For any given day in the year, there is at least one story that a large amount of user information has been stolen from Company X or an online service. Is there any way to prevent this from happening to you?
The quick answer is no, unfortunately. The reason? A large portion of the control of this information is out of your hands. Companies, government agencies and online services just may not keep the information you supply to them safe from unauthorized access.
However, there are lots of ways you can minimize the damage such breaches cause and safeguard your credit and financial well-being.
The most important thing you can do is minimize the amount of data (personal and otherwise) that you store online. For example, if a web store has a button for “Remember Me,” leave it unchecked. When asked if you want to store credit card information for future “ease of access,” say no. The same advice applies to signing up for email newsletters and their counterparts. You have no control over what the newsletter writers do with your information once you give it to them.
If you do have online accounts with your bank, insurance company, or retail stores, which have a login ID and password, here’s some advice to minimize your risk.
NEVER re-use the same password at different sites. If your data gets leaked at site A, and you have the same password at sites B and C, you could be at risk. (If you’re saying, “I can’t remember all those passwords,” see my advice further down in this article on electronic aids.)
Don’t use anything recognizable as your user ID. While most online sites now use your email address for your login ID, several allow random strings of characters. Try combining two addresses you’ve had (“trenton3089”) and, like your password, DON’T re-use the same login ID at multiple sites.
If the online service offers “two-factor authentication,” sign up for that. This will text a code to your phone or use an authenticator app when you log in, and is an extra level of security. Even if your user ID and password are breached, the hacker can’t get in without entering this secondary information. As two-factor authentication is random and changes every minute or so, it also can’t be guessed.
If the sheet of legal paper on which you’re written your passwords is now too ragged to read, enter the 21st century. Stand-alone password managers are available and many are free. These tools can store your passwords in encrypted format and can generate new complex passwords. Best of all, they can automatically fill in the password on websites you visit, without your having to know what the password really is. Many modern web browsers such as Google Chrome, Firefox, Safari and Edge have a built-in function for this. There is really no excuse for the dog-eared index card any more.
So, the worst happens to you and you’re notified that your credentials have been stolen. What should you do? Two things: change your password on the breached site immediately, and if possible, delete your account with the service that suffered the breach. The latter may not always be possible, but if they’re not paying proper attention to security, you don’t need to be a party to it.