October 4, 2017
Spammers, hackers and phishers are constantly coming up with new ways to hack your email account or steal website logins, and access your personal information.

Landscape Ontario has compiled some handy tips to keep your email and logins more secure. And just like changing clocks, changing tires on vehicles and checking batteries in smoke and carbon monoxide detectors, passwords for online accounts should be changed each spring and fall.

LO reminds you to secure your accounts by regularly changing passwords and using other security tools available to you.  
 

Passwords

The best passwords are ones that are easy for you to remember, but complicated for a computer to figure out during a brute-force attack. If the site allows, the strongest password is made up of four words with upper case first letters and spaces in between, like; Taco Napkin Garbage Salad.

Use HowSecureIsMyPassword to find out how secure your online password really is.

Here are some results from some random passwords we tested:
Password Time to hack
Gy63asF 1 minute
starfish18 1 day
I Love LO 2 weeks
19Acerrubrum 3,000 years
gonefishingallday 118 billion years
Gone Fishing All Day 8 quintillion years
Whoa! A quintillion!? In case you're wondering, that's a million raised to the power of five. Most websites require your password to be at least six characters, contain at least one number and one capital letter. Note how the most random password above is actually the worst possible password.  
 

2-factor authentication

Apple, Twitter, LinkedIn, Microsoft, Google, Facebook, Instagram, Dropbox, Snapchat, PayPal, Amazon, Tumblr, Wordrpess and many more popular websites allow you to enable two-factor authentication. With this enabled, even if someone has your password, they can't login to your account without access to your smartphone. Google also allows you to add trusted devices you use on a daily basis, so the extra level of security doesn't slow you down.

To take advantage of this added level of security, simply do an online search for two factor authentication for the website or service you want to secure.

Enable Two-Factor Authentication on your Google account right now!
 

Security checkup

Google users can do a security checkup and remove all unknown and unnecessary apps from your authorized apps list. Even without your password, if a troubled script kiddie has scammed your authorization, they can do things like download all of your contacts and control your account. Which leads us to...
 

Be super cautious!

Did you get a "document" from someone with little or no explanation of what is attached? Did the bank or Revenue Canada send an email to notify you about a locked account? Don't click on, reply to, or forward any email messages even slightly unexpected from anyone. Even though the name and email address are correct for the person you deal with, when an account is hacked, often times the result is a mass, generic message sent out from their account to everyone in their contact list, or everyone they have ever sent an email message to.

When in doubt, pick up the phone and give them a call.