS tips to help protect online accounts: 

• Password Length – Eight or more characters
• Combination – Use upper and lowercase letters, numbers and symbols in your password.
• Personal Information – Do not use your city, street, or other personal information in a password. This information is widely available to identity thieves.
• Default Password – Do not use “password” for your password. Change all default passwords.
• Reuse of Passwords – Do not use the same or similar passwords on accounts. For example, if you use Begood!17 as your password, do not simply change it to Begood!18 and Begood!19.
• Email Address – Do not use your email address as a username. Email addresses are easily known by fraudsters.
• Security – If you have a written list of passwords, store them in a safe or locked file cabinet.
• Disclosure – Never give out passwords over the internet. Be very cautious if an email sender asks for your password and claims to be from your bank, the IRS or your employer.
• Password Manager – Consider using a password manager program. Search to find password programs for smartphones or tablets. The best password programs typically have 256-bit encryption.