It’s tempting to reuse the same password and username for your online accounts, but now more than ever, it’s important to have a unique username and password (i.e. your login credentials) for each site you sign in to. Why? Fraudsters are counting on using your stolen passwords to access other sites in a technique known as “credential stuffing.”

How credential stuffing works

When customer data is stolen, in a cybersecurity breach or theft, information including usernames and passwords can be leaked or sold to other hackers.

These bad actors then use a technique called credential stuffing, whereby stolen login credentials are “stuffed” into a program that attempts to fraudulently log in to other sites, including your bank account. And if you’re using the same login credentials across a number of websites, chances are that the fraudsters will be successful in accessing your accounts.

Banks invest heavily in cyber security to protect the financial system and the personal information of their customers from cyber threats, including credential stuffing. But there is one simple step you can take to protect against a criminal accessing your accounts:

How to protect against credential stuffing

If you reuse the same login credentials across multiple sites, hackers can use just that one piece of information about you to access a number of your accounts. So the best way to protect against credential stuffing is to develop a unique password for each of your online accounts, especially sensitive accounts like your bank account and your main email account. Additional tips and information on good cyber hygiene practices can be found on the Canadian Bankers Association website:

Staying safe online – a cyber hygiene primer

4 simple steps to protect yourself online