Recently, 2.7 billing social security numbers, along with personally identifiable information (like security questions) was dumped on the dark web. Hackers got this information from an agency whose job was to protect this information. So what can you do?
Keeping your Info Safe
There are lots of data breaches each year and, as technology progresses (AI & Quantum Computing) they will become more common. There are a lot of pointers here, and it looks like a lot. Imagine how many there would be if I was paranoid!
Here are some tips you already know, but probably don’t follow (I know I don’t follow all of these):
- Use a hard-to-guess password. Check-out DinoPass.com for a fun password generator. Another trick is to replace letters with symbols, for example a=@, i=!, o=0
- Don’t reuse passwords.
- Don’t store passwords in your browser.
- Don’t login with Google (Gmail), Facebook, etc.
- If someone get’s access to your Google, for example, they will get access to everything you login to using Google
- If you loose access to your Google, it will suck!
- Setup 2-factor. Yes, it’s a pain! I get tired of entering them several times a day. Here are several 2-factor authentication options:
- Text message (or email) – this is the easiest way. A message is sent to your phone/email and you enter the code.
- Authenticator App – this is an app on your phone that creates a code that lasts only 20-30 seconds. A good authenticator app will work with all programs
- A “Key.” This is like an authenticator app, but it’s a seperate physical device. It works great unless you loose it. A key, like a Yubi Key, doesn’t replace the need to enter passwords.
- Passkey – Relatively new, the Passkey is similar to an authentication app, except it verifies you have posession of your phone by having you unlock your device. No codes, just unlock it (in theory, I’ve set this up twice and never actually used it)
- Use a quality password “Vault.” A good one will work on your phone and your computer so you always have access to your passwords. While not as secure, using a “Browser Shield” would be better than nothing at all.
- Use a good pin. Twelve (12) 4-digit pins makeup 27% of all the pins being used, is yours one of them?
- 27% of all pins in use are one of the following: 1234, 0000, 7777, 2000, 2222, 9999,5555, 1122, 8888, 2001, 1111, 1212, 1004, 4444, 6969 (perv), 3333, 6666, 1313, 4321, 1010 (courtesy of InformationIsBeautiful.net)
- Don’t use your street number – this is public information, SS# (it was just hacked!) or any other number the you use frequently for other purposes.
More tips for added security
- Don’t reuse your user name: Again, use something like DinoPass.com and a good password keeper and don’t reuse your user name
- Whenever possible, don’t use your email as your user name.
- Systematically clear out browser cookie and cache
- Close your tabs. This applies mostly to cell phone users. I recently checked my mom’s phone and she had 98 open tabs. I currently have 40 tabs; each one representing something I intend on doing something with!
- Use a “private” browser, such as Duck Duck Go, but it’s only private if you keep the browser history clear. If you use to it store logins and shop, it works just like any other browser. In Duck Duck Go, click the icon that looks like a flame to clear everything out (including your saved passwords)
- The Family Code: With the advent of AI and voice spoofing, it’s also time to set a secret family code only to be given to family members when they claim to be abducted or need access to sensitive information. As a family, we have a “family pin,” this family tradition was started by my parents in the 1980’s as a way to keep my sister and I safe. Don’t share this code digitally, have a family gathering and share it.
Did you forget your password?
If you let your computer “remember” your passwords, then you can find them by looking in your browser settings! Which means anyone using your computer can too.
A note on email recovery:
Setup your emailing app to use several authentication methods. Add your phone number, alternate phone number and email (ie, a friend or spouse,) and delegate your buddy to help with password recovery. I often encounter people who have lost their phone and with it their Google login and all their contacts, email, etc. If you didn’t setup backup recovery, there is no way to recover your account.
Protecting yourself from your Fake Self
At this point, you should assume your info is on the dark web. Here are some tips on keeping your identity from being used to open loans in your name:
1. Freeze your credit report with each of the main credit report agencies
What this means: Freezing your credit report means no-one can check your credit. If they can’t check your credit, lendors won’t lend money.
Temporarily lifting a freeze: If you need to apply for credit or a loan, you will have to “thaw” or temporarily lift the freeze. You can schedule the start and end date of the thaw.
The main credit agencies are:
2. Monitor Your Credit
Monitoring Service
While each agency can sell you a monitoring service, Credit Karma offers this service for free. Credit Karma is owned by Intuit (the makers of QuickBooks.) There may be other free monitoring services available.
3. Get a copy of your credit report
The law allows you to get a free copy of your credit report from each of the major credit bureaus once per year. To get it, go to https://www.annualcreditreport.com/
The FTC (Federal Trade Commission) has lots of helpful information about getting your reports on their website: https://consumer.ftc.gov/articles/free-credit-reports
4. Check Social Security Account
If you haven’t set it up already, claim your SSA.Gov account. You should also setup your id.me and login.gov accounts.
Why? So no-one else can claim and use them as you.
5. Setup Online Banking
I’ve heard plenty of people tell me they don’t use online banking, and that’s okay, but you should claim it and set it up with a crazy username and password so no-one else can use it!
6. Don’t give out your data
In summary: Don’t follow links or answer phone calls requesting personal information, even if they threaten you. Call or visit the site directly.
- Major companies will not call and ask for sensitive data. If they do, hang up! Call the number on the back of your card or the company’s main number. No matter how scary or threatening they sound, don’t give away your info!
- Don’t trust email messages that are “too good to be true.”
- Don’t follow a login link in your email. Some are legit, some aren’t, but it’s really hard to tell. Go to the internet and visit the site directly, or use the app on your phone.
7. Speaking of phones, lock them!
There is so much personal information and it is so easy to misplace. Setup your lock screen.
- You can call 911 from a locked phone. You can even call 911 from a phone with no service; so don’t let the kids play with an old phone.
- Most phones come with a way to find them.
For Android, you can login to your Google Account search for “Where’s my Phone?”
For iPhone, you can go to iCloud.com and login to your account.
If I know my phone is nearby I like to shout “Hey Google” (or Hey Siri) <pause for 5 seconds> “Play Music.” The assistant will open my favorite music app and start playing music. Unfortunately, it will also play music on my sister and my mom’s phones too!
What we use
As a business that accesses lots of different data on the internet, and allows for remote work, we needed a system that wouldn’t interfere with our work and keep us safe. We use the services of Arcadia Computers. They provide a virus/malware monitoring service that works for our business model and remote access so employees can work from home. Using remote access keeps our passwords safely in the office instead of on someone’s home computer. No, this isn’t a paid advertisement for them, I do trust this company. If you call them, tell them Lisa recommended you; and maybe they’ll send us a box of cookies at Christmas 😉