Identity Management Day 2025—Best Practices from BARR Advisory

Identity Management,Online Safety,MFA,Phishing

April 8 marks Identity Management Day, a day dedicated to raising awareness and inspiring individuals to take action when it comes to safely managing their digital identities. Hosted by the Identity Defined Security Alliance (IDSA) and National Cybersecurity Alliance (NCA), BARR Advisory proudly supports this cause and is committed to improving online security for personal data as an Identity Management Champion.

In celebration of this notable day, we’re sharing five tips to help you stay safe online.

Recognize and Report Phishing Attempts

Phishing is when cybercriminals use a fake email to lure you into providing your personal information or installing malware on your device. When recognizing phishing emails, you can look for signs such as:

Typos, misspellings, and grammatical errors;
Generic or ambiguous greetings;
Requests to send personal information;
Urgency to click on a link or attachment;
An e-mail address that doesn’t match the company it’s claiming to be from; and,
Strange or abrupt business requests.

When at work, it’s important to report phishing emails to your IT department or security officer right away. If you experience phishing on a personal device, the best practice is to not click on any links and delete it immediately.

Enable Multi-Factor Authentication (MFA)

MFA is used for accounts that hold valuable information. You may see MFA used within banks, online stores, or social media accounts—anywhere that holds personal information. It’s a security measure that asks you to take an additional step when logging into your account. This second step not only proves your identity, but it can prevent hackers from breaching your account.

For example, if you have MFA set up for your Gmail account, you can expect to log in with your username and password, and then enter a code sent to your phone. Other examples of MFA include entering a PIN when you swipe your debit card or answering a security question before logging into an account.

Using MFA is quick and easy—codes are typically sent and processed immediately, so you don’t have to wait around to access your information.

MFA can also include:

Facial recognition;
Fingerprint scanners;
Authenticator applications; and,
Secure tokens.

Use Passkeys and Tokens Whenever Possible

A passkey is typically a password or a PIN that users create to gain access to their accounts or devices. Tokens are physical or digital objects that facilitate authentication beyond just a password. These can be hardware tokens like USB keys or software tokens such as authentication apps that generate temporary codes.

The primary function of both passkeys and tokens is to verify that the person trying to access the information is indeed authorized to do so. By adding an extra layer of security, it significantly reduces the risk of unauthorized access, ensuring personal and sensitive data remains protected.

Keep Your Devices and Software Up to Date

Software updates not only fix general issues but also provide security patches for vulnerabilities. A good practice is to set up automatic updates. This will take away the stress of having to manually schedule updates, and it places you a step ahead of bad actors who are looking for ways to reach your data.

It’s also important to download software updates directly from the source and be aware of fake software updates that ask you to urgently download something or enter your information into a form. Unlicensed software or fake pop-up windows could lead to malware and other security problems.

Use a Password Manager

Throw out that Post-it note with your passwords on it and start using a password manager to store all of your new, unique passwords (and even help you generate new ones, if needed). Password managers offer convenience by automatically filling in login forms, saving you time and reducing the likelihood of login errors.

Many password managers come with additional features such as secure notes, two-factor authentication (2FA) integration, and the ability to securely share passwords with trusted individuals.