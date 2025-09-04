How to protect your passwords from fraud and identity theft
Using strong passwords—and different ones for every site—can help you protect yourself against digital fraud and identity theft. Here’s how to protect yourself.
Nobody likes the ever-growing list of username and password combinations we need to access online accounts and a wide variety of websites. At best, it’s an annoyance. At worst, it’s a barrier to using services like online banking.
At least until we are a completely passwordless society, however, usernames and passwords and an additional authentication factor are the best defense we have against the spread of digital fraud and identity theft. It’s worth putting in the effort to come up with and keep track of different passwords for each of our accounts.
“Enabling strong authentication methods is one thing that I fight with even my own family members about,” says Octavia Howell, vice-president and chief information security officer for credit bureau Equifax Canada.
Think of usernames, passwords, and multi-factor authentication as more lines of defense for your identity online, she advises. Multi-factor authentication adds an extra layer of protection by combining different authentication factors, such as something you know, something you have, or something you are. If one of the organizations you deal with suffers a data breach, enabling this extra layer of protection for your online identity can help contain the damage and prevent it from spreading to the other sites and accounts you use. They may help keep you from becoming a victim of identity theft.
“It’s not a matter of if, it’s a matter of when your information will be compromised. Most of your information is likely already compromised,” Howell says.
Good authentication practices make it harder for fraudsters to obtain more information about you and assume your identity for the purposes of fraud. Here are Howell’s tips and dos and don’ts.
Too many users simply reuse the same username and password across multiple accounts, Howell says. Say criminals gain access to your streaming service account. If you use the same password for an email account, it’s as good as compromised. That may expose more information on you, your friends and your associates.
Another mistake is to use passwords that are easy to guess, such as your children’s name plus “123” and an exclamation point for a special character. Don’t include a pet’s name or a street address, either. Remember, hackers now get help from artificial intelligence (AI) to try thousands of combinations of these clues to gain access to your accounts. (Learn more about AI and identity theft.)
Howell recommends using multiple usernames and different passwords for all your online accounts. Here are some more tips to improve your password hygiene:
