5 tricks to make your identity portfolio more secure

Ensure a triple-A rating by incorporating strong security, privacy practices into your routine

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Unlike a stock or cred­it port­fo­lio, the iden­ti­ty port­fo­lio is the one that most peo­ple neglect, even if they know it exists. Your iden­ti­ty port­fo­lio is not some­thing you can buy, trade or sell. It’s not easy to assign a val­ue to it. You can man­age it bad­ly and (most like­ly) not go bank­rupt. In most sit­u­a­tions, you won’t even lose any money—though you may not be able to get your hands on what­ev­er was stolen by iden­ti­ty thieves for a while. That said, a poor­ly man­aged iden­ti­ty port­fo­lio could cost you big time.

First of all, the longer your mon­ey is tied up (it can take between six months to almost one year to get a stolen tax refund), the longer it will lie dor­mant. You can’t invest accounts that are still receiv­able. Sec­ond, you lose some­thing that’s hard to quantify—your peace of mind and your abil­i­ty to get through your day undistracted.

Adam Levin, chair­man and co-founder of Credit.com and Cyber­Scout (for­mer­ly IDT911)

In more con­crete terms, while the crime com­mit­ted against you is get­ting sort­ed out, your cred­it will take a hit. You will lose the chance to take advan­tage of cred­it-based pur­chas­es while you are resolv­ing the fall­out from iden­ti­ty theft. (Not sure if you’ve been the tar­get of iden­ti­ty theft? You can check for signs by view­ing two of your cred­it scores for free on Credit.com.)

Here are five things you can do to improve your iden­ti­ty port­fo­lio to make sure that doesn’t happen.

1. Adopt two-fac­tor authentication

Increas­ing­ly, the web­sites you vis­it most—the ones that require authentication—will offer two-fac­tor authen­ti­ca­tion. Whether the process trig­gers a code being sent to your phone via SMS or it fires off an email with that infor­ma­tion, this sim­ple secu­ri­ty pre­cau­tion makes it more dif­fi­cult for a hack­er to take over your accounts. The rea­son: They need more than the answers to your secu­ri­ty ques­tions or your login cre­den­tials. Two-fac­tor authen­ti­ca­tion works because the scam­mer needs con­trol of your email or access to your SMS mes­sag­ing, which in most cas­es requires actu­al pos­ses­sion of your phone (and the secu­ri­ty code to unlock it).

2. Make your login/user ID complex

Hack­ers and scam artists are very good at crack­ing the vir­tu­al safes where you keep your mon­ey, and they know how to slip past the gates pro­tect­ing your social media activ­i­ty. Many sites still insist on mak­ing peo­ple use their email address­es as a user ID. While it’s not quite as risky as a Social Secu­ri­ty num­ber or a name/date of birth com­bi­na­tion, your email is per­son­al­ly iden­ti­fi­able infor­ma­tion (PII). If you are giv­en the choice to make up a user ID, there is no rea­son it has to be your name. Get cre­ative or treat it like a pass­word (but don’t get so cre­ative that you are tempt­ed to share your clever inven­tions with friends and strangers via social media). Always assume the bad guys are watching—they are.

3. Answer secu­ri­ty ques­tions creatively

Secu­ri­ty ques­tions are a real prob­lem. After decades of over­shar­ing on social media, your mother’s maid­en name, what high school you attend­ed, the make of your first car and your favorite action movie are all up for grabs. Think you’ve been care­ful? What about your friends? Are you tagged? Men­tioned? Even if you don’t have an account, chances are good that the peo­ple clos­est to you—those shar­ing bio­graph­i­cal infor­ma­tion with you—are active on social media. To avoid the pos­si­bil­i­ty of a crook guess­ing his or her way into your life, your answers to secu­ri­ty ques­tions should always be lies. As above, let your spir­it fly. But don’t be so cre­ative that you can’t remem­ber your lies. If you’re afraid of los­ing track, cre­ate a cheat sheet and store it on an encrypt­ed thumb drive.

4. Store your PII on an encrypt­ed thumb drive

Los­ing your most essen­tial per­son­al­ly iden­ti­fi­able infor­ma­tion is a real drag. I rec­om­mend scan­ning the most cru­cial doc­u­ments, as well as your login infor­ma­tion if you don’t use a pass­word man­ag­er, encrypt­ing that infor­ma­tion, and stor­ing it on an air-gapped device, a cat­e­go­ry that includes the hum­ble thumb dri­ve. Keep one at home and store the oth­er in a safe deposit box or a safe. This is par­tic­u­lar­ly use­ful when you’re traveling.

5. Choose built-in bio­met­ric authentication

Speak­ing of thumb dri­ves, for a rea­son­able price you can buy one that requires your fin­ger­print to access the infor­ma­tion stored on it. Whether it’s a new smart­phone or a gun safe, there are an increas­ing num­ber of prod­ucts that offer bio­met­ric secu­ri­ty fea­tures.

Remem­ber, as I dis­cuss at length in my book Swiped, don’t share too much infor­ma­tion with folks you don’t know, whether in per­son, on the phone or online via social media, and nev­er authen­ti­cate your­self to any­one unless you are in con­trol of the interaction.

Bear in mind, micro-trends on social media (10 con­certs I’ve been to, one is a lie; top 10 favorite movies, impor­tant books you’ve nev­er read, etc.) are not only a fun way to get to know your friends bet­ter. They offer hack­ers infor­ma­tion that can be used to answer secu­ri­ty ques­tions. In fact, you nev­er know the ori­gin of these dig­i­tal sta­di­um waves. It’s wise to assume they were start­ed by iden­ti­ty thieves look­ing to har­vest usable infor­ma­tion. So resist the urge to answer them.

It’s also crit­i­cal to set long and strong pass­words and prop­er­ly secure all com­put­ers, smart­phones and tablets used by you and your fam­i­ly. As men­tioned, use two-fac­tor authen­ti­ca­tion when pos­si­ble and shred sen­si­tive documents.

Too much to remem­ber? The non­prof­it Iden­ti­ty Theft Resource Cen­ter (ITRC) has cre­at­ed a sim­ple set of pro­to­cols called SHRED:

• Strength­en passwords

• Han­dle PII with care

• Read cred­it reports annually

• Emp­ty your purse/wallet

• Dis­cuss these tips with friends

I encour­age you to do all of the above and make good pri­va­cy and secu­ri­ty hygiene a part of your dai­ly life. Change the way you think about iden­ti­ty theft and your per­son­al­ly iden­ti­fi­able infor­ma­tion. Over time, you will nat­u­ral­ly become more vig­i­lant. You will bear in mind what hap­pens when peo­ple over­share on social media. You will be care­ful about who you tell what and why. You will not let down your guard, and before you know it, your iden­ti­ty port­fo­lio will have a triple-A rating.

Full dis­clo­sure: Cyber­Scout spon­sors Third­Cer­tain­ty. This sto­ry orig­i­nat­ed as an Op/Ed con­tri­bu­tion to Credit.com and does not nec­es­sar­i­ly rep­re­sent the views of the com­pa­ny or its partners.

More on iden­ti­ty theft:
Iden­ti­ty Theft: What You Need to Know
3 Dumb Things You Can Do With Email
How Can You Tell If Your Iden­ti­ty Has Been Stolen?