Security Breaches and how to Protect Yourself

It seems as though security breaches are everywhere these days. In Canada the CRA (Canada Revenue Agency) has recently had a security breach that puts everyones account into jeopardy, whether you know it or not. Recently the goverment has been handing out benefits due to the Covid-19 pandemic and hackers would of course like to get their piece of the pie.

Hackers are targeting users who use the same password and username for multiple login credentials. Is this a fault of the CRA Website, or does the blame fall on people who are using the same, possibly weak passwords for all of the sites they use?

If you do a search on Google for "websites with security breaches" or "security breaches 2020", you will come up with dozens of sites such as dropbox, facebook, twitter, Yahoo, LinkedIn etc. These have all been compromised and if you have an account on one of these sites your identity could have been compromised. This information gets sold on the dark web. The hacker then uses the compromised data and logs in with your same credentials on the CRA Website.

How can you protect yourself against these security breaches?

1) Check to see if your Username and Password has been compromised

The first thing you should do is check and see if your credentials have been stolen. These are some of the most popular sites to check to see if your credentials have been compromised.

You can register with some of the above sites listed above and have them notify you if your accounts become compromised and are found on the dark web.

2) Use a Different Username and Password for Every Site.

One of the best ways to keep passwords secure is to use different passwords for each website or service that you use. Unfortunately, an astounding 83% of respondents said they use the same password for multiple sites. If a site you use gets hacked or compromised, then they could potentially have access to all of the sites or apps that you use. Most websites have different requirements for passwords, some require 8 characters, others 20 characters. The same goes for UPPER and lower case requirements as well as special characters such as #$%@ etc. Our Password Generator covers all of the options and allows you to choose which best fits your requirements.

3) Use a Password Manager

Password Managers are a must today! In order to remember a different password you use on every site you need something to store them in. A password manager generally stores the data in one file that can be backed up with a "Master Password" or a combination of a "master password" and an a File or "Security Key"

4) Use 2FA - Two Factor Authentication

Today, the two most popular ways websites use 2FA or Two-Factor Authentication are 2FA Texting and App Authenticators. Harware Authenticators are used more in the corporate environment.

  • Texting 2FA (After logging in with User/PW the site sends you a code via text message to complete the login)
  • App Authentication ( Google Authenticator, Authy, Duo Mobile, Microsoft Authenticator)
  • Hardware Authenticators (FIDO U2F, YubiKey etc.) - USB type keys to authenticate

Conclusion

Whether your password manager is stored local or cloud-synced, a password manager puts all of your credentials in one place. For most people, the security benefits of using a password manager is MUST! Don't let security breaches get the best of you! Do something about it before it happens!

Posted in Network Security Tips on Aug 18, 2020.