Skip to main content
Internet
Log in / Register
Your current region:   Ontario
Select your province or territory below:
Close province setting

Using passwords effectively

Compromised passwords

Compromising passwords is a common technique used by hackers to gain access to accounts. Passwords can be compromised in several ways:

  • Phishing and social engineering

    Attackers can use these techniques to lure victims into disclosing a password to access a specific site. They then try it on other sites to see if the password is being reused.

  • Brute force attack

    An attacker tries a long list of possible passwords to guess the right one. The list contains the most common passwords or common phrases, such as those found in a dictionary.

  • Credential stuffing

    An attacker uses a long list of passwords acquired from a data breach to determine if the passwords are being reused.

  • Spidering

    An attacker gathers information about the victim (date of birth, family information) from sources like social media and company sites, and creates a list of likely options for a password.

Good password practices

How to create a Strong Password

How to create a Strong Password

Online accounts have valuable information that cybercriminals are looking to get so that they can steal your identity or commit fraud. Using strong passwords and managing them effectively are important steps you can take to protect your accounts.
There are simple tips you can follow to protect your information.

Use strong passwords

As hacker techniques evolve, their ability to crack passwords have improved greatly. According to cybersecurity company Hive Systems, an 8-character password with upper case and lower case letters, numbers and special characters can be cracked in 39 minutes, whereas a 12-character password can take 3,000 years.

To protect yourself, you should set up an unique and secure passwords that are more difficult for hackers to crack. Here are suggestions for creating a good password:

  • Never use something that is easily guessable such as your birthday.
  • Use a longer sequence of random words or text – at least 12 characters.
  • Use a combination of lower case and upper case letters, numbers and special characters (!$#%*&).

Never reuse a password

Always use a different password for every service you use. Attackers will try passwords they get from other breaches to see if you reused them. Also, ensure that passwords are not similar to those used on other sites (using the same password with one or two changed letters).

Use a password manager

Trying to create a unique, long and strong password for all your online services and websites can seem impossible. Most people cannot remember that many passwords and either reuse the same one over and over again, or a variation of the same password with some slight changes. Use a password manager to create strong, unique passwords for each site.

Enable multi-factor authentication

Multi-factor authentication (MFA), also known as two-factor authentication (2FA), protects your online accounts by using more than just a username and password.

MFA uses text messages, email or an app on your smartphone. The text message, email or app will have a unique code that you need to enter when logging in to your account. To complete the login, the password must be correct and the code must match the one sent to you.

Password diligence

Even if you follow good password practices, it is important to be diligent and proactive to ensure you have not been hacked.

  • Regularly check your account activity

    Log in to your accounts and look at transactions, purchases or changes to your account such as a new phone number or address.

  • Watch for notifications or news

    Subject to applicable law, an organization that has been breached may reach out to notify affected customers. Also watch for news reports about companies you deal with to learn if they’ve been breached.

  • See if you have been compromised

    Be proactive and check sites like Have I been pwned  to see if your credentials are part of a reported data breach.

If you suspect that you may have been hacked, take action:

  • Change your password

    Immediately change the password of the account you suspect has been breached. Follow good password practices and select a strong and unique password.

  • Check other accounts

    If one account has been breached, others may be as well, especially those that have the same username. Look for suspicious activity, then change the password.

  • Report it

    Alert all relevant organizations, including financial institutions, that your account has been compromised.

  • Regularly review your credit report

    Contact a credit monitoring service to see if there has been suspicious activity. Also consider using their services to proactively monitor and report suspicious activity.