Nearly 73 million Americans got a big – and terrible – surprise over Easter weekend...
Telecom giant AT&T broke the news that it failed to protect data on millions of customers... Hackers stole personal information like Social Security numbers, names, and dates of birth.
Each year, data breaches expose the personal information of hundreds of millions of people around the world. If you've used the Internet, there's a good chance at least some of your personal information is out there for fraudsters to use.
An analysis of major data breaches from data-security firm Trend Micro showed the most common types of information stolen (and the most valuable to sell):
- Name
- Date of birth
- Social Security number
- Member ID number
- E-mail address
- Mailing address
- Telephone number
- Bank account number
- Clinical information
- Claims information
If you find out your personal information was leaked in a data breach, you might resignedly think that all you can do is set up a credit-monitoring service and passively let the service do all the work of looking for red-flag activity.
But you can do more than just play the "watch and wait" game...
Know this grim truth... Once you submit your personal information on a company's website, you have no power over how securely the company stores those details.
And, as we're seeing with the recent AT&T breach, you don't have to be an active customer – former customers had their information stolen, too.
Even if you aren't impacted by a data breach, you should always practice good web hygiene. It's just like having good personal hygiene – washing your hands and regularly brushing your teeth keep things clean so you don't get sick. Similarly, keeping good web hygiene helps prevent identity theft.
That starts with your password...
If your password is "123456," you're already in trouble. NordPass ranked that as the No. 1 most common password in the world.
When creating a password, think "strong and long"... like one you'd see if your cat or dog walked all over your keyboard or your kid mashed a bunch of keys. That means a random combination of numbers, uppercase and lowercase letters, and symbols.
Of course, those kinds of passwords are impossible to memorize, especially if you're using dozens of different ones. And it can be even less secure if you're keeping a list of your passwords saved in a word-processing document or in your e-mail drafts, for example.
Another technique is to use phrases unique and important to you, known as the Bruce Schneier method...
Here's an example to show how it works. Say your phrase is, "I first saw my wife at a restaurant in New York." You can turn that into "I1stsmW@aRinNY." It still looks like a random jumble of characters, but it has meaning to you, making it easier to remember.
The other golden rule of password safety is to not use the same password for more than one website. Identity thieves can easily gather your information from the multiple sites you used the same password for and piece together your complete history and identity.
Don't forget to change your passwords frequently – every few months or so. If you have trouble remembering, at least remind yourself to change your passwords when you change your clocks for daylight saving time.
You can do more than just keep your passwords strong...
To make your account less hackable, do what I do and use two-factor authentication, or "2FA" for short. This forces you to submit your password plus another piece of information when you're logging into a site.
One example is a code that's sent to an e-mail address or cellphone number associated with your account. Then you would have to enter that same number when logging in, which adds an extra layer of security. If you're given the option to use 2FA, go for it.
I prefer setting up and using a kind of 2FA where you establish "security questions" to answer if you ever forget your password. Common questions include your first pet's name, the color of your first car, or your mother's maiden name.
But these questions require answers that are all too easily guessed. Cars only come in so many colors, although who would ever know my first car came in the color "ermine"?
Plus, someone could get those answers by simply doing a quick online search or scoping out any social media profiles you have that aren't private. What you type into the "About Me" field on your Facebook profile could very well give away your answers to these security questions.
So if a website requires you to use security questions, do what I do and create your own question if you're given that option. You can make a question that requires a super-detailed answer.
Or you can set up an unrelated answer. For example, if the question is "What was the color of your first car," answer with something like "campingmelon," or – to be even more secure – a random sequence of letters, numbers, and symbols.
Finally, take one more preventive measure every time you browse the Internet. You want to make sure the site you're about to visit – and hand your information over to – is safe in the first place.
Check out the URL and look for "https://" at the beginning. And you might see an icon to the left, too. Depending on the browser, you might see a shield, a lock, or, in the case of Chrome, this:
That icon is clickable and gives you more information about the security of the site you're on. The "s" stands for "secure" in "secure sockets layer," or SSL for short. The SSL certifies that the site you're about to type your personal information into isn't fake.
Also, this is an obvious one, but don't ignore a giant warning taking up the entire browser window. It may have a blaring message telling you that you're about to access a deceptive site. Or it might mention that your connection isn't private.
That's your browser saying it thinks the site isn't safe to visit. In that case, heed the warning and close the window or tab you're on.
If you're looking for more ways to get preventive and defensive, I happen to have a book that's chock-full of tips and strategies. It's my "field manual" to navigating any kind of crisis, from the one crucial step to take if you or a loved one is injured to how to survive a plane crash or an active shooter situation. Snap up a copy for yourself right here.
What We're Reading...
- Your password better not be listed in 2023's "Hall of Shame."
- Something different: Would you eat this purple tomato?
Here's to our health, wealth, and a great retirement,
Dr. David Eifrig and the Health & Wealth Bulletin Research Team
April 4, 2024