Learn more about investing with interesting stories and articles.

The new, everyday reality of data breaches, and how you can protect yourself

Posted by Nancy Hall-Chapman October 15, 2021 • 6 min read

Share to Facebook Share to Twitter Share with Email
  • Data breaches are an everyday reality in today’s online world
  • Having a strong password isn’t enough
  • Multiple layers of authentication can keep your information more secure
a woman looking at her phone with concern

Once upon a time, all you needed to do to keep your online information secure was to set a strong password and avoid clicking links from suspicious-looking emails. Stories about data breaches cropped up from time to time, but not every week. The likelihood of your personal and financial account information being compromised or, worse, you becoming a victim of identity theft seemed remote—something that might happen to other people, but not you.

Times have changed. Securing your personal data is more important than ever—especially as the number of data breaches that have already occurred in 2021:

At the corporate level, many companies have adopted, and continue to develop, a layered approach that combines multiple firewalls and data encryption to ensure the security of your information. For details on the security measures Questrade has in place, see Questrade’s Privacy Policy (under Security).

While companies are establishing policies to safeguard customer data, protection of your online information is a shared responsibility—it’s important for you to take an active role. Below are some examples of tools Questrade provides that you can set up to control access to your account and personal information, as well as tools to monitor your account activity.

Layered authentication for accessing your online information

Layered, or multi-factor authentication (MFA), is the modern approach—ensuring no one but you, or people authorized by you, can access your online accounts. MFA uses a combination of credentials:

What you know (your password)
What you have (your phone)
Who you are (your fingerprint or face)

On their own, each of these credentials is not completely effective for authenticating users. But when combined, they can be very secure.


There was a time when setting up a strong password ensured no one could access your online account. But now, in an era where one person could have over 100 different logins, using the same password for every login carries enormous risk. User-created passwords are still a standard login credential, so it’s important to follow these best practices when you create one:

  • Make your password complex—“easy to remember, hard to guess.” The current recommendations are at least 16 characters long and a mix of uppercase and lowercase letters, numbers, and symbols.
  • Do not reuse passwords. Create a different complex password for each of the online sites you access
  • Change each of your passwords at least once every 180 days (6 months).

Maintaining your passwords may seem like a tall order. However, user-created passwords are the most easily accessed by a hacker and therefore most vulnerable to a data breach. So it’s worth taking some extra time to make your passwords as bullet-proof as possible. A password manager app for storing and managing your passwords can help with this, but do your research to make sure the app itself is fully secure.

2-step verification (2SV)

2SV is an extra layer of security you can set up to use, along with your other credentials, when you log in to your account. With 2SV, a time-sensitive verification code is sent to you, usually as SMS text to your mobile phone. You enter this code, along with your user ID and password, to access your account. Learn how easy it is to set up 2SV for your Questrade account.

You can also use a Mobile Authenticator app as a layer of additional security. Authenticators send verification codes through encrypted data. Questrade supports all the most common authenticator apps, including Google authenticator, Microsoft authenticator, Twilio Authy, and LastPass authenticator. 

If you have 2SV enabled and there’s an unauthorized attempt to log in to your account, 2SV will block the attempt. You’ll receive a message with the verification code, your first clue that there may have been an attempted security breach of your account. This is helpful, because the sooner you’re alerted to suspicious activity with your account, the sooner you can contact whoever your account is with to investigate the attempt.

Biometric ID (fingerprint, touch, or face ID)

This is an added layer to safeguard your information—a unique characteristic such as your fingerprint, eye patterns, or facial features you use to identify yourself when you log in to a computer or secured site. If you have biometric ID set up on your mobile device, you can also set this up on the QuestMobile app so you can log in to your account using your fingerprint or other biometric data.

Automated alerts

When it comes to security breaches, time is of the essence to report a possible breach. So it’s important to regularly review your account activity, monthly statements, and trade confirmations. Familiarize yourself with this information so that you can pick up quickly on any unusual transactions or amounts.

Automated alerts are a great way to stay on top of your account. At Questrade, you receive email alerts to let you know when your account has been logged into from a different device, location, or browser. Learn more about last login alerts.

If you have a Questrade trading account, you can set up trade confirmation alerts, so that you can view all orders that are initiated from your account. Learn more.

If you do suspect there has been unauthorized activity in your account, change your password immediately and contact Questrade. Learn more about reporting a suspicious activity or breach. It’s also a good idea to review our Online Security Guarantee which explains our policy, processes, and shared responsibilities if an unauthorized transaction were to occur.

Online security may be the last thing you want to think about, but data breaches do happen and they can affect many. Recognize that reality, and then take the steps you need to protect and monitor your personal and financial data.

Note: this is an existing blog that we have updated for re-release during the 2021 Cyber Security Awareness Month

If you enjoyed this post, please consider sharing it on Facebook or Twitter!

P.S. We’d love to meet you on Twitter or on Facebook

The information in this blog is for information purposes only and should not be used or construed as financial or investment advice by any individual. Information obtained from third parties is believed to be reliable, but no representations or warranty, expressed or implied is made by Questrade, Inc., its affiliates or any other person to its accuracy.