Category Archives: Tools

Protect Your Privacy: Adjust Facebook Privacy Settings on Images

It makes sense to protect your privacy online as much as possible. The problem, though, is that these days it’s hard to keep in touch with friends and family if you aren’t involved in social networking.

Indeed, social networking can be a great way to stay in contact with loved ones — especially if you want to make sure that grandma living three states away can enjoy pictures of her grandchildren. I know my mom loves being able to see pictures of my son on Facebook.

As you post images, though, it’s important to make sure that you understand your privacy options. I prefer my Facebook photos to be set to “Friends” so that only those who are actual friends of mine can see them. This protects my privacy, as well as protecting the privacy of my son.

Facebook Privacy Settings

Limiting Who Can See Your Facebook Photos

If you want to better maintain privacy on Facebook, you need to be careful about who sees your photos. First of all, Facebook now automatically uses your last setting for the privacy setting on your next image. So, if you want to protect your images going forward, just choose a particular privacy setting before uploading a new picture.

It’s also possible to set up custom Facebook privacy settings. I have gone through this process to allow my images to be seen only by Friends, but to let my status updates be seen by Friends of Friends. You can play around with custom settings to limit who sees what.

It’s even possible to put together a list of custom friends to limit which of your friends can see images. So, if you only want grandma and a few other family members to see pictures of your new baby, it’s possible to do that.

It’s a little more challenging to change the Facebook privacy settings on images that have already been posted. You either have to change them one at a time, or use an option that will apply a blanket to all your old posts. In the Privacy Settings and Tools section, you will see a “Limit Old Posts” button. Use that button to hide everything old. If you are unsure, it makes sense to choose this option, and then use your custom settings going forward.

Turn Off Location Services to Enhance Facebook Privacy Settings

Many of us, when using smart phones to take pictures, have the location services turned on. This means that when you snap a picture, the location is saved as well — and posted to Facebook.

That means if you take a picture of your adorable six-year-old at home, the location of your home will be saved with the image and uploaded to your accounts. Let that sink in for a minute.

One way to reduce the chances of your child’s location being known (whether you take the picture at home or in front of his or her school, or at a favorite playground) is to turn of the location services. Most smart phones allow you to do this in Settings.

The good news is that you don’t usually have to turn off the location services for every app. You can customize which apps are associated with location services. I’ve turned off location services for my smart phone’s camera altogether so that I don’t have to worry about it as much. However, location services is still on so that I can use my GPS and maps apps, and so that I can effectively use my stargazing app.

Take the time to customize your settings on your phone, as well as to review your Facebook privacy settings. You’ll guard better against identity theft, and better maintain what shred of online privacy you have left to you.

5 Tips for Better Password Security

Your first line of defense against identity theft is your password. In fact, if you want to protect your sensitive data, your password is extremely important.

One of the reasons that the Heartbleed vulnerability was so scary was that it had the potential to expose your passwords to hackers and scammers. If you want better password security, consider implementing the following tips:

password security

1. Don’t Use the Same Password for Everything

One of the oldest tricks in the hacker book is to get one username and password combination. Many people use the same information to protect multiple accounts. If someone manages to hit upon your username and password for one site, s/he can simply try a bunch of other major sites, using the information, and checking to see if it’s possible to get in.

If you want to protect yourself from this sort of problem, it makes sense to use different passwords for different sites. It’s not fun to remember all those passwords, but it’s safer. There are a number of tools, such as 1Password, that can help you keep track of everything easily, while still allowing you to protect your personal information with good password security.

2. Change Some of Your Passwords Regularly

Next, make sure you change some of your passwords regularly. Some passwords don’t actually need to be changed all that often. Interestingly, studies indicate that changing a bank password every three to six months might not matter.

However, it does make sense to change your password to email, social media, and other similar services regularly because these are accounts that people will wait around to “listen” in on. Switching it up can confound someone who is waiting for you to divulge important information via these accounts.

3. Choose Something Unconnected to Your Life

Many people choose their pets’ names, kids’ birthdates, and other publicly available information for their passwords. While this can make it easier to remember, it also makes it easier for scammers and hackers to guess your password. If you want better password security, you need to move away from your life as a source for inspiration.

