The “Heartbleed” Internet security bug recently brought the important issue of personal information security into the spotlight. While the Heartbleed bug was widespread and allowed scammers access to personal information including Internet usernames and passwords, it does not cause reason to panic. Most financial institutions, including Charles Schwab and TD Ameritrade, did not use the vulnerable OpenSSL protocol and resultantly were not directly impacted. However, other popular websites such as Gmail, Yahoo Mail, Facebook, and YouTube have been patched but left login credentials vulnerable to scammers before the bug was widely discovered.
This Heartbleed Hit List provides a great summary of the key websites that were impacted. If you use any of the affected websites and have not already changed your passwords, you should do so immediately. But do not stop there. If you commonly use the same password at multiple sites, you should also update all those passwords. Suspect that any thief who accessed your username and password from a vulnerable website will try the same login credentials at financial websites which were not impacted.
Educating people on how best to protect privacy, credit, and online security is becoming one of our most important roles in managing personal finances. We take many steps to safeguard personal information and prevent fraudulent activity but this battle against credit fraud has to be conducted on both our front and yours, which is why we spend time educating others.
The high profile Heartbleed bug presents a good opportunity to re-evaluate your personal safeguards in the fight against identity theft. Aside from the traditional precautions, there are two underutilized, important, and relatively painless steps that everyone should take in this fight against fraud.
1) Use a Password Manager
Many people recognize the need to go beyond passwords such as “password123″ in protecting themselves online. Nowadays, even a strong password with digits, characters, and unrecognizable words is not a surefire form of protection if you are using the same password for multiple websites. Ideally, you should have different passwords for all sensitive online accounts regardless of how strong your password(s) may be. Financial institutions, e-mail accounts, and file sharing sites such as Dropbox are the most obvious suspects for needing differentiated passwords.
However, maintaining multiple strong passwords by memory is a challenging or impossible proposition for most of us. This is where a password manager becomes essential. PC Magazine recently went so far to say, “Going online without a password manager is risky business.”
Several good options exist including Dashlane, LastPass, PasswordBox, and 1Password. A technology editor from the USA Today recently published a good summary of the top password managers. Dashlane is my personal favorite, although it does cost $29.99/year for the premium version that allows syncing across devices and web access to passwords.
2) Freeze Your Credit
A credit freeze (aka security freeze) is simple, cheap, and probably the single most effective means to protect your identity. Given the fact that more than 8 million people have their identity stolen every year, it is surprising how few people are aware of this opportunity or make use of it.
In most cases of identity theft, crooks use stolen Social Security numbers or other personal information to open new credit in the victim’s name. Protecting this information is certainly important but a credit freeze protects you even in the event that a thief gets such personal information. The freeze prohibits credit bureaus (Equifax, Experian, Transunion) from releasing information in your credit report and resultantly makes it nearly impossible for any new credit to be approved without your consent, even if a thief obtains your personal information and Social Security number. Contrast this with the publicized subscription service such as LifeLock where credit alerts are issued in your name for a hefty monthly fee. Unlike a credit freeze, these services monitor your credit but do almost nothing to prevent the theft of your credit.
Initiating a credit freeze for the first time requires contacting each of the three credit bureaus and can easily be accomplished with less than thirty minutes of effort. In fact, initiating a freeze may be the most useful 15-30 minutes you spend on personal finances all year. You are required to supply information such as your name, date of birth, Social Security number, and address. Links are provided below to initiate the process.
The cost of a freeze varies by state ranging from free in several states to a one-time fee of $3-$10 per bureau (Georgia is $3/bureau). Once the freeze is initiated, you are provided with a unique PIN by each bureau that allows you to temporarily lift (thaw) your credit freeze. Bear in mind that most states charge an additional fee ($3-$10) to temporarily thaw credit which will need to be done in situations such as applying for a new credit card, new loan, or even opening an account with a new cellphone provider. Speaking from experience, a credit freeze can easily be thawed for a set number of days or even hours by calling the respective bureaus or through a speedy online form (links below).
Click on the following links to initiate or temporarily thaw a credit freeze:
What are your thoughts? Have you had good or bad experiences with a password manager? Which one? Have you initiated a credit freeze in the past? What steps have you taken to protect your credit? Please do not hesitate to comment with your suggestions or thoughts.