Ask an Expert: Alum shares cyber security life hacks

Nav Bassi cyber security expert
UVic alum and cyber security expert Nav Bassi. Photo supplied

UVic alum and cyber security expert Nav Bassi offers up some life hacks to keep you better protected online.


In our new “Ask an Expert” feature, we learn useful tips and life hacks from UVic alumni. 

Name: Nav Bassi
Expert in: Cyber security and new technology.
Current job: Principal, Product Strategist, Workday, Inc.
• Former Senior Director & Chief Information Security Officer at the University of Victoria and  Instructor with UVic’s Division of Continuing Studies.
UVic degrees: BSc in Computer Science, ’05; MBA ’10

What is the biggest mistake most people make when it comes to their personal cybersecurity?

The biggest mistake is not taking basic steps to protect login information: Choose long, unique passphrases and keep them safe from prying eyes. If I have your login, I am—for all intents and purposes—you, and can do everything you can do. If you have the option to enable multi-factor authentication, do it.

You speak about the importance of a unique passphrase, not password. Can you explain the difference and why it’s important?

A password is just a single word. They can be difficult for us to remember, but easy for a computer program to guess quickly, for example: PassWord2022!  A passphrase is a sentence, with spaces and punctuation, that we can remember but will take a long time for a computer program to guess, for example: What if 1 person had a special Trans Am in 1985?

Does everyone need a password manager?

Everyone needs a system for creating and securely remembering unique passphrases, otherwise we’ll be tempted to create easy ones or reuse them. Passphrase managers can help us by generating good passphrases, storing them securely, and making it easy to access them when needed. Some modern passphrase managers can even tell you when a service has had a security breach and advise you to change your passphrase.

One thing you’d like everyone out there to know, or stop doing:

Attackers rely on rushing you into making a mistake; pause and verify before clicking on that link or providing that information. This could be as simple as discussing with a friend whether something seems legitimate.

Have you ever been caught in a digital scam? Or come close?

Once I had a voicemail claiming to be from the RCMP with a phone number to call them back. I actually began dialing the number before I caught myself, slowed down, and thought it through. Checking their website confirmed it wasn’t legitimate, and Googling the number revealed many others had received similar calls.