Video: Credential stuffing

[Electronic music playing]

From online banking, shopping and gaming

to joining unique communities,

you need to create an account

to do just about anything these days.

And with so many accounts to manage, it might be tempting

to reuse the same credentials for each one.

Credentials confirm your identity

with a username or password to access your accounts.

But reusing your credentials puts you at risk

of cyberattacks like credential stuffing.

"Credential stuffing" might sound complicated,

or like a tasty Thanksgiving side dish,

but it's straightforward.

In a credential stuffing attack, cybercriminals

use stolen credentials from one website and use them

to gain access to your accounts on other sites.

Once they have access, cybercriminals can

change your password,

steal your personal information,

and make unwanted purchases with

your credit card information.

So how can you prevent a credential stuffing attack?

Use a unique password or passphrase for each account.

That way, if your credentials for one account are stolen,

a cybercriminal can't use them to access your other accounts.
 

If you find all those passwords difficult to remember,

you can use a password manager to store them safely.

You should also enable multi-factor authentication,

also known as MFA, where possible.

MFA adds an extra layer of security to your accounts by

making you prove your identity to log in,

like sending a code to your phone or e-mail

or using facial recognition.

If you suspect one of your accounts has been compromised,

change your password or passphrase immediately.

Then check your credit card and bank accounts

for any suspicious activity.

Using unique passwords or passphrases

for all your accounts may seem like a pain,

but it's worth it to protect your sensitive information.

Visit GetCyberSafe.ca to learn more about staying safe online.