Passphrases, passwords and PINs

Using unique and complex passphrases and passwords for every account and device is one of the best ways to keep your personal information safe.

Follow:

Your password: The key to your personal information

Passphrases, passwords and PINs help protect your personal information from potential online threats. And the stronger they are, the more secure your information will be.

We recommend that you use passphrases, as they are longer yet easier to remember than a password PasswordCombination of letters and numbers you select to secure an account or device. of random, mixed characters. A passphrase PassphraseCombination of random words you select to secure an account or device. is a memorized phrase consisting of mixed words with or without spaces.

If a passphrase isn’t an option, complex passwords that are unique to every account and device can also make it more difficult for cyber criminals to access your accounts and devices. Discover the steps you can take to create the best passwords possible — and how to keep them safe once you’ve made them.

Risks to you

Malware

Malware MalwareMalicious software ("malware") designed to infiltrate or damage a computer system, without the owner's consent. Common forms of malware include computer viruses, worms, Trojans, spyware, and adware. It can: • Intimidate you with scareware, which is usually a pop-up message that tells you your computer has a security problem or other false information. • Reformat the hard drive of your computer causing you to lose all your information. • Alter or delete files. • Steal sensitive information. • Send emails on your behalf. • Take control of your computer and all the software running on it. is malicious software SoftwareA computer program that provides instructions which enable the computer hardware to work. System software, such as Windows, Linux or MacOS, operate the machine itself, and applications software, such as spreadsheet or word processing programs, provide specific functionality. designed to infiltrate or damage a device.

Malware can give cyber criminals access to your passwords by looking in places where your passwords are stored, monitoring the websites you visit and watching what you type with a keystroke logger Keystroke loggerSoftware or hardware designed to capture a user's keystrokes on a compromised system. The keystrokes are stored or transmitted so that they may be used to collect valued information. . Learn more about malware.

Phishing and smishing

Phishing PhishingAn attempt by a third party to solicit confidential information from an individual, group, or organization by mimicking or spoofing, a specific, usually well-known brand, usually for financial gain.  and smishing SmishingFraudulent SMS messages designed to induce users to reveal personal or financial information via the mobile phone (see phishing). messages are emails and text messages designed to trick you into giving up information by pretending to be a trusted source.

To get your password, phishing emails will often disguise themselves as a reputable company and ask you for your login information or provide a link LinkSee Hyperlink. to a fake login site.  Learn more about phishing and smishing

Protect your password

a padlock with muscular arms and passwords behind it

Always use a strong password or passphrase

Passwords that are easy to remember, like a pet’s name or family member’s birthday, are also easy for attackers to guess. Instead, follow these tips to create a strong passphrase or password:

  • When possible, create a passphrase: a combination of four or more random words, and a minimum of 15 characters

For traditional passwords:

  • Use at least twelve characters
  • Use a combination of upper- and lower-case letters and at least one number
  • Include at least one character that isn't a letter or number, like: !, # or $.
  • Use a series of letters that only make sense to you, like the first letters of each word in a sentence

Learn more about creating a strong password.

circles with fingerprints and cursor hands

Use unique passwords for everything

Many people use the same password for multiple accounts and devices.

Unfortunately, this has one major problem: if a cyber criminal gets access to one of your accounts, they get access to all of them.

Using unique passwords is the easiest way to protect all of your accounts in the event of a breach. Plus, you can always try a password manager if you’re having trouble remembering multiple passwords.

colourful padlocks

Only log in from trusted sources

Legitimate websites will never ask you to send your personal information or to log in via email or text message.

If you’re unsure if a message you receive is a phishing scam, try logging in from the home page Home pageThe home page is displayed by default when a visitor visits a website using a web browser. of the organization you’re dealing with — never click a link in a suspicious message or respond to any message asking for your password.

a person making a lips zipped gesture, with a password, eyes and cursor hand

Never share your password

This one should be obvious, but just in case it’s not: never, ever, ever share your passwords with anyone. Ever.

Resources

Staying cyber safe when your employees work remotely

Staying cyber safe when your employees work remotely

Remote work is common. Help your employees get cyber safe wherever they work.

Video: We Wish You'd Use Strong Passwords

Video: We Wish You'd Use Strong Passwords

A holiday song that also explains the importance of using strong passwords on your accounts and devices for your overall cyber security.

Blogs

Blogs

Read up on the latest cyber threats and tips for keeping yourself, your family and your business cyber safe.

Resources

Resources

Visual learner? Check these out for tips and tricks to keep yourself, your family and your business secure from cyber threats.

Become a champion

Become a champion

Become a Get Cyber Safe champion to help improve internet security for yourself, your organization, and all Canadians.

Date modified: