Access online services safely
The CRA is committed to provide a secure online environment so that Canadians can find information and complete transactions with us. Internet security requires a partnership between two parties—in this case, you and the CRA. Follow the steps below to reduce possible risks associated with using the Internet.
What the CRA does to ensure security
The Internet is an open and public network. When business transactions or online services involve confidential data, extra safeguards must be in place. The CRA takes steps to ensure the safety and integrity of transactions on our website. We ask that you do not transmit personal information to us using unsecured email because we cannot be sure who is sending the message. We also won't send personal information through unsecured email because we cannot ensure your confidentiality. We provide alternate secure methods of communications for your use.
CRA uses specially configured computer web servers for any business we do with you. We use corporate firewalls to protect our web servers from unauthorized access. We also securely store your personal information on separate computer systems that are not directly accessible from the Internet.
When transmitting personal information, we only allow access to our web servers from web browsers that meet high security standards of encryption. We ensure that your personal and financial information is encrypted—or scrambled—when it is transmitted between your computer and our web servers. This ensures that computer hackers and other Internet users access or alter the data being transmitted. Our standard for encryption is the Transport Layer Security (TLS) protocol. This ensures that transferred data is encrypted so that it cannot be read by anyone except the recipient.
What you can do to be safe online
Use a web browser that meets CRA security standards
Your browser is automatically tested by CRA's systems before you begin a transaction with us. You should keep your browser and operating system up to date. The CRA encourages you to upgrade to software that supports Transport Layer Security (TLS) 1.2. Check with the supplier of your browser and operating system for more details. For more information, go to Update your web browser.
Identify yourself properly
You need to give us two pieces of confidential information before you can use our secure services. These two pieces of identity information are used to create your digital signature. A digital signature is a type of electronic identification that can confirm the identity of the sender of a message, whether the message is encrypted or not. Digital signatures can only be generated by the sender. They can be verified, are tamperproof, cannot be forged or rejected, and ensure that the information contained in the message is not changed during transmission. Make sure that you keep this information and any passwords confidential so that others cannot use your digital signature.
If you use NETFILE, call us to change or replace a lost, misplaced, or compromised password
For other electronic services, such as the CRA login services, you can change your password at your convenience on our website.
Change your password regularly
A good password is made up of letters (a mix of upper and lower cases), numbers, and characters, does not contain names or words found in the dictionary, and cannot be easily guessed.
Install anti-virus software
Anti-virus software scans your computer and email messages for viruses. You have to regularly update your anti-virus software to be able to detect new viruses on your computer. Your anti-virus software helps protect the data stored on your computer and your operating system.
Install a personal firewall (some of which are free) on your computer
A firewall acts as a barrier between internal and external computers in a network, controlling the flow of information between the two. When a computer outside the firewall tries to communicate with a computer inside, it must first communicate with the firewall, which drops, allows or denies requests before it passes them to the destination computer. This process protects the destination computer from unauthorized access.
Enable your browser's cookies
Like with many Internet websites, cookies help the CRA to establish a secure session between you and us. Using cookies for this purpose does not put your computer or personal information at risk. We do not store any personal information in the cookies.
A cookie is a computer text file sent to a visitor's web browser (such as Internet Explorer) by a web server (the computer that hosts the website that is being accessed) in order to remember certain pieces of information. This can be useful for both website visitors and website operators because it can reduce the amount of time needed to input and process the same information each time a website is used. Cookies cannot read information from a visitor’s hard drive.
Typically, the information stored in a cookie is:
- a name (chosen by the website you are visiting;
- a value (unique number for the cookie that is determined by and stored by the website for future recognition and action);
- an expiration date;
- a valid path (details about the webpage(s) that the visitor was on when the cookie was sent);
- a valid domain (the name of the website that created and can retrieve the cookie); and
- a secure connection requirement (if the cookie is marked "secure," it will be transmitted only if the visitor is connected to a secure website).
It is the policy of the Government of Canada to inform you about the presence of cookies and how and when they are used. You will find this information by clicking on the Important Notices link at the bottom of the webpages and then linking to the Privacy Notice.
Your privacy is safeguarded under Canada's Privacy Act.
When you conduct a secure online transaction on the CRA website that requires personal information, we will notify you, and your browser may be asked to accept a cookie. This notification is referred to as a "Privacy Notice Statement" and appears on every part of the website where personal information is requested.
Turning cookies on and off
Most browsers can be set to accept a range of options, from accepting no cookies to accepting only certain types of cookies, to allowing all cookies.
Some browsers can also be configured to alert you before a cookie is placed on your computer and ask if you wish to accept it or not.
To decide how you can enable or disable cookies and activate any special alerts, click on the Help option in your web browser toolbar and search the help index using the word "cookies."
There are also inexpensive software programs available that can help you manage your cookies and enable you to easily turn them on or off and to delete them. These features are often part of software that allows easy and safe deletion of applications and files on your computer.
Clear your cache
When you visit a website, it is saved in your computer's memory and your browser's memory in an area called the cache. Your browser will then display the website more quickly the next time you visit because details about its contents, such as images and files, are stored in your cache. Your browser does not need to re-download all of the information about that website.
Information stored in your browser’s cache is not encrypted, so clearing the cache helps to ensure the security of your information.
After you complete a secure session, you should close and reopen your browser to clear your browser’s cache of cookies. If you are using Internet Explorer, you should also delete your temporary Internet files, before you close and reopen your browser.
