Software that lets you print and mail your return | Page 2 | Income tax filing | Discussion forum

Please consider registering
guest

sp_LogInOut Log In sp_Registration Register

Register | Lost password?
Advanced Search

— Forum Scope —




— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

No permission to create posts
sp_Feed Topic RSS sp_TopicIcon
Software that lets you print and mail your return
February 19, 2021
3:32 pm
Bill
Member
Members
Forum Posts: 2266
Member Since:
September 11, 2013
sp_UserOfflineSmall Offline

".....the agency noted over 100,000 accounts that used the same combination of email and password." I don't understand, over 100K Canadians used the same email address? And then they all used the same password?

February 19, 2021
3:41 pm
Londonguy
Member
Members
Forum Posts: 493
Member Since:
May 27, 2016
sp_UserOnlineSmall Online

Oscar said
How and why would any external organizations have someone's CRA login information ? Any ideas ?  

They don't, not exactly. It's because a lot of lazy people use the same username on different sites, and even lazier people use the same password in combination with that same username on different sites.

That means that if somebody hacks into and steals a username & password database from, say, Home Depot or Walmart or Etsy or whatever, anyone on that stolen list who is using the same username & password combo elsewhere (like at CRA for instance) is at risk.

Scumbags routinely buy these kinds of lists and then attempt to access people's accounts by what is called "credential stuffing" where they use the stolen user & password combos to try to gain entry into sites like banks, etc.

CRA cybersecurity bought a copy of this particular batch of data, ran it against their own username/password database and found that over 100,000 CRA accounts could potentially be accessed, so they locked them all down. That's a lot of lazy people.

Simple message: Don't use the same user name, and don't use the same password

February 19, 2021
4:01 pm
Oscar
Member
Members
Forum Posts: 225
Member Since:
October 17, 2018
sp_UserOfflineSmall Offline

That makes sense , thanks. I assumed people were generally more security conscious about that stuff. Forgot about lazy.

February 19, 2021
4:21 pm
AltaRed
Member
Members
Forum Posts: 1279
Member Since:
October 27, 2013
sp_UserOfflineSmall Offline

I have well over 100 online accounts of one sort or another from banks to Kijiji to Walmart, etc. If I didn't use a password manager, there would be no way to keep it all straight. That is what the issue is. Don't even have to be lazy. It is just unmanageable otherwise.

February 19, 2021
4:49 pm
Winnie
Ontario
Member
Members
Forum Posts: 329
Member Since:
December 7, 2011
sp_UserOfflineSmall Offline

Bill said
".....the agency noted over 100,000 accounts that used the same combination of email and password." I don't understand, over 100K Canadians used the same email address? And then they all used the same password?  

No, Bill. Each one from those over 100k Canadians used own email and own password, but they also used the same email and password combination on another sites, besides CRA.

So, all emails from that over 100,000 accounts for sure are different and passwords probably also are different or quite possible, that they maybe using easy passwords, for example "password 123".

February 19, 2021
5:21 pm
Bill
Member
Members
Forum Posts: 2266
Member Since:
September 11, 2013
sp_UserOfflineSmall Offline

Oh, I see, thanks. I have all my unique sign in id's and passwords listed on a few sheets of paper I keep locked up, id's in one cabinet, passwords in another. The very few I use regularly I've memorized.

February 19, 2021
7:42 pm
SaverJunior
Member
Members
Forum Posts: 14
Member Since:
March 16, 2018
sp_UserOfflineSmall Offline

Bill said
".....the agency noted over 100,000 accounts that used the same combination of email and password." I don't understand, over 100K Canadians used the same email address? And then they all used the same password?  

I think this is what happened. Some perpetrator obtained user credentials of 100,000 different taxpayers. Then the perpetrator changed the email address of these 100,000 accounts to his/her email address. So now, all CRA communication notifications to these 100,000 taxpayers now go to his/her inbox. The perpetrator also changed the password of these 100,000 accounts to a common password for ease of access.

Obviously, I wouldn't imagine this is a task for someone to do it one by one by hand for 100,000 times. It must be done by robo automated computer program written by some software programmers.

February 20, 2021
5:26 am
Donald_Trump
Member
Members
Forum Posts: 11
Member Since:
February 7, 2021
sp_UserOfflineSmall Offline

My government dose not seem to be very good with computers . phoenix pay system all the problems at CRA . that is why printing out your tax return seems better , Than engaging them with a computer I am sure these problem will be fixed at some point . but just not ready for prime time yet .

February 20, 2021
5:39 am
Bill
Member
Members
Forum Posts: 2266
Member Since:
September 11, 2013
sp_UserOfflineSmall Offline

I'm guessing it's not the top IT folks who are working in the unionized public sector, often when I use gov't computer systems it feels a bit like Oaken's.

February 20, 2021
10:56 am
pooreva
Member
Members
Forum Posts: 206
Member Since:
April 2, 2018
sp_UserOnlineSmall Online

AltaRed said
I have well over 100 online accounts of one sort or another from banks to Kijiji to Walmart, etc. If I didn't use a password manager, there would be no way to keep it all straight. That is what the issue is. Don't even have to be lazy. It is just unmanageable otherwise.  

Agree with you 100%. It is not only one bank, one on-line store or government.
Unless you are extremely busy with your family/life, now is the good time to go through all your bookmarks, access all those sites and confirm all user IDs/passwords are really difficult to crack.

What password manager do you use? I like roboform for PC and Enpass for Android.

February 20, 2021
4:49 pm
Canadianbull
Member
Members
Forum Posts: 279
Member Since:
December 26, 2018
sp_UserOfflineSmall Offline

I use turbo tax.

No permission to create posts

Please write your comments in the forum.