Choosing strong and unique passwords for your online accounts is one of the best ways to keep your personal information safe from cyber criminals. A unique password is important since a security breach that leaks your password on one site means cybercriminals could try to use your login credentials to login on other sites, a process known as credential stuffing. With so many passwords to memorize, you may have questions about using a password manager.
What is a password manager?
A password manager is a piece of software that acts as an online "vault" for your digital passwords. Using a password manager can help you more easily generate and keep track of usernames and passwords for websites that you choose to store in the password manager. Sensitive passwords, such as those you use for work, your financial accounts or your personal email, should not be stored in a password manager.
There are different types of password managers, including:
- a separate application you download,
- a feature of your device operating system, or
- an internet browser extension that automatically offers to save the passwords and usernames you enter while using that internet browser.
Choosing a password manager and which passwords to store
The Government of Canada’s Get Cyber Safe website has information on how to choose a password manager, including security considerations.
Do not store your most sensitive passwords, including those used for your work as an employee, your bank and financial accounts and your personal email accounts, in any kind of password manager. Although password managers may serve as helpful tools to store some passwords to avoid password overload, they are still susceptible to security breaches. Always memorize your most sensitive passwords.
Security vulnerabilities associated with internet browser password managers
The Canadian Centre for Cyber Security has important information on security vulnerabilities associated with internet browser‑based password managers that you should carefully consider. Saving your login credentials on your internet browser’s free password manager is not recommended.
How to choose unique passwords for your sensitive accounts
Preventing hackers from accessing your bank account is a partnership. While your bank has extensive security measures in place to protect you from fraud, there are also important steps you should take like choosing unique passwords. This is a requirement set out in your banking agreement and if you’ve taken the appropriate steps, you’ll be protected from fraud losses by your bank’s zero liability policy.
While your bank will have its own requirements about choosing a secure password to access your accounts and it’s best to check your online access agreement, account agreement or credit cardholder agreements, there are some general guidelines to keep in mind.
- Use a passphrase instead of a password. Using a passphrase that you associate with that website makes it easier to remember. For example, if you’re logging into a photo sharing site, the phrase could relate to images of your friends and family.
- Consider developing your own password tricks and patterns such as replacing letters for symbols or adding special characters like ! or $ at the beginning or end of your passwords.
- Never share your passwords with others, including family members and friends.
More information about how to keep your personal and financial information safe can be found in the CBA’s Cyber Security Toolkit for Consumers, created in partnership with the Government of Canada’s Get Cyber Safe campaign.