You can’t control what others do with your personal information, but protecting it can help lower your risk of identity theft.
- Make your password long, strong and complex: at least twelve characters, with three different “character classes” (uppercase, lowercase, numbers, symbols). It’s best to put non-lowercase letters in the middle of your password and avoid common words or phrases. If it’s tough remembering them, consider password management software.
- Select security questions where only you know the answer. Find an answer that you will remember (for instance, “watching the Dodgers with my mom”) but is also more complicated than a generic word (“baseball”). Don’t use questions whose answers can be found in public records or online (like your zip code, birthplace, or your mother’s maiden name) or with a limited number of responses that an attacker can easily find or figure out (like the color of your first car).
- Use the added protection of multi-factor authentication, when it’s available. To log in, you must combine something you know (like a password), with something you have (like a code texted to a mobile phone) or something you are (like a fingerprint).
- Every time someone asks for your Social Security, credit card, or bank and utility account numbers – whether it’s online or in an email, a text, or call – think about whether you can really trust the request. Never share your Social Security number, address, or phone and account numbers on social networks or publicly accessible sites.
- Not sure whether someone who called or emailed is an imposter? Hang up or don’t reply – and check them out. Type the company name into your browser, go to their site, and contact them through customer service to see if they really contacted you.
- Lock up documents that show any financial account numbers and shred them before you toss them in the trash.
- Has your information been compromised in a data breach? Visit IdentityTheft.gov to find out what your next steps should be, depending on the type of information that was breached.