How to Stop Identity Thieves in Their Tracks

October 13, 2014

“So the combination is... one, two, three, four, five? That's the stupidest combination I've ever heard in my life! That's the kind of thing an idiot would have on his luggage!”

Fans of Mel Brooks will remember that quote from his classic Star Wars parody, Spaceballs. Of course, that was just a joke in a movie. Nobody would ever actually use something simple like "12345" as their password, right? Wrong. A recent report by SplashData  found “123456” was the most commonly used password in 2013, followed by, amazingly, "password."

In an age when passwords are directly tied to important data like bank accounts, credit cards, and other financial products, a poorly secured identity could end up costing you thousands of dollars. And whether it’s a team of Russian hackers stealing billions of logins and passwords, or a small-time crook cloning your credit card to make fraudulent purchases in another time zone (this happened to me a few years ago), make no mistake, your data is always being threatened.

So how do you protect yourself? There are a couple things you can do, and they aren’t as complicated as you might think.

Pick a strong password

Obviously, not picking a password like “123456” is, or at least should be, a no-brainer. But did you know doing things like replacing the letter “a” with an “@” or the letter “E” with a “3” might not be very effective? Instead, security experts like Roger Grimes say to make your passwords longer, instead of more complex. Grimes also makes a great point about making your password recovery question something potential data thieves can’t find using simple research.

Diversify your passwords

This is one of the toughest data security challenges for people, mostly because it means having to remember a lot of different passwords, and changing them fairly frequently. The frequency at which you change your password can help protect you from having to change it in response to worldwide data security issues like the recent trouble with the Heartbleed bug.

I’ll be the first to admit that my passwords aren’t diversified or changed enough, but it’s one of the best ways to protect yourself, and your data. If you’re really struggling to remember all your different passwords and their iterations, you may want to consider using a password manager. The main drawback to a password manager is it represents a single point of vulnerability for all your data. If you think your memory is good enough, keeping them stored in your head is going to stop pretty much everyone except maybe Jack Bauer.

Whatever you do, don’t make an identity thief’s job easier by writing down your password and keeping it somewhere like your wallet or your desk at work.

Monitor your accounts

Data security isn’t just about protecting your passwords and logins; it’s also about being vigilant, and aware of your personal information. If you see something fishy on your bank statements, email, or other password-protected service, your first step should be to immediately change your password. The next step is to check your credit report.

You are allowed to view reports from each of the three credit reporting bureaus once a year for free, but the personal finance sources I’ve seen have a hard time making the case for monthly credit monitoring services that amount to a rip-off since you’re unlikely to check it more than a couple times a year.

Use common sense

If you get an email containing a link from someone you don’t know, or you see suspicious posts on social networking sites, don’t click them. Never give your password to anyone—if you’re contacted by an authentic employee of any company you’re dealing with, they will never ask for your password for any reason.

Don’t download files from unknown senders. Being smart about the way you use your computer, smartphone, and other personal electronics is the best way to avoid being exposed to data and identity thieves. This goes for offline data security as well: don’t carry your social security card or your birth certificate in your wallet, and shred sensitive documents you no longer need (Local Denver television outlet KUSA holds its annual Shred-a-thon every spring if you don’t have access to a shredder or have a large quantity of sensitive documents.)