BC Freedom of Information and Privacy Association
Your Data Your Rights
Strong passwords, two-factor authentication and awareness of online scams were among the topics discussed during a cyber security information session in St. Thomas last week.
Jeff Wong, CEO of DAGI, a London-based IT company conducted a Seniors’ Cyber Security Information Session at CASO station on Wednesday, May 13, where dozens of attendees were instructed how to protect themselves online. The event was hosted by Elgin-St. Thomas-London South MP Andrew Lawton.
Mr. Wong noted two main methods: using a password manager and signing up for two-factor authentication (2FA). He said that 81 per cent of cyber attacks begin with a weak or reused password.
“Password managers let you create a strong, unique password for every account, without memorizing them,” a slide stated during the presentation. With a password manager, the user only needs to remember one password, while the application “remembers” the rest.
Mr. Wong recommended 1password, Bitwarden, Keeper Security, and NordVPN as good password/2FA apps.
There are three main ways to get two-factor authentication: a code sent via text, an authenticator app, and a physical hardware key (USB/NFC).
People don’t use 2FA for a variety of reasons. Mr. Wong said some he’s heard are: “It’s too complicated,” “I’m not important enough to need that” and “my password is already strong.”
In rebuttal, he said it’s often easy as a couple clicks to set up and use 2FA, that hackers do not care how important you are—if at all—they only want your money and it’s easy to steal a password through credential stuffing.
Credential stuffing is a complicated, but effective form of cyber attack where logins/passwords are leaked and sent to the dark web. Fraudsters can then find/purchase that information and use bots to attempt millions of logins to other websites than the one that originally leaked the information. Having unique passwords for each login helps solve this problem.
According to Get Cyber Safe, a national public awareness campaign, 41 per cent of Canadians reuse their passwords for multiple accounts.
Mr. Wong says this is the easiest way for a data breach to happen: the scammer learns one password and now has potential access to all accounts that use the same password.
According to NordPass, the average person has around 120 different sites/apps that require login. Mr. Wong said that the websites keep the login information for a very long time. Because of this, people may be affected by a data breach today on a website they haven’t visited in 10 years.
Mr. Wong says this is why it’s so important to use different passwords: if one is leaked, everything with that password is vulnerable.
“Unique passwords contain the damage,” he said.
Having a password manager, Mr. Wong said, reduces your risk of being hacked by 47 per cent. He said to start with the important logins, with email being the most important, followed by banking, government sites, shopping and social media.
Everything flows through email, Mr. Wong said, stressing why it was important to prioritize a secure email passowrd. If a hacker gained access to an email account, then they can attempt to access other accounts and websites, click ‘reset password,’ which prompts an email and then they can open the triggered email, and reset a password for that outside side with access to that additional account.
Artificial intelligence (AI) is becoming a major tool in online scams as well, he said. According to Govtech, Microsoft’s AI can replicate a voice with just three seconds of an audio sample. This technology is commonly used in a scam technique called the “grandparent scam” or “emergency scam.”
The “grandparent scam” is when a fraudster will call, pretending to be a grandchild or loved one, asking for money in a panic. The urgency of the call helps add pressure to sending over money. Now, they can use an AI-assisted voice imitation so the call really sounds like their loved one.
Mr. Wong shared five tips to avoid falling victim to this type of scam:
• Ask the caller their name, as a scammer might not know who they’re pretending to be.
• Setting a family code word would help, as a scammer can’t share what they don’t know.
• Hanging up and calling the person’s contact number is a safe option, in an emergency they will answer that phone.
• Always get a second opinion before sending money to anyone.
• Never send cash, wire transfers or gift cards, as they are virtually impossible to recover.
Mr. Wong ended the presentation with some general internet safety tips, including advising against using Google’s “Save password” option as it’s not protected or encrypted. He also noted that biometric data for verification such as a fingerprint or face ID are generally thought to be secure, but to use caution while travelling.
Anything connected to the internet is a doorway for hackers and scammers he cautioned, but using a password manager, 2FA and being cautious online can help protect you.
The Local Journalism Initiative (LJI) is a federally funded program to add coverage in under-covered areas or on under-covered issues. This content is created and submitted by participating publishers and is not edited. Access can also be gained by registering and logging in at: https://lji-ijl.ca
You can support trusted and verified news content like this.
FIPA’s news monitor subscribers, donors and funders help make these available to everyone rather than behind a paywall. We appreciate every contribution because it makes a difference.
If you found this article interesting and useful, please consider contributing here.