Note that clearing your cache may mean that each time you login to the CRA login services, using that computer, you may have to answer a security question.
Keep Java applets on
Java applets are little programs that you can download over the Internet that run with your browser software. They are typically used to adapt or add interactive elements to a webpage. We recommend that Java applets be kept on while using CRA services.
Become a CRA PKI subscriber
You must subscribe to CRA PKI (public key infrastructure) to get certain CRA PKI services remove link and register for PKI-enabled programs, including Customs Internet Gateway, children's special allowance, National Child Benefit Service and other government-to-government programs, and business-of-government programs.
Update your web browser
Encryption has been used to transmit messages in various formats for hundreds of years. As technology has evolved, so have the methods of encryption—from manually coding text to using complex computer programs.
Encryption uses a mathematical formula and an encryption key to scramble information so that an unauthorized person cannot understand the information. The scrambled information is decoded—or changed back—into the original format using the same mathematical formula and a decryption key so an authorized person can understand it. While the information is encrypted, it cannot be viewed.
The CRA uses Transport Layer Security (TLS) encryption to protect the privacy of information passing between your web browser and CRA web servers. Encrypting the information allows it to be transmitted and confirmed safely.
Check your browser's encryption
To make sure that you can complete your transactions securely and confidentially, you must use a web browser that supports Transport Layer Security (TLS) encryption.
Once a secure session has been established, a padlock or key icon will appear in the bottom right corner of your browser window. This shows that data you are sending or receiving is encrypted.
Updating your browser
If your browser does not meet our security requirement of TLS encryption, you will need to upgrade the one you have or download a new browser.
Go to the following webpage on CRA services to see their specific requirements:
- CRA login services (My Account for individuals, My Business Account and Represent a Client) - Your browser
Setting up your device to use CRA online services
Over the next two years, the computing industry will eliminate certain security protocols that are more than 10 years old. The Canada Revenue Agency (CRA) is planning to follow the industry standard and upgrade its systems to fully support the most current security standards. To use CRA online services, you are encouraged to upgrade your operating system (OS) and web browser to support the most current industry security standards.
Currently, you need Transport Layer Security (TLS) 1.0 or higher to access the CRA’s secure services (MyAccount, MyBusinessAccount, Represent a Client). However, the CRA encourages you to upgrade now to software that supports TLS 1.2. Upgrading will not only ensure you can continue to access the CRA’s secure online services but help you avoid connection issues with other websites that are upgrading their secure protocols.
If you search the Internet for Check my client for TLS 1.2 you will find tools that can help identify if your system is compatible with TLS 1.2. If the tools show that your system does not support TLS 1.2, the CRA recommends you consider upgrading.
The CRA does not necessarily endorse the views expressed on other sites and does not endorse any commercial products that may be mentioned on the sites. If your location has firewalls or other security systems in place, this may affect results from online tools.
The following steps can help you:
Step 1 – Determine the version of your computer operating system
- Right click on the My Computer icon, which is usually found on your desktop or in the Start menu.
- Select Properties from the menu that appears.
- Look for Windows…
- From the Apple menu, choose About This Mac. The version number of OS X you are using appears directly below the words "OS X."
- Select Setting > General > About > Look for Version
- Select Settings > Security > About > Version
- In your Omnibox type: about: version
- Select Settings > Device Information > Look for Version
Step 2 – Determine which web browser version you are using
A web browser is a software program that is used to access the Internet. If you do not know what browser version you are running, follow these steps:
- Open Internet Explorer.
- Select Help in the menu bar
- Select About Internet Explorer.
- The version number is listed underneath the Internet Explorer name in the pop-up box.
- Open Safari.
- Select Safari in your Safari menu, located at the top of your screen.
- A drop-down menu will appear. Select About Safari.
- A pop-up box will contain the version number.
- Open Google Chrome.
- Select the wrench icon near the top right of the Chrome window.
- Select About Google Chrome.
- A pop-up box presents the version number just below the Google Chrome name.
- Select the menu button.
- Select Help.
- Select About Firefox.
- The version number is listed underneath the Firefox name in the pop-up box.
Step 3 – Determine if you need to upgrade to TLS 1.2
To find out if you need to upgrade, answer the following question:
What is your operating system?
Android 4.0 or higher
What is your browser?
What is your browser?
Mac OS X 10.7
What is your browser?
Mac OS X 10.9 or higher
What is your browser?
Windows 7 or higher
What is your browser?
Windows XP with Service Pack 3 or higher
What is your browser?
You need to upgrade your browser and your operating system to a version that supports TLS 1.2. The CRA recommends you upgrade to the newest software that your computer will support. Once you have updated, go to How to enable Transport Layer Security (TLS) to confirm that TLS 1.2 is enabled.
How to enable Transport Layer Security (TLS)
You must enable TLS to access CRA online services. The CRA encourages users to upgrade to TLS 1.2. See instructions below.
- Select Tools from the browser menu bar.
- Select Internet Options.
- Select the Advanced tab.
- Scroll down to Security section.
- Check Use TLS 1.2.
- Select OK.
- Close your browser for the new settings to take effect.
- Firefox uses TLS encryption by default and there is no setting to enable.
Safari (Windows, Mac)
- Safari uses TLS encryption by default and there is no setting to enable.
Chrome (Windows, Linux, Mac)
- Chrome uses TLS encryption by default and there is no setting to enable.
- Date modified: