×

How to Protect Your Information Online

There are more reasons than ever to understand how to protect your personal information, as major website breaches become ever more frequent. On Thursday, Equifax, one of the three main credit reporting agencies, said that identifying information for 143 million customers had potentially been compromised.

How do I know if my personal information has been taken?

Unfortunately, you may want to assume that it was. Cyberattacks happen all the time.

As for this most recent Equifax breach, the company is directing consumers to its website to see whether their information had been stolen, though as of Thursday night, Equifax declined to comment beyond what it had already posted on its website.

What if I'm certain my data has been stolen from Equifax?

Set yourself up with fraud alerts in case someone tries to apply for credit in your name. To be safe, do this at all three credit reporting agencies, Equifax, Experian and TransUnion.

Then, consider spending a few dollars to set up security freezes at Equifax, Experian and TransUnion. This will lock down your credit files permanently, so that only companies that you currently do business with can see them. That way, if a thief applies for credit in your name, the company getting the application will not be able to access your credit file. No file means no new account. You will be able to temporarily open them each time you want to apply for new credit.

Should I change my passwords?

Regardless of the type of breach or the company involved, it's always a safe bet to change passwords for sites that contain sensitive information like financial, health or credit card data. Do not use the same password across multiple sites and do not use your Social Security number as a username or password, especially in the wake of the recent Equifax breach.

And if you were not doing so already, you will have to treat everything you receive online with an abundance of suspicion, in case hackers are trying to trick you out of even more information.

How do I create stronger passwords?

Try a password manager like 1Password or LastPass.

These sites create a unique password for each website you visit and store them in a database protected by a master password that you create. Password managers reduce the risk of reused passwords or those that are easy to decode.

More from The New York Times:
Equifax Says Cyberattack May Have Affected 143 Million Customers
Keeping Your Files Safe in Google's Cloud
Wirecutter Editor Shares the Tech That Can Improve Your Life

The Wirecutter, a product recommendations site owned by The New York Times, provides a helpful explanation of why password managers are so essential. They also maintain an updated guide to what it considers to be the best password managers.

If you must create your own passwords, try creating long, complex passwords consisting of nonsensical phrases or one-sentence summaries of strange life events and add numbers and special characters.

My favorite number is Green4782#

The cat ate the CoTTon candy 224%

Or, if you're extra paranoid, consider mimicking this setup. Take the sentence:

One time in class I ate some glue

And convert it into this:

1TiC!AsG

One time in class I ate some glue → 1TiC!AsG

In general, create the strongest passwords for the sites that contain the most sensitive information and do not reuse them anywhere.

Are passwords enough?

Passwords are not enough. If a site offers additional security features, like secondary or two-factor authentication, enable them. Then, when you enter your password, you will receive a message (usually a text) with a one-time code that you must enter before you can log in.

(Here's a link to turn on two-factor authentication for Gmail accounts. Here's one for Yahoo accounts, and here's one for Outlook accounts.)

Many bank sites and major sites like Google and Apple offer two-factor authentication. In some cases, the second authentication is required only if you are logging in from a new computer.

Won't security questions protect my data?

Sites will often use common security questions to recover a user's account if the password is forgotten.

These questions are problematic because the internet has made public record searches simple and the answers are usually easy to guess.

In a study, security researchers at Google found that with a single guess, an attacker would have a 19.7 percent chance of duplicating an English-speaking user's answer to the question, "What is your favorite food?" (It was pizza.)

With 10 tries, an attacker would have a 39 percent chance of guessing a Korean-speaking user's answer to the question, "What is your city of birth?" and a 43 percent chance of guessing the favorite food.