5 tricks to make your identity portfolio more secure
Ensure a triple-A rating by incorporating strong security, privacy practices into your routine
By Adam K. Levin, Special to ThirdCertainty
Unlike a stock or credit portfolio, the identity portfolio is the one that most people neglect, even if they know it exists. Your identity portfolio is not something you can buy, trade or sell. It’s not easy to assign a value to it. You can manage it badly and (most likely) not go bankrupt. In most situations, you won’t even lose any money—though you may not be able to get your hands on whatever was stolen by identity thieves for a while. That said, a poorly managed identity portfolio could cost you big time.
First of all, the longer your money is tied up (it can take between six months to almost one year to get a stolen tax refund), the longer it will lie dormant. You can’t invest accounts that are still receivable. Second, you lose something that’s hard to quantify—your peace of mind and your ability to get through your day undistracted.
In more concrete terms, while the crime committed against you is getting sorted out, your credit will take a hit. You will lose the chance to take advantage of credit-based purchases while you are resolving the fallout from identity theft. (Not sure if you’ve been the target of identity theft? You can check for signs by viewing two of your credit scores for free on Credit.com.)
Here are five things you can do to improve your identity portfolio to make sure that doesn’t happen.
1. Adopt two-factor authentication
Increasingly, the websites you visit most—the ones that require authentication—will offer two-factor authentication. Whether the process triggers a code being sent to your phone via SMS or it fires off an email with that information, this simple security precaution makes it more difficult for a hacker to take over your accounts. The reason: They need more than the answers to your security questions or your login credentials. Two-factor authentication works because the scammer needs control of your email or access to your SMS messaging, which in most cases requires actual possession of your phone (and the security code to unlock it).
2. Make your login/user ID complex
Hackers and scam artists are very good at cracking the virtual safes where you keep your money, and they know how to slip past the gates protecting your social media activity. Many sites still insist on making people use their email addresses as a user ID. While it’s not quite as risky as a Social Security number or a name/date of birth combination, your email is personally identifiable information (PII). If you are given the choice to make up a user ID, there is no reason it has to be your name. Get creative or treat it like a password (but don’t get so creative that you are tempted to share your clever inventions with friends and strangers via social media). Always assume the bad guys are watching—they are.
3. Answer security questions creatively
Security questions are a real problem. After decades of oversharing on social media, your mother’s maiden name, what high school you attended, the make of your first car and your favorite action movie are all up for grabs. Think you’ve been careful? What about your friends? Are you tagged? Mentioned? Even if you don’t have an account, chances are good that the people closest to you—those sharing biographical information with you—are active on social media. To avoid the possibility of a crook guessing his or her way into your life, your answers to security questions should always be lies. As above, let your spirit fly. But don’t be so creative that you can’t remember your lies. If you’re afraid of losing track, create a cheat sheet and store it on an encrypted thumb drive.
4. Store your PII on an encrypted thumb drive
Losing your most essential personally identifiable information is a real drag. I recommend scanning the most crucial documents, as well as your login information if you don’t use a password manager, encrypting that information, and storing it on an air-gapped device, a category that includes the humble thumb drive. Keep one at home and store the other in a safe deposit box or a safe. This is particularly useful when you’re traveling.
5. Choose built-in biometric authentication
Speaking of thumb drives, for a reasonable price you can buy one that requires your fingerprint to access the information stored on it. Whether it’s a new smartphone or a gun safe, there are an increasing number of products that offer biometric security features.
Remember, as I discuss at length in my book Swiped, don’t share too much information with folks you don’t know, whether in person, on the phone or online via social media, and never authenticate yourself to anyone unless you are in control of the interaction.
Bear in mind, micro-trends on social media (10 concerts I’ve been to, one is a lie; top 10 favorite movies, important books you’ve never read, etc.) are not only a fun way to get to know your friends better. They offer hackers information that can be used to answer security questions. In fact, you never know the origin of these digital stadium waves. It’s wise to assume they were started by identity thieves looking to harvest usable information. So resist the urge to answer them.
It’s also critical to set long and strong passwords and properly secure all computers, smartphones and tablets used by you and your family. As mentioned, use two-factor authentication when possible and shred sensitive documents.
Too much to remember? The nonprofit Identity Theft Resource Center (ITRC) has created a simple set of protocols called SHRED:
• Strengthen passwords
• Handle PII with care
• Read credit reports annually
• Empty your purse/wallet
• Discuss these tips with friends
I encourage you to do all of the above and make good privacy and security hygiene a part of your daily life. Change the way you think about identity theft and your personally identifiable information. Over time, you will naturally become more vigilant. You will bear in mind what happens when people overshare on social media. You will be careful about who you tell what and why. You will not let down your guard, and before you know it, your identity portfolio will have a triple-A rating.
Full disclosure: CyberScout sponsors ThirdCertainty. This story originated as an Op/Ed contribution to Credit.com and does not necessarily represent the views of the company or its partners.