Access online services safely
The CRA is committed to provide a secure online environment so that Canadians can find information and complete transactions with us. Internet security requires a partnership between two parties—in this case, you and the CRA. Follow the steps below to reduce possible risks associated with using the Internet.
What the CRA does to ensure security
The Internet is an open and public network. When business transactions or online services involve confidential data, extra safeguards must be in place. The CRA takes steps to ensure the safety and integrity of transactions on our website. We ask that you do not transmit personal information to us using unsecured email because we cannot be sure who is sending the message. We also won't send personal information through unsecured email because we cannot ensure your confidentiality. We provide alternate secure methods of communications for your use.
CRA uses specially configured computer web servers for any business we do with you. We use corporate firewalls to protect our web servers from unauthorized access. We also securely store your personal information on separate computer systems that are not directly accessible from the Internet.
When transmitting personal information, we only allow access to our web servers from web browsers that meet high security standards of encryption. We ensure that your personal and financial information is encrypted—or scrambled—when it is transmitted between your computer and our web servers. This ensures that computer hackers and other Internet users access or alter the data being transmitted. Our standard for encryption is the Transport Layer Security (TLS) protocol. This ensures that transferred data is encrypted so that it cannot be read by anyone except the recipient.
What you can do to be safe online
Use a web browser that meets CRA security standards
Your browser is automatically tested by CRA's systems before you begin a transaction with us. You should keep your browser and operating system up to date. Your software is now required to support Transport Layer Security (TLS) 1.2. Check with the supplier of your browser and operating system for more details. For more information, go to Update your web browser.
Identify yourself properly
You need to give us two pieces of confidential information before you can use our secure services. These two pieces of identity information are used to create your digital signature. A digital signature is a type of electronic identification that can confirm the identity of the sender of a message, whether the message is encrypted or not. Digital signatures can only be generated by the sender. They can be verified, are tamperproof, cannot be forged or rejected, and ensure that the information contained in the message is not changed during transmission. Make sure that you keep this information and any passwords confidential so that others cannot use your digital signature.
If you use NETFILE, call us to change or replace a lost, misplaced, or compromised password
For other electronic services, such as the CRA login services, you can change your password at your convenience on our website.
Change your password regularly
A good password is made up of letters (a mix of upper and lower cases), numbers, and characters, does not contain names or words found in the dictionary, and cannot be easily guessed.
Install anti-virus software
Anti-virus software scans your computer and email messages for viruses. You have to regularly update your anti-virus software to be able to detect new viruses on your computer. Your anti-virus software helps protect the data stored on your computer and your operating system.
Install a personal firewall (some of which are free) on your computer
A firewall acts as a barrier between internal and external computers in a network, controlling the flow of information between the two. When a computer outside the firewall tries to communicate with a computer inside, it must first communicate with the firewall, which drops, allows or denies requests before it passes them to the destination computer. This process protects the destination computer from unauthorized access.
Enable your browser's cookies
Like with many Internet websites, cookies help the CRA to establish a secure session between you and us. Using cookies for this purpose does not put your computer or personal information at risk. We do not store any personal information in the cookies.
A cookie is a computer text file sent to a visitor's web browser (such as Internet Explorer) by a web server (the computer that hosts the website that is being accessed) in order to remember certain pieces of information. This can be useful for both website visitors and website operators because it can reduce the amount of time needed to input and process the same information each time a website is used. Cookies cannot read information from a visitor’s hard drive.
Typically, the information stored in a cookie is:
- a name (chosen by the website you are visiting;
- a value (unique number for the cookie that is determined by and stored by the website for future recognition and action);
- an expiration date;
- a valid path (details about the webpage(s) that the visitor was on when the cookie was sent);
- a valid domain (the name of the website that created and can retrieve the cookie); and
- a secure connection requirement (if the cookie is marked "secure," it will be transmitted only if the visitor is connected to a secure website).
It is the policy of the Government of Canada to inform you about the presence of cookies and how and when they are used. You will find this information by clicking on the Important Notices link at the bottom of the webpages and then linking to the Privacy Notice.
Your privacy is safeguarded under Canada's Privacy Act.
When you conduct a secure online transaction on the CRA website that requires personal information, we will notify you, and your browser may be asked to accept a cookie. This notification is referred to as a "Privacy Notice Statement" and appears on every part of the website where personal information is requested.
Turning cookies on and off
Most browsers can be set to accept a range of options, from accepting no cookies to accepting only certain types of cookies, to allowing all cookies.
Some browsers can also be configured to alert you before a cookie is placed on your computer and ask if you wish to accept it or not.
To decide how you can enable or disable cookies and activate any special alerts, click on the Help option in your web browser toolbar and search the help index using the word "cookies."
There are also inexpensive software programs available that can help you manage your cookies and enable you to easily turn them on or off and to delete them. These features are often part of software that allows easy and safe deletion of applications and files on your computer.
Clear your cache
When you visit a website, it is saved in your computer's memory and your browser's memory in an area called the cache. Your browser will then display the website more quickly the next time you visit because details about its contents, such as images and files, are stored in your cache. Your browser does not need to re-download all of the information about that website.
Information stored in your browser’s cache is not encrypted, so clearing the cache helps to ensure the security of your information.
After you complete a secure session, you should close and reopen your browser to clear your browser’s cache of cookies. If you are using Internet Explorer, you should also delete your temporary Internet files, before you close and reopen your browser.
Note that clearing your cache may mean that each time you login to the CRA login services, using that computer, you may have to answer a security question.
Keep Java applets on
Java applets are little programs that you can download over the Internet that run with your browser software. They are typically used to adapt or add interactive elements to a webpage. We recommend that Java applets be kept on while using CRA services.
Become a CRA PKI subscriber
You must subscribe to CRA PKI (public key infrastructure) to get certain CRA PKI services remove link and register for PKI-enabled programs, including Customs Internet Gateway, children's special allowance, National Child Benefit Service and other government-to-government programs, and business-of-government programs.
Web browser security update
At the Canada Revenue Agency (CRA), protecting your personal data is critical. The Treasury Board Secretariat and the Communications Security Establishment (CSE) have recommended that the Government of Canada update its security protocols for all its websites.
If your browser is not up to date
To better protect your data, the CRA has upgraded its secure online services. If you are using a recent version of a major web browser, you will not encounter any issues when accessing CRA’s secure online services like My Account or My Business Account.
Newer browsers use current versions of the security protocol to keep your personal information safe. If you are using an older browser that is missing those critical security features, you will be unable to access CRA’s secure online services and might see one of the following messages when attempting to log on:
- Page Can’t Be Displayed
- Cannot Establish a Secure Connection
- Page Not Available
When you upgrade your browser, the issue will automatically be resolved.
Upgrading your browser to access the CRA’s online services
Upgrading your web browser will ensure continued access to the CRA’s secure online services. Select the appropriate link below for instructions to update your preferred web browser.
The CRA does not endorse the views or commercial products promoted on other sites. If your computer has firewalls or other security systems in place, this may affect the ability to update your browser.
Report a problem or mistake on this page
- Date modified: