Cybersecurity Blog

How to Limit the Potential Damage from Stolen Credentials – 05/11/17


Another day, another list of Mount Royal emails that may have been compromised. How? The emails were used as usernames to login to external websites/accounts. These external websites then had their user’s login credentials stolen.  This is not a concern if each website has a unique password.  However if you reuse the same username and password combinations for multiple websites, once one is compromised they are all compromised.

As it is not a question of if but when one of your websites has their user’s credentials stolen, how do you minimize the damage?

  • Avoid using your Mount Royal email to login to external websites whenever possible. Some sites require your work email to access their services. However the majority of sites allow you to enter any email address.
  • Create a separate gmail account for logging in to work related websites. New accounts can be created/added from the Google login page.  Once a new account has been added, you can view its inbox on a separate tab giving you access to both your accounts at once.
  • Use personal emails for personal sites. This will save you from embarrassment. When a site has a Mount Royal email in its list of usernames and it gets hacked, we are notified. We really don’t want to know that you have a Neopets account.
  • Use a unique password for every website. Having difficulty coming up with and storing so many passwords? Use a password manager to store and generate passwords.
  • Change your passwords regularly.  A significant amount of time often passes before theft of login credentials is detected giving criminals lots of time to use them before they are changed. Changing your password makes stolen credentials useless.