Skip to main content

Privacy Commissioner advises Canadians to be password smart

For convenience purposes – not to mention memorization – it’s not unusual for online users to draw from the same password for multiple accounts. But in an online world increasingly filled with hackers aiming to exploit consumers’ sensitive data, Canadian officials are strongly urging people to stop doing that.

The Office of the Privacy Commissioner of Canada recently issued a public service announcement, advising both business owners and residents to avoid using the same numbers and letters for more than one login. Breach reports have flooded the OPC in recent months, largely from entrepreneurs who’ve acknowledged that hackers were able to gain access after obtaining the necessary passcodes.

Daniel Therrien, OPC commissioner, noted that private citizens can fortify their online security simply by differentiating access information. Companies ought to implement the same kind of strategy and encouraging their employees to do likewise.

“Businesses … have a role to play,” Therrien advised. “They should require employees to change their work passwords if they’ve ever used the same one elsewhere. Companies should also remember that an employee’s password should not be their only line of defense against online intruders.”

Passwords may be obtainable via brainwave technology
Indeed, a recent study conducted by researchers from the U.S.-based University of Alabama at Birmingham determined that EEGs – electroencephalograph headsets – may be hackable, enabling cybercriminals to steal passwords via brainwave monitoring technology.

Costing between $150 and $800, EEGs are headsets that manipulate toys when onboard sensors monitor users’ brainwaves. They’re increasingly popular in the video and virtual gaming community.

“These emerging devices open immense opportunities for everyday users,” said Nitesh Saxena, associate professor at the UAB College of Arts and Sciences Department of Computer and Information Sciences. “However, they could also raise significant security and privacy threats as companies work to develop even more advanced brain-computer interface technology.”

Global attack cost cost $53 billion
Cyberattacks are not only highly inconvenient, they’re also potentially crippling, to private citizens as well as the global economy. A recent report from Lloyd’s of London determined that if the world were to go offline due to a successful hacking attempt, it could result in economic losses topping $53 billion, according to Reuters. That’s nearly seven times more than the so-called “WannaCry” ransomware attack, which in May infected more than 300,000 computers worldwide that used Microsoft Windows as an operating system.

As for what online users and employees can do to make passwords more one-of-a-kind, the OPC offered the following recommendations:

  • Instead of using all letters or all numbers, mix them up, adding in symbols and punctuation marks for further uniqueness.
  • Ensure passwords are at least eight characters in length. Many system accounts now require passwords be eight characters or longer.
  • Steer clear of commonly used options like birth dates, last names or password fallbacks like “123456” and “ABCDEF.”
  • Maintain a password booklet and coordinate the codes with the appropriate accounts.

Caroline Hubberstey, senior vice president of communications and member relations at the Retail Council of Canada, indicated that the cybersecurity scares are an important reminder that people have to be ever vigilant in a world where hackers are trying to take advantage of Canada’s hardworking families, business and employees, often at all costs.

“It also highlights the need for Canadians to take appropriate steps to protect themselves from fraud and to protect their personal information,” Hubberstey added.