Identity Theft
Identity theft is becoming more and more common and due to things outside your control like data breaches. I personally was a victim of Identity theft and in the process, I learned some things that can be done to protect yourself and minimize the effects from identity theft.
Thieves have your personal info
The first thing to remember is that it only takes one data breach and your information is on the dark web FOREVER. It doesn't go away and will ALWAYS be available for criminals to buy and use. Because of this you have to assume that your information is out there in the hands of criminals. If you are lucky enough for it to not be YET it will be someday and you will not find out about until after the fact. So, you need to build protection with that mindset.
You need to start thinking like a criminal and think how you can get money using someone else's personal information and to put it plainly using your good name and ruining it. The easiest way is to do so without ever stepping into a physical office. That means mail applications or through the internet.
Update your contact info
When you move or get a new phone number update your contact information EVERYWHERE that has financial or medical information at a minimum. If you don't your personal information could be going to someone that at best throws it in the trash and at worst uses it to steal your identity. Think about how many companies ask for your address and date of birth and phone number for identity verification. This is a terrible thing to use especially in this scenario. If they have your address or phone, they can probably look on Facebook and get your date of birth and guess the year you were born. Or if friends post how old you are in a public message on Facebook or other social media, guess what it is available to everyone now.
Security Freeze on Credit
If you do nothing else, contact the three credit agencies and setup a FREE security freeze. This will make it so no one can access your credit report unless you unlock it for a period of time. This does mean an extra step for you, but it is one of the best things you can do to protect your financial information and protect yourself from identity theft.
Security freeze on your Consumer File
Security Questions and Password
Internet is particularly attractive because there are tools for trying lots of passwords. Though much easier is to use your security questions. If you can don't use them or if they are required then use randomly generated characters of length 20. That way they are as secure as your password. Don't use the same answers between question or accounts. Thieves LOVE it when you use the same password or security questions for multiple accounts. The reason is simply because once they get into one, or there is a data breach that exposes it they can now go and try the information on lots of popular sites such as banks, online shopping, email, etc.
A good password is 20 characters and contains a random sequence of characters, numbers, symbols. Do not increment a digit or character in the password when you change it either. Hackers know ALL the tricks and they try them. You don't want the answers to be predictable and by their nature security questions limit the possibilities and make guessing possible.
Password Vault
This brings me to the most important thing you can do online and that is use a password vault to keep manage your passwords. Then all you need is a very long 15-20 character master password that is 100% unique and very difficult to figure out. I highly recommend 1 Password because among other great features it requires a file on your device before you can login. This is one more piece of information that the thief will need before they can access your password vault. You want as many factors protecting it as you can since it has ALL your passwords (except the master password) in it.
MFA
Absolutely be sure that your master account has MFA (Multi-Factor Factor) authentication. Ideally this will only be done through a 6 digit code via an authenticator app. These are more secure than having the code sent via text. Do not send codes via email if you can help if since if the thief has access to your email account then he has access to everything.
Always use MFA if it is available for all your accounts. Any form of MFA (text, call, email, etc) is better than not having a second factor. The best is an authenticator app. There are other factors that are equally as good or better, but again any additional factor will make it that much harder to be hacked.
I understand MFA is a hassle. 1Password can also be your authenticator app and automatically fill in the secure codes required for MFA. You can also remember a device in many cases (assuming it is secure and personal). The cool thing about 1Password is that your authenticator app configuration is automatically backed up in case you lose your phone or get a new one.
Mobile Phone PIN
The reason text messages are not safe is they can be hacked and the easiest way to do so is just to call the mobile provider and convince them that "you" got a new phone (their phone) and to port your phone number to this new phone. Now they have the second factor. To stop this you need a good pin on your mobile plan that is required before porting. Put this in your password vault so you won't forget it. Do NOT make this easy to remember like a birthday, year, etc. It needs to be random and as long as the mobile provider will allow.
Verbal Password
Here are some of the easiest and most lucrative places criminals will choose to impersonate you.
- Bank
- Credit Cards
- Loans
- Investments
- Online shopping
- Online Identity
- Medical
Let's look at each of these to see how you can protect yourself.
Be very careful who you give your credit card to online. Just because they have a website does not make them a legitimate company. If companies that are worth billions have data breaches what is to stop mom and pop or small business, large business, etc websites from having one. No one is immuned to hackers and data breach. The best thing is to limit who you give that information to. An excellent solution to this is to use something like Paypal which means they are the only ones that have your credit card and the website does not, so they can't lose it. One reasonable strategy is to use Amazon because you can buy anything from them and then you are only giving it to one website instead of many. Don't keep multiple card on file with a website. Better yet, keep it in a password vault and auto-fill only when you pay at least then the hope is that it is not stored long term and is only used for the transaction and then discarded. Enable emails that show when you place and order or change shipping addresses, etc. Like all things online be sure to add all the things like verbal passwords, long random unique passwords and security questions, MFA using a secure token or the best they have.
Online Identity