The ONLY WAY to Keep Your Identity Safe
The term “identity theft” is tossed around a lot – you see it everywhere. However, when it comes to identity theft what you think you know about it can be more dangerous that what you don’t know about it.
There are a lot of myths about identity theft, and we’re pretty sure that some of these myths have been perpetuated by the same people who perpetrated the fear of tracking cookies and who extol firewalls as the panacea to identity theft and that would be none other than security software companies. Security software companies, particularly those whose Internet security suites contain firewalls often make ridiculous claims that a firewall can miraculously stop identity theft, and they add insult to injury by claiming that anti-spam software – sometimes contained in these security suites also protect you from identity theft.
The fires of those myths are fanned by companies like Lifelock, who make such ridiculous claims that the FTC fined them for making fraudulent and ludicrous claims.
How many of you remember the guy who started Lifelock foolishly driving around in a van with his social security number painted on the side to show how Lifelock protected his identity even if he displayed his social security number to the world?
Supposedly, you were to believe that Lifelock would protect you even if you stupidly published your social security number like he did. But again the real truth was kept from you.
The real truth is that this shenanigan cost this guy a lot – his identity was stolen 13 times.
“…LifeLock CEO Todd Davis, whose number is displayed in the company’s ubiquitous advertisements, has by now learned that lesson. He’s been a victim of identity theft at least 13 times, according to the Phoenix New Times.
That’s 12 more times than has previously been known.
In June 2007, Threat Level reported that Davis had been the victim of identity theft after someone used his identity to obtain a $500 loan from a check-cashing company. Davis discovered the crime only after the company called his wife’s cellphone to recover the unpaid debt.
About four months after that story published, Davis’ identity was stolen again by someone in Albany, Georgia, who opened an AT&T/Cingular wireless account using his Social Security number (.pdf), according to a police report obtained by the New Times. The perpetrator racked up $2,390 in charges on the account, which remained unpaid. Davis, whose real name according to police reports is Richard Todd Davis, only learned a year later that his identity had been stolen again after AT&T handed off the debt to a collection agency and a note appeared on his credit report…”
But wait, there’s more and you can read it here.
Of course, most of you aren’t going to publish your social security number on your Facebook account, or tweet it on Twitter or paint it on the side or your house or car. The point I’m making is that Lifelock is just one of many companies and security software developers who make absurd claims in order to trick people into buying their security software program or security service.
The public should be infuriated with this sort of trickery, but as the snake oil salesmen of a bygone era knew so well, people seem to be eager to believe crazy, patently false claims, if they’re marketed correctly. I bet most of you who have seen Lifelock’s TV commercials didn’t know that its founder had his identity stolen thirteen times while supposedly protected by Lifelock.
Even Lifelock’s claims, though false, are a lot less false than claims made by companies like Symantec (Norton), McAfee, Avast, AVG, and others who either flat out claim their firewalls and / or marvelous security software prevent identity theft or at least allude to it.
Here’s what Symantec/Norton says about Norton 360 (a security suite):
NORTON 360™ ONLINE
ALL-IN-ONE SECURITY
Ultimate protection, performance, and peace of mind against digital dangers.
PC security defends against viruses, spyware, botnets, and more
Identity protection safeguards you against online identity theft
PC Tuneup keeps your PC running at peak performance
Automated backup and restore protects your important files from loss
Protects your identity when you buy, bank, and browse online…”
We’ve bolded the false claims Norton makes above. The sheer audacity of Norton (and many others) amazes us – it shouldn’t but it does.
That they can get away with such preposterous nonsense is predicated on one thing – no one can easily prove they are not true. If someone using Norton had their identity stolen – and we will bet there are a plethora of them – Norton could claim several things to divert the blame away from themselves.
How many people have had their identity stolen while using Norton and other security software no one knows – but you can bet the number is very large. So these companies play their marketing games trying to one-up the other by making more and more bodacious claims which no average user can ever really dispute.
These companies do more harm than good by spreading the myth that security software or identity theft services can somehow magically protect you from yourself and thus lull their users into a false sense of security.
