There are more reasons than ever to understand how to protect your personal information, as major website breaches become ever more frequent. On Thursday, Equifax, one of the three main credit reporting agencies, said that identifying information for 143 million customers had potentially been compromised.þþHow do I know if my personal information has been taken?þþUnfortunately, you may want to assume that it was. Cyberattacks happen all the time.þþAs for this most recent Equifax breach, the company is directing consumers to its website to see whether their information had been stolen, though as of Thursday night, Equifax declined to comment beyond what it had already posted on its website.þþWhat if I’m certain my data has been stolen from Equifax?þþSet yourself up with fraud alerts in case someone tries to apply for credit in your name. To be safe, do this at all three credit reporting agencies, Equifax, Experian and TransUnion.þþThen, consider spending a few dollars to set up security freezes at Equifax, Experian and TransUnion. This will lock down your credit files permanently, so that only companies that you currently do business with can see them. That way, if a thief applies for credit in your name, the company getting the application will not be able to access your credit file. No file means no new account. You will be able to temporarily open them each time you want to apply for new credit.þþShould I change my passwords?þþRegardless of the type of breach or the company involved, it’s always a safe bet to change passwords for sites that contain sensitive information like financial, health or credit card data. Do not use the same password across multiple sites and do not use your Social Security number as a username or password, especially in the wake of the recent Equifax breach.þþAnd if you were not doing so already, you will have to treat everything you receive online with an abundance of suspicion, in case hackers are trying to trick you out of even more information.þþHow do I create stronger passwords?þþTry a password manager like 1Password or LastPass.þþThese sites create a unique password for each website you visit and store them in a database protected by a master password that you create. Password managers reduce the risk of reused passwords or those that are easy to decode.þþThe Wirecutter, a product recommendations site owned by The New York Times, provides a helpful explanation of why password managers are so essential. They also maintain an updated guide to what it considers to be the best password managers.þþIf you must create your own passwords, try creating long, complex passwords consisting of nonsensical phrases or one-sentence summaries of strange life events and add numbers and special characters.þþMy favorite number is Green4782#þþThe cat ate the CoTTon candy 224%þþOr, if you’re extra paranoid, consider mimicking this setup. Take the sentence:þþOne time in class I ate some glueþþAnd convert it into this:þþ1TiC!AsGþþOne time in class I ate some glue → 1TiC!AsGþþIn general, create the strongest passwords for the sites that contain the most sensitive information and do not reuse them anywhere.þþAre passwords enough?þþPasswords are not enough. If a site offers additional security features, like secondary or two-factor authentication, enable them. Then, when you enter your password, you will receive a message (usually a text) with a one-time code that you must enter before you can log in.þþ(Here’s a link to turn on two-factor authentication for Gmail accounts. Here’s one for Yahoo accounts, and here’s one for Outlook accounts.)þþMany bank sites and major sites like Google and Apple offer two-factor authentication. In some cases, the second authentication is required only if you are logging in from a new computer.þþWon’t security questions protect my data?þþSites will often use common security questions to recover a user’s account if the password is forgotten.þþThese questions are problematic because the internet has made public record searches simple and the answers are usually easy to guess.þþIn a study, security researchers at Google found that with a single guess, an attacker would have a 19.7 percent chance of duplicating an English-speaking user’s answer to the question, “What is your favorite food?” (It was pizza.)þþWith 10 tries, an attacker would have a 39 percent chance of guessing a Korean-speaking user’s answer to the question, “What is your city of birth?” and a 43 percent chance of guessing the favorite food.
Source: NY Times
