Privacy Is a Fairy Tale

Every day, we reveal our personal data to the world...

Swiping your credit card at the grocery store... driving through a toll booth that scans your license plate... walking past security cameras in buildings and on street corners that record your every movement...

All these mundane acts create a rich trove of data on you... a trove that hackers can tap into to steal your data and ruin your life.

For a moment, think about the following situations, which happen to more and more people every day...

• The IRS sends you a letter... Someone else already claimed your $5,000 refund.
• A debt collector tracks you down... You owe thousands on a credit card you never opened.
• The loan you need for your dream retirement home gets rejected... Somehow your perfect credit score has tanked, and you don't know how.
• You get an e-mail claiming you've been hacked... and the hackers want thousands of dollars as blackmail.

If one of these events or something similar hasn't happened to you yet... we think it's just a matter of time.

Each year, data breaches expose the personal information of hundreds of millions of people around the world.

An analysis of major data breaches from data-security firm Trend Micro showed the most common types of information stolen (and the most valuable to sell):

• Name
• Date of birth
• Social Security number
• Member ID number
• E-mail address
• Mailing address
• Telephone number
• Bank account number
• Clinical information
• Claims information

Now, it might seem impossible to keep up with all these hacks. You might be tempted to throw up your hands, accept data breaches as a part of modern life, and not take any action.

That just makes you a bigger target.

And, unfortunately, too many folks still don't take their online security seriously. According to the security firm Lookout, "123456" is the top password found among passwords leaked on the dark web. Anyone using that password is practically asking to be hacked.

If you're like most Americans, you likely use the same password for multiple sites. Maybe you use your kid's name or your anniversary date – something you know you can remember.

But that exposes you to all kinds of attacks.

You should follow certain rules when you choose a password. First, make them "strong and long."

One way to do this is to use a random combination of numbers, letters, and symbols (the characters above the numbers on your keyboard). Something like Hy7t*2wP$bq. Of course, those kinds of passwords are impossible to memorize, especially if you're using dozens of different ones. And it can be even less secure if you're keeping a list of your passwords somewhere. Either saved in a word document or in your e-mail drafts, for example.

Another technique is to use phrases unique and important to you, known as the Bruce Schneier method. Here's an example to show how it works. Say your phrase is, "I first saw my wife at a restaurant in New York." You can turn that into: I1stsmW@aRinNY. It still looks like a random jumble of characters, but it has meaning to you, making it easier to remember.

Second, don't use the same password for more than one website. If your password from one website is hacked – and you've used that same password on other sites – it's easier for thieves to steal bits of information from multiple places and put together your complete history and identity.

Finally, change your passwords often. Every few months is a good routine. But if that's hard to do, here's a great trick: When you set your clocks forward and backward for daylight saving time, change your passwords.

For added security, do what I do and use "two-factor authentication." Two-factor authentication requires your password plus another piece of information – like a code sent to your e-mail or a mobile device associated with your account – to log in to a website. I love using this feature.

Many companies – including Google, Apple, Microsoft, and Amazon – give you the option of using two-factor authentication, as do many banks, brokerage firms, and credit-card companies. When it's available... use it.

But even if you take this two-factor step, be wary of one feature that's intended to make you safer but actually puts you at greater risk...

Many websites ask extra "security questions" when you register. They often prompt you for bits of information like your first pet's name, the color of your first car, or your mother's maiden name. If you ever forget your password, these sites often use these questions to verify your identity.

These questions have two main flaws.

First, we make the answers too easy to guess. Cars only come in so many colors, although who would ever know my first car came in the color ermine? A popular security question is, "What is your favorite food?" According to research by Google, 19.7% of folks answer "pizza."

Second, someone could use social media accounts or a quick online search to find out the information. Think it's fun to fill out those "about me" Facebook posts? It's also dangerous. You could give away your answers to these security questions.

So if a website requires you to use security questions, I recommend you create your own question... something that needs a detailed answer that someone can't find online. Or if you can't do that, give unrelated answers.

For example, if the question is "What was the color of your first car," answer with something like "campingmelon," or – even more secure – a random sequence of letters, numbers, and symbols.

Take some time and review your passwords to make sure they're as secure as possible. While hacks will likely remain a regular part of life, these are some steps you can take so you can worry less about becoming a victim.

What We're Reading...

• The 20 most commonly hacked passwords.
• Something different: Wordle is going to get harder.

Here's to our health, wealth, and a great retirement,

Dr. David Eifrig and the Health & Wealth Bulletin Research Team
November 10, 2022