And then you have the people who won’t buy online because they’re afraid they’ll have their identities stolen, but who then march right down to Walmart or Best Buy and slide their credit card through the scanner – or worse – dine out and hand the waiter their credit card. Whether the people who claim they won’t buy online know it or not, they are buying online anytime they run their card through a credit card reader or use their credit card to dine in a restaurant – it is all going out over the internet and all those card numbers and purchase and names and addresses are all being stored on – you guessed it – the Internet.
Even if you don’t own a credit card, you’re still on the Internet. If you have a social security number or a driver’s license, you’re on the Internet. If you pay real estate taxes, or vote, you’re on the Internet.
Everyone wants an easy way to speed up their computers or remain safe online – and there are many legitimate companies that know this and pander to it and make a lot of money by doing so.
Only you can prevent your identity from being stolen. And it’s not by using a security software program, though you need a good antimalware/antivirus program. And it’s not by not refusing to shop online.
No, it’s none of the above. What it is this:
Accepting the fact that your safety depends on you and then following through by using common sense and educating yourself about your computer and the Internet will keep you safer than all the security software and / or identity theft services put together.
An amazingly high percentage of identity theft occurs because people click links in phishing emails that supposedly were sent by their banks or credit card companies. When the click those links they are taken to a clone site – which looks exactly like the bank’s or credit card company’s site and there they voluntarily give up their social security number, passwords and other vital private information. Needless to say, if this happens, their identity has probably been stolen.
Another way identity theft happens is people who use weak passwords or use the same password for every site. Once a miscreant knows your email address he can try to log into your email account using one of many password cracking tools. If your password is “password” or “brenda58? it will take them about 2 seconds to crack the password, get into your email account and find out a lot about you. And if any of those emails came from a bank or credit card company – then your identity is at risk. And once they know your email password, they’ll go to your bank and credit card companies and use the same password to try to log into your accounts. And they’ll be successful if you are one of the many millions who use simple passwords and then compound that problem by using that same simple password on every site.
It’s human nature to want to blame someone else for our own woes, but a good percentage of the time we create our own troubles – and we’re not just talking about the Internet either.
If you want to protect your identity, don’t believe anyone who tells you that their software or their services can protect your identity. It is, after all, your identity and only you can protect it. So accept the responsibility and the challenge and start today to protect your identity by forgetting the myths and lies of those who want to sell you a panacea for everything.
Here’s the secret to keeping your identity safe:
1. Use strong passwords – If you’re still wandering around without a password manager, get one and allow it to generate 12-14 character random passwords for each site. Don’t worry about remembering them – that’s what the password manager is for. LastPass is free and it now includes a feature that lets you change your passwords easily and frequently.
2. Never use the same password for more than one site. Use different STRONG passwords for every site you have to log in to.
3. Change your passwords once every six months. Replace one strong password with another strong password especially on financial sites, credit card sites, or online stores – or any site which stores sensitive data about you.
4. Never, ever, ever, ever click a link on an email that looks like it came from your bank, your stock brokerage, your credit card company, or any online store or financial site which asks you to change your passwords, update your information, or log in to your account to check it.. Never ever click that link. If you’re in doubt, type the address of the site in your browser and go to the site and check to see if you need to change anything – if you do it will show up when you log in.
If you click links in emails that ask you to change your password or anything else on a financial site, bank site, credit card site, online store or any site that deals with money or highly sensitive information – you’re going to get your money or your identity stolen faster than you can say “Cloudeight”.
So now you know that trickery abounds and many companies just want your money. They will make all sorts of false promises and wild claims to get it. But not a single software program or service can protect your identity.
The only one who can is you.
LifeLock is the scam of all scams. In spite of the FCC rulings, fines, and opinions levied against them, they are STILL permitted to run their ads to entrap even more unsuspecting victims. To add insult to injury, the spokesman in their current TV ads is Rudy Giuliani, ex major of NYC, an attorney, a Republican Presidential Candidate, now private citizen, attorney, and speaker. Read his bio and list of exemplary crime-fighting accomplishments on Wikipedia. His association with this company simply boggles my mind. Tells me a lot about Giuliani, as a person.
