Protecting Your Online Password Security
As you’ve probably heard by now, the Canada Revenue Agency (CRA) has confirmed that three cyberattacks compromised thousands of Canadians’ accounts. As more aspects of our lives and financial services continue to move online, it’s critical to be proactive about protecting the security of your personal information. According to the Office of the Chief Information Officer of the Government of Canada, these cyberattacks were made possible by “credential stuffing” where hackers “used passwords and usernames collected from previous hacks of accounts worldwide [and] took advantage of the fact that many people reuse passwords and usernames across multiple accounts.”
At OPB, information security and privacy is paramount in our commitment to online service delivery and service excellence. We would like to remind our members that there are steps you can take to protect yourself and stay cyber safe when visiting websites that require an online user ID and password.
Here are some tips to help protect your online identity and password security.
Never reuse the same user ID and password for more than one site. A breach on any of those sites can give hackers access to all the sites with the same credentials. This is how hackers were able to access CRA accounts during their recent cyberattacks. Though it may seem like extra effort upfront, having unique passwords helps keep your personal information secure. This is particularly critical if it’s a financial site. To help keep track of your passwords, try using a password manager or vault.
Update your passwords frequently. While news of cyberattacks like the ones affecting the CRA can be concerning, they also provide an important reminder to ensure your accounts are as secure as possible. If you’ve been using the same passwords across multiple sites or have been using existing passwords for a long time, it’s a good idea to change them now.
Use multi-factor authentication when possible. Many online services now offer multi-factor authentication, which provides an extra layer of protection against cyberattacks. In addition to your password, these systems require a time-limited code that can be sent to your phone by text message or through an app when you log in. Though setting up multi-factor authentication may seem like a complicated extra step, it’s a great way to help keep your information more secure.
Set alerts to advise you if your information changes. Many online services, including CRA, Service Canada and most banks, offer the ability to email, text or call you when critical personal information such as your email, mailing address or banking information has been changed. Now is a good time to check if you’ve set up these alerts on any accounts containing your personal information, especially financial information. If you think your information has been updated fraudulently, contact the organization right away.
For your OPB e-services account, alerts are automatically set up to notify you when any of your personal information is changed online.
Remember to log out from your accounts. Be sure to log out at the end of your session and clear your cache regularly. For more information about best practices related to online passwords, visit the Canadian Centre for Cyber Security. If you feel it’s time to update your OPB e-services password, visit your e-services account today.