GATINEAU – The Office of the Privacy Commissioner of Canada (OPC) is warning Canadians not to use the same password for various websites, accounts and devices.
Citing a string of recent breach reports from companies that suspect their systems were accessed through the use of valid customer or employee login data, the OPC said that it is believed that the criminals obtained the data from previous, unrelated breaches that resulted in username and password combinations being published online.
The OPC also prepared a new tip sheet for businesses to help them mitigate the risk of password reuse, while reminding individuals and employees to consider the following best practices when selecting passwords:
– Avoid obvious choices such as mother's maiden name, child's name, pet's name or any reference someone may be able to guess through information posted elsewhere;
– Make passwords eight or more characters;
– Use a combination of letters, numbers and symbols;
– If you need to write them down to remember them, keep them offline in a secret, secure, locked place.
Commissioner Daniel Therrien said that other precautions, such as multifactor authentication for those accessing company servers remotely and monitoring for unusual employee login behaviour are also important.