When you choose a password that can be cracked by personal information that someone can glean by looking at your Facebook profile or reading your blog, you are setting yourself up for difficulty. Instead, choose passwords that are unconnected to your life, and make it a point to keep them as random as possible. If you have a password tool, it can help you keep track of those unusual passwords more effectively.

4. Make It Long

One of the keys to a more secure password is length. Many web sites require that you choose a password that is at least six or eight characters. This is because the longer a password is, the more combinations are possible — and the harder it is to crack.

So, even though the web site might impose a minimum on you, that’s no reason to just stick with the minimum. In fact, there are indications that you should have a password of at least 12 characters for best effect.

Once again, it’s important not to put memorability above security. In today’s world, since almost everything important is online, you really do need to protect yourself. Make your password as long as you can (many sites have a 16 character limit) and use a password tool to help you keep track of everything.

5. Mix It Up With Letters, Numbers, and Symbols

Mixing it up can make your password even harder to crack. Rather than using all numbers or all letters, mix it up a little. Incorporate number, letters, and symbols into a your password. And try to make it random. It’s much harder for someone to crack a password like 6Th*1s_dM&2x than it is if you use something like Grizz1989.

A combination of upper case and lower case letters is a good idea as well. Try to make your password as random as possible, since that will make it harder to crack. Some web sites won’t let you add symbols to your password, you might just have to work with letters and numbers. But with a good mix and a little randomness with your capitalization, you can still create a pretty decent password.

Worried About Heartbleed? Here’s What to Do

By now, you’ve probably heard about Heartbleed, the security vulnerability that affects more than 66 percent of the sites on the Internet. Heartbleed is a vulnerability in the OpenSSL software that is popular for web site encryption.

While it’s tempting to swear off the Internet forever, that’s probably not a viable option. Instead, it makes more sense to be careful about how you use the Internet, and take steps to protect your information and your identity. Here’s what to do if you are concerned about Heartbleed:

heartbleed

Don’t Panic

First of all, don’t panic. The Heartbleed vulnerability only allows someone to grab 64k of data at a time. But here’s the thing: It’s only random data. The person exploiting Heartbleed can’t choose which data to grab. Of course, different data can be grabbed from the server over and over again, and the exploiter is bound to come up with something “good” at some point.

From the NSA to hackers, the Heartbleed vulnerability has been available for more than two years. While some of your information might be out there, and your identity might be compromised, you don’t want to over react. Take a step back, avoid panicking and move forward.

Find Out Which Sites are Vulnerable

Next, you need to figure out which sites are vulnerable to Heartbleed. A number of sites have already fixed the problem, so it might not be an issue. Unfortunately, you can’t rely on the old methods of determining web site security to find out if there is a Heartbleed problem.

The good news is that there are lists and web apps that can help you check for Heartbleed vulnerability, letting you know if something needs to change. You can also read this helpful guide from IT World, which takes you beyond the lists and apps, which might not always be completely accurate.

You can also install a plug-in from Chrome or Firefox to help you identify sites vulnerable to Heartbleed as you surf.

Find out which of your heavily used sites are vulnerable, and then go from there.

Password Rotation

You will need to change your passwords on sites that are vulnerable to Heartbleed. However, realize that this doesn’t do you much good until after the site has updated its OpenSSL to reflect the fix. Until the site itself has updated, changing the password won’t help much.

Once the site is updated, you need to change your password. One of the best things you can do is to use different passwords for each site. This is because many hackers know that consumers often use the same username/password combo on multiple sites. Cracking one could open up your entire life. Don’t let that happen.

Good password practice is to choose a different password for each site. If you don’t want to try to keep track of them all, identity theft tools like password managers can help you keep different passwords without having to memorize them all, or hunt them up on a piece of paper.

In any case, you should rotate your passwords regularly, at least every six months, for maximum security and identity protection. Even without Heartbleed threatening your identity, you should pay attention to your passwords and change them regularly.