I’ve used LastPass now for about 3 years. I have over 400 passwords and seldom remember any of them. LastPass remembers all of them. Even the free version makes sure I am on the correct site before it will enter a password. I often use it to go to the sites, just for safety sake. I think everyone should use it.
This might me a dumb question, but I’ll ask it any way. What prevents cyber criminals from getting my passwords from LastPass?
What keeps you safe is all passwords stored on LastPass are encrypted and only someone with a key can open your password vault. it’s not likely they’ll be able to find the encryption key since it’s uses AES 256-bit encryption. That means it would take a trillion years for someone to crack a 256-bit encryption key.
LastPass uses AES 256-bit keys. AES utilizing 256-bit keys.AES-256 is accepted by the US Government for protecting TOP SECRET data. AES is implemented in JavaScript for the LastPass.com website, and in C++ for speed in the Internet Explorer and Firefox plug-ins.
This is important because your sensitive data is always encrypted and decrypted locally on your computer before being synchronized. Your master password never leaves your computer and your key never leaves your computer. No one at LastPass (or anywhere else) can decrypt your data without you giving up your password (we will never ask you for it). Your key is created by taking a SHA-256 hash of your password. When you login, we make a hash of your username concatenated with your password, and that hash is what’s sent to verify if you can download your encrypted data.
The only password you ever have to remember is your master password — and that is your encryption key. If your master password is reasonably strong it would be virtually impossible for anyone to get your passwords. There would be a much greater chance of someone breaking into your house and stealing your computer and your passwords from a notebook stored in a safe than someone cracking AES 256-bit encrypted data .
Good question, Jean Paul. I have wondered the same thing. I like the idea of a password manager so I don’t have to be concerned about forgetting to write a new one down every time I create a password, but I have wondered what happens if my password manager has a problem or cyber crime. What would be “Plan B” in that scenario?
Read my answer to Jean Paul
I clicked on the link for LastPass in the article
, thinking it might be about time to put some password security in place, but I just cannot get to the download link for the free service. I seem to have gone round in circles
I would rather be my own pass word manager and if I forget a password
I can always make a new one. I feel more secure keeping my own list of
pass words in a safe place if I do forget or need them. You are soooo right about
never use the same password for more than one site. Use different STRONG
passwords for every site you have to log in to and do not give any personal
information on any site that is a not a secure site with the https: symbol or
lock on it. Thanks for trying to keep us safe out here it is cruel harsh world
we live in today.
Thanks for all the good information you give to all.
Donna
The last pass link is simply https://lastpass.com/
I have been using Roboform for a number of years. I like it, but how does it compare to Dashlane or Lastpass? Roboform everywhere is not free. I value your opinion and would love to hear your thoughts as I am considering downloading Lastpass on my laptop and IPad. Thanks so much.
Dashlae is a little over the top but it works; LastPass is great. Roboform is good…the important thing is using a password manager is important these days – because using a strong password for every important log in is important.
Thank you so much for your response. I think I will give Lastpass a try.
Will the free version allow me to log into my accounts from other devices besides on the computer Last Pass resides? I have and iPad, mobile phone, laptop, as well as two work provided computers. I like to go to Amazon or check balances, etc. during my break or lunch time.
LastPass (free) cannot be used with multiple devices. You have to use LastPass Premium (Paid version) to access passwords using multiple devices – that being said, LastPass cannot protect an open Internet connection. Any time you use an open Internet connection, you should never access sensitive accounts. If your internet connection at work is secured, it might be OK to check bank accounts etc., but I sure would be csreful.
Wow, I didn’t expect such a quick response to my question. Thank you very much! The internet where I work is not an open connection, but thanks for the reminder for sure. I’m assuming you are talking about the free public WiFis like McDonald’s or other places offer. With so much mobility on devices, it’s tempting to take care of business everywhere, and it’s sage advise not to give in to that temptation. Do you consider it an open connection if a person is not using wi-fi, but their own data from their provider? I try to tell my daughter not to access her bank but home, but I don’t know I can only advise…..