Skip navigation

Blog

Don’t leave yourself open to hackers

November 18, 2024

Suffering from password overload?

You’re not alone. But, these days, having multiple passwords is a fact of life.

They’re required for everything from online banking and social media to government services. Each time you create a new account, you create a username and password. Reusing these credentials might be convenient, but it makes it easier for hackers to gain access to your accounts and personal information.

User credentials are a high-value target because hackers know that people tend to use passwords more than once. According to GetCyberSafe.ca, 41 per cent of Canadians say they use the same password for multiple accounts.

Hackers target organizations and individuals, taking advantage of vulnerabilities in systems and software, sending phishing messages and disguising malware as legitimate files. These techniques are used to steal sensitive information. Once they have it, they can sell it.

Even if a password was stolen years ago, using it today puts you at risk of cyber attacks like credential stuffing where previously stolen log-in credentials (i.e. your username or email address and password) from one website are “stuffed” into the log-in pages of other websites and systems until matches are found.

To protect yourself, avoid reusing a password.

Use complex passwords and passphrases

The Canadian Centre for Cyber Security says passwords should be a minimum of 12 characters. They also recommend using passphrases, since they are longer and easier to remember than a password made up of random, mixed characters. Your passphrase should be at least 4 words and 15 characters in length. For example, you might create one by scanning a room in your home and using words to describe what you see (i.e., “Closet lamp Bathroom Mug”).

If you cannot use a passphrase, use a password that is as complex as possible. One made up of lowercase and uppercase letters, as well as numbers and special characters.

Understandably, the more complex passwords become the harder they are to remember. The easiest way to keep track of them is by using a password manager. This is literally a vault that stores all your usernames and passwords for different websites, apps and devices.

Choose the right password manager

According to GetCyberSafe.ca, not all password managers are created equal. Make sure the one you choose has security features like:

  • multi-factor authentication
  • prompts to change old passwords
  • notifications about weak or reused passwords
  • integration with other devices

Protecting your passwords with just another password isn’t enough. Enable your password manager’s multi-factor authentication (MFA) to create a secure system. According to Get Cyber Safe, one in three Canadians use this feature.

MFA is an extra layer of security where only you can access private information and accounts. It uses such things as fingerprint scanners, voice verification, facial recognition or security questions - just to name a few - that are unique to you.

Something as simple as 2-step verification can protect you from:

  • 100% of automated bots
  • 96% of phishing attacks
  • 76% of targeted attacks

The more your verification involves you, the better. Some experts say while password managers are a useful tool, they may not be the best choice for all passwords. Passwords for sensitive accounts like your email and bank should be stored the old-fashioned way: in your head.

Also, never use the ‘remember me’ or auto-fill features for websites, and don’t share personal information on social media that could compromise your account security questions (like the name of the street you grew up on or family pet).

What to do if you are compromised

If you suspect one or more of your accounts has been hacked:

1) Immediately update your passwords or passphrases on accounts using the compromised credentials

2) Check your credit card and bank account statements for any suspicious activity

3) Report any fraudulent financial activity to your financial institution

4) Notify contacts that could be impacted by the attack (i.e., if a phishing message was sent from your account)

5) Report the fraudulent activity to local police and the Canadian Anti-Fraud Centre

Choose personal cyber insurance

While having complex passwords and managing them properly is critical in today’s world, it doesn’t protect you from everything.

The HUB Personal Cyber Insurance Policy, for example, offers even more protection for your finances and family members against the risk of ransomware, phishing, cyberbullying, cyberstalking and helps guard against identity theft, which allows fraudsters to empty your bank accounts, take out credit cards and loans in your name.

For as little as $100 a year, it provides $25,000 in coverage and provides 24/7 access to cyber professionals should you become a victim. It also covers family members living in your household and dark web monitoring - where criminals buy and sell personal information - at no extra cost.

RELATED READING:

Personal cyber protection a growing need: Experts