Keep Tabs on Your Credit Report

Finally, make sure that you keep tabs on your credit report in order to catch potential identity theft. This is a good idea anyway. Watching your credit report can send up red flags if your identity has been stolen and someone is opening fraudulent accounts.

You can keep watch on your credit situation with the help of free resources, as well as paid resources that can monitor your credit for you, and send regular reports.

You should be concerned about Heartbleed, and you should pay attention. However, you shouldn’t panic. Take appropriate steps to safeguard your information, and focus on good password practices, and you should be able to weather the storm.

Use Your Credit Report to Catch Identity Theft

You might be surprised to learn that your credit report can help you catch identity theft. One of the tools in your arsenal, when it comes to addressing identity fraud, is the frequent checking of your credit report. Your credit report is more than a list of your accounts; it can also be a red flag.

Catch Identity Theft

When your identity is stolen, the fraudster is likely to use your information to open new accounts. These fraudulent accounts will appear in your credit report.

catch identity theft

If you want to catch identity theft early on, you need to regularly check your credit report. You can get help in that area by going to AnnualCreditReport.com for the free report you are entitled to each year from each of the major credit reporting agencies.

Go through the information in the report, keeping an eye out for accounts that you know you didn’t open. If you see accounts that aren’t yours, you need to let the credit reporting agencies know. Call them, and then follow up in writing.

It might be necessary to place a credit freeze on your account if you are concerned that it could happen again. With a credit freeze on your account, you will be notified before a new account can be opened using your information. That can prevent another situation in which your identity is stolen and used to open credit in your name.

You might just red-flag your account as well, instead of placing an all-out freeze on the account. With the red flag, lenders are supposed to take extra steps to ensure your identity before opening an account in your name. It doesn’t always work as effectively as a credit freeze, though.

Even if you place a freeze on your account or have it red flagged, it still makes sense to keep tabs on what’s happening with your account. The good news is that there are plenty of web sites where you can keep tabs on your credit for free. While it’s not the same as looking at a full credit report, it can still be helpful, since you can usually see when something new pops up, and identify changes to the situation.

Your credit report is your first line of defense when you want to catch identity theft early on. Regular attempts to keep tabs on your report, and what’s in it, will allow you to identify problems quickly and move to take care of them.

Fraudulent Charges: Check Your Account Statements

While you do want to check your credit report regularly in order to identify fraudulent accounts, you also need to keep up with your account statements to make sure that you can see fraudulent charges.

While your credit report can help you catch identity theft as it relates to new, fraudulent accounts, it won’t provide you with information on fraudulent charges. For that, you need to check your accounts regularly. Go through your bank and credit card account statements on a regular basis so that you can see what’s happening with your purchases.

Sometimes, instead of opening a new account in your name, an identity thief will just take information about your credit cards and make purchases with that information. You will want to catch that type of identity theft early on and dispute the charges. If you catch it early enough, you can get your zero liability fraud protection in full, and avoid being responsible for the charges.

Bottom Line

Your credit can be an indicator that your identity is being tampered with. You need to keep track of what is happening with your credit, and be sure that you are on top of the situation. Check your credit report every three or four months to see if there are fraudulent accounts. Check your account statements each month for fraudulent charges. You can even use the Internet to check your account charges more frequently, if it makes sense for you.

There is no way to completely prevent identity fraud; it is only with vigilance that you can expect to catch identity theft.

How to Tell if a Website is Secure

One of the best things you can do to protect your identity while shopping online is to make sure that you are using a secure website.

While there is no full-proof way to keep your identity safe, you can reduce the chances that your identity will be stolen when you take appropriate precautions. Shopping online is convenient and usually safe — as long as you make sure you are on a secure website.

Before you enter your credit card information and other personal information, make sure you are on a secure page with the help of these indications:

website is secure

Address Bar

One of the easiest ways to see if you are on a secure website is to look at the address bar. Does it read “http” or “https”? The secure version should have the “s” at the end of “http.”

When you first start shopping on a website, it might not be secure. That’s usually not a problem. It really matters when you are ready to check out. As you switch to the page that requires you to enter payment information, you should watch for the addition of the “s.” If it doesn’t show up, don’t enter your sensitive information; it might not be secure.

