The following guidelines apply to NYSERDA and personal accounts:

• Passwords for all applications and websites should be changed bi-annually, be complex, contain a mix of numbers, symbols, capital and lowercase letters, and be at least 12 characters in length. In addition, passwords should not contain dictionary words or personal information.

• Avoid storing your passwords insecurely such as the notes app on your phone. Instead, store passwords in a locked cabinet or password manager application.

• Be aware of “shoulder surfing" in the office and in public; ensure nobody is peering over your shoulder when you are entering your password or other login credentials.

• Turn on multi-factor authentication when available.