Strong passwords: Keep your personal information safe
Your accounts hold all kinds of valuable personal information about you – names, birthdates, credit card numbers, and more. If a cybercriminal accesses this information, they can use it to commit identity theft or fraud or sell it to other criminals.
Your first line of defence against these thieves is strong and unique passwords. While it may be easier to remember simple passwords or use the same one across multiple accounts, cybercriminals will likely try your username and password for multiple sites and accounts to access more information once they know them.
Here are helpful tips to help you create and manage strong passwords, check for potential breaches, and know what to do if you are hacked.
Creating strong passwords
- Make it difficult to guess: A good password is longer than eight characters and includes letters, numbers, and symbols. A great password combines these elements with random words or phrases to create a passphrase that’s longer than 15 characters. You can make your passphrase even stronger and more unique by avoiding obvious word combinations, using words in other languages, or combining words.
- Use a different password for each account: It can be hard to remember a complex password for one account, let alone a different password for everything you need to sign into. But using the same password to sign in to multiple accounts can leave you vulnerable; once a password is compromised, thieves will check it on other popular websites to try and log in to your accounts. Consider using a password manager to keep track and even generate unique passwords.
- Enable two-factor authentication: Where possible, use two-factor authentication (2FA) to keep your devices and accounts secure. For example, some phones will let you use your fingerprint or face to unlock the screen, and institutions like banks or credit card companies may send you a one-time passcode to verify your identity or transactions. This extra layer of security can stop fraudsters from getting to your sensitive and valuable data, so don’t share your verification codes with anyone else.
- Keep it to yourself: Think of your password like a toothbrush - it should never be shared! If you suspect someone else has unauthorized access to your account, change your password immediately.
- Make security questions hard to answer: Instead of using your mother’s maiden name or the town you grew up in (both common security questions for password recovery and both easily findable via social media), choose more challenging to guess options for which only you could know the answer.
Checking for a breach
- Check your account activity: Many of us have switched to paperless billing and no longer receive physical copies of our bills or financial accounts. Take a minute to log in and look at your records to ensure there aren’t any odd transactions or purchases, changes to your billing address, new mobile numbers activated without your knowledge or any other suspicious activity.
- Check the news: Keep an eye out for corporate data breaches. Big ones are often reported in the news, and companies will usually reach out to their customers to inform them. If you are a customer of a company that experiences a data breach, immediately change your password for that account.
- Check for yourself: Be proactive and monitor your accounts for potential password breaches. Sites like “Have I been pwned” could help show you if your account is associated with any data breaches.
Have you been hacked? What now?
- Change your passwords: If one of your accounts is breached, others may be too. Change all of the passwords associated with those login credentials; i.e. if you use your email address as a username, change any password associated with that email address.
- Stay vigilant: Monitor your accounts closely for any suspicious activity. If your banking password has been compromised, you may want to alert your bank and change any PINs or additional passwords. Consider using credit monitoring services to stay on top of any potential identity theft.
- Report it: Find out how to report suspicious activity related to a TELUS product or service at Report a Problem.