Cybersecurity: Passwords and email

Create strong passwords

A strong password is critical to protecting your online accounts. And, while it may be tiresome to create and remember them, it’s important to keep in mind that passwords are often the first defense against cyber criminals. They protect personal information, like financial accounts, health data or private documents from falling into the wrong hands. But what makes a password strong?

Here are some simple steps you can take to strengthen your passwords:

  • Use one password/passphrase per account, especially those dealing with sensitive or financial information.
  • Complexity is nice, but length is key. Always use the maximum password length allowed by the application. Aim for at least 16 characters, if possible.
  • Avoid common words like “password” or “user,” or anything that can be easily guessed like your birthday, or obvious sequences of letters or numbers like “1234” or “ABCD.”
  • Be creative. Some of the strongest passwords aren’t words, but a collection of words or “passphrases.” Passphrases, made of randomly-chosen words, can be both easy to remember and hard for someone to guess, which is what you want out of a passphrase. Here are some examples: “Delay Elephant Buy” or “Europe Profit Now.”
    • Replace some letters with spaces, numbers or special characters. For example, replacing an “A” with “@” or an “S” with “$” can help increase the strength of your password. But don’t rely on obvious substitutions, liking substituting an “o” with a “0” or “H0use” instead of “House.”
  • Consider a password manager. Password managers generate strong, random passwords and remember them so you don’t have to. And, it stores your login information for all the websites you use in your own personal, encrypted password database that is accessed with one master password/passphrase. It’s the only one you need to remember. Popular password managers include: Dashlane, LastPass and KeePass.

Protect your passwords:

  • There is never a reason for someone to ask you for your password. RBC Wealth Management will never ask you to confirm your password over email, text or phone.
  • Storing passwords in your Internet browser or using the autofill option can leave you susceptible to hackers. It is surprisingly easy for criminals to gain access to information stored in your browser, so disable the autofill feature and don’t store passwords in your browser.
  • Enable two-factor authentication when possible. This means you prove your identity in two ways: a password plus some sort of biometric authentication like a fingerprint, adding an extra layer of security.

Keep your email safe

Email is one of the easiest ways criminals can target you, but there are ways to reduce the risk. Here are some tips:

  • Sharing personal or financial information over email is not recommended. Do not post your email address on public forums or give your email address to sites you don’t trust.
  • Any email that is not encrypted is not secure. You should assume anything sent on unencrypted email is public.
  • Never click on an unknown link or open an attachment you weren’t expecting, especially if it’s from someone you don’t know. Here’s more on how to spot phishing scams.
  • Do not reply to spam emails or click on the unsubscribe buttons in such emails. This notifies criminals that your email address is active.

Investment and insurance products offered through RBC Wealth Management are not insured by the FDIC or any other federal government agency, are not deposits or other obligations of, or guaranteed by, a bank or any bank affiliate, and are subject to investment risks, including possible loss of the principal amount invested.