Security Best Practices

Stronger Passwords, Safer Accounts

Your password is the first line of defense in securing your online accounts. Below are some ways you can reduce the risk of unauthorized access.

Enable Multi-Factor Authentication 

Multi-Factor Authentication (MFA) adds an extra layer of security on top of your password. Even if someone manages to get your password, MFA ensures that they cannot access your account without a second verification step—such as a code sent to your phone or email. It's one of the most effective ways to protect your sensitive accounts and should be enabled wherever possible.

Use a Strong Password

A good password is one that is easy to remember but difficult to guess. The longer your password is, the harder it will be for someone (or more likely, some program) to crack it. Passphrases, that uses a combination of words, are examples of a long password that can be easy to remember. A passphrase should be at least 4 words and 15 characters in length. Shorter passwords should include lowercase and uppercase letters, as well as numbers and special characters.

Here are some additional tips to consider when making your password:

• Don’t use easily guessed passwords, passphrases, or PINs, such as “password”, “let me in”, or “1234”, even if they include character substitutions like “p@ssword”
  
• Don't use names of family, friends or pets.
  
• Don't use phone numbers, social insurance numbers or birthdates.
  
• Don’t re-use passwords. Create a unique password for your alc.ca account.
  
• Do use a password manager to help you keep track of your passwords.
  
• Do update your passwords on a regular basis.
  
• Do enable multi-factor authentication (MFA).

Keeping your Data Safe

These simple steps can go a long way to helping you protect your data:

• Use Multi-Factor Authentication (MFA) to protect your login credentials. MFA makes accounts more secure by requiring at least two forms of authentication to log in.
  
• Use a strong, unique password.
  
• Keep your computer, software and web browsers updated with the latest versions.
  
• Install up-to-date anti-virus software on your computer.
  
• Be cautious with links in an email. If you receive an email advising you to click a link to update your personal information, DON’T CLICK IT!
  
• Please note that Atlantic Lottery will never initiate an email asking you to supply personal information. If you receive such email, please contact us to verify the request.

Protect yourself from credential stuffing

Credential stuffing happens when criminals use stolen usernames and passwords to try and get into accounts on other sites. If you’ve used the same login information for different sites, your account could be at risk. Multi-Factor Authentication should be used whenever possible.

Beware of Phishing and email fraud attempts

Many email users are sent authentic-looking messages from reputable companies that ask for personal data. They may even claim that you won a contest or a prize, that your personal information is compromised or threatened, and that it's urgent you respond. It's called phishing and recipients who respond to such emails are exposed to identity theft.

These emails often ask recipients to confirm personal information such as date of birth, SIN number, phone numbers, credit card numbers, passwords, account data and other information. The email content will likely use credible email addresses and logos, and direct users to a fake a website where they are asked to provide this personal information.

If you receive what you think may be a phishing email from Atlantic Lottery, please contact us.