Boyce Thompson

Author of Designing for Disaster

Simple Tactics to Protect Your Online Identity

I had the distinct pleasure of hear a presentation on identity theft at the Tucson Home & Garden Show by James D. McFarlin. He reminded me of several best practices to protect your identity and finances online, some of them common sense, others less widely known. I’ve added several of my own gleaned from online resources to provide a top 10 list of tactics that you could make part of your daily routine.

  1. Use two-factor authentication for banking, investing, and other sensitive sites. Many financial may ask a second security question, like the name of your first school, before you can access your account. A more recent, and maybe even better, second step is to send a code to your smart phone. That makes it more likely that you are the authentic user since you’d need two devices to complete the log-in. Make sure your bank or investment advisor provides one or the other.
  2. Use different passwords for each site and store them somewhere. If you are like me and you connect a bunch of devices to a connected home system, it’s a royal pain to create unique passwords for every device and to store them somewhere where they can be easily accessed. You definitely don’t want to leave them in a “passwords” folder in your email system. Either write them down and keep them in a folder — I think that’s what moleskines were made for — or use a password manager app such as LastPass, DashLane, or KeyPass. Many sources, including USA Today, recommend LastPass because it’s free.
  3. Mouse over links in emails. I’d forgotten all about this, before McFarlin mentioned it. When you get a questionable email from a source purporting to be your bank or a major company asking you to change your passcode, run your mouse over the link to reveal its destination. If clicking on it doesn’t take you to Bank of America, Apple, Verizon, or whoever appears to be sending the email, don’t go there. This is the single most valuable tool to protect phishing attacks, says McFarlin.
  4. Closely examine the email. I can usually tell if an email is legit by looking carefully at the company logo and email template. An established company would have logo police who’d make sure the art and template were perfect, and the same, every time. Hackers may purposely include spelling errors in emails to evade spam detectors. That’s a pretty sure give-away.
  5. Be careful about using public Wi-Fi. My son’s identity was stolen and I’m pretty sure using public Wi-Fi was how it happened. Check whether the information you send is protected before you use a public Wi-Fi system in a coffee shop, airport, or hotel. Be particularly careful about buying things with credit cards over those systems.
  6. Surf the web wisely. Security experts advise using the pop up blocker on your Internet browser, even though this can make it time-consuming to surf the web and you may miss important bits of information. It’s also a good idea to periodically check the cookies in your browsers and delete the ones from unknown sources. The security settings in your browser may provide even greater protection; they are worth checking.
  7. Check add-ons and plug-ins connected to your email inbox. You can usually view the third-party services and applications that have access to your account. Delete the ones that you haven’t authorized and the ones that you no longer use.
  8. Check to see whether websites have HTTPS security. Don’t enter any sensitive information on websites that don’t have this security. HTTPS is usually identified in the URL bar of your browser. A small green lock next to it will say “secure.” You can even add a browser extension, HTTPS Everywhere, that makes it more likely you use sites that support it.
  9. Use browser extensions. Certain browser extensions will help secure your identity when you travel to unsafe parts of the Internet. Privacy badger prevents tracking and cookies. Adblock Plus blocks banner adds, pop-up ads, and rollover ads. It also stops you from visiting known malware-hosting domains and disables third-party tracking cookies and scripts.
  10. Check online periodically to see whether your identity has been compromised. There are sites you can check, haveibeenpwned.com, to see whether your email addresses or user names and passwords has been compromised by a known attack.