You should also check for the “s” when you prepare to enter login information. This will reduce the chances that your user ID and password will be compromised. Remember that you want to protect your user ID and password just as much as you want to keep your payment information as safe as possible.

Lock Icon

Another thing to watch for near the address bar is a lock icon. This is a simple icon that looks like a padlock. If the website is secure, the lock will be shut. However, if the page you’re on isn’t secure, the padlock will be open. Get used to checking for the icon in order to identify secure pages. Don’t enter any personal information that you want kept private until you see that locked icon.

You can also click on the icon to make sure that that it is legitimate. In some cases, fraudsters try to build websites that imitate some of the icons, using graphics that look like padlocks. You can click on the icon to see the security information about the site. If there isn’t security information, or if there isn’t the letter “s” in the “http” portion of the address, that could be an indication that you are on a fraudulent site.

Third-Party Verification

There are companies that verify the security and legitimacy of websites, granting a seal to the sites that comply. Two of the most common seals you are likely to see are eTrust and VeriSign.

Once again, just looking for an official looking graphic isn’t a sure way to make sure that you are on a truly secure website. However, if you combine your search for third-party verification with the address bar and lock icon, you are more likely to determine if the website is secure. These third-party verifications can offer you peace of mind, and indicate that the website keeps up-to-date with the latest online security practices.

These seals are difficult to duplicate, but that doesn’t mean that it isn’t possible. Take precautions by checking other aspects of the website to ensure that you are on the right track for a secure browsing experience.

Leave the Site if You Aren’t Sure

If you think something looks “off,” or if you are uncomfortable with the information that is being asked of you, leave the site immediately.

Don’t enter information into a site that you aren’t sure of. You want to feel confident about the situation, and if you don’t, go with your gut and leave.

No matter how hard a retailer or website operator tries, though, there is a chance that you will be a victim of a data security breach, or that some issue will arise. Pay attention to these situations, and make sure to change your password regularly. Also, try to avoid using the same login information for multiple sites.

Another strategy is to use one card for all of your online shopping. That way, if one card is compromised, you aren’t trying to fix the problem on multiple cards.

With a little extra vigilance, it’s possible to reduce the chances that an insecure website will result in identity theft.

Protect Yourself Against Identity Theft with these 5 Tools

When it comes to your identity, it’s important to protect yourself. The good news is that there are plenty of ways to shield your identity against fraudsters. Here are 5 tools that can help you reduce the chances that identity theft will get the best of you:

identity theft

1. 1Password

First of all, one of the best things you can do is have a variety of strong passwords protecting your information. Many consumers don’t like to have a lot of different passwords, instead preferring to just remember one password instead of several.

Unfortunately, this can make it easy for fraudsters to access multiple accounts. If you want to limit the damage from identity theft, you need different username/password combinations for all of your accounts. That way, stealing information for one account won’t result in compromising all of your accounts.

You can use 1Password to create strong passwords and store them in a secure way. You only have to remember one password, and this app takes care of the rest. It’s a simple solution that protect all of your accounts with different passwords.

2. AnnualCreditReport.com

This is the web site set up to allow you access to one free credit report each year. AnnualCreditReport.com allows you to get a credit report from each bureau once a year for free. You can spread it out so that you get one report from each every four months. Checking your credit report regularly can help you catch fraud early, and stop it from going further.

Just paying attention to your credit report is one of the best remedies for identity theft. If three times a year isn’t enough, you can pay to access your credit report, or you can get access through free credit information sites like Quizzle.

3. Online Account Management

If your bank and credit card issuers off online account management, take advantage of it. Sign up, and then log in at least two or three times a month. This way, you can keep track of transactions and identify potential problems.

Rather than waiting for statement delivery, you can be right on top of any issues that crop up. Use online account management to monitor your transactions and then report fraudulent transactions.

You can also use personal finance apps that automatically track your accounts. Check in with what’s happening, and you can avoid problems down the road, taking care of issues quickly.

4. Credit Monitoring Services

You can also take advantage of credit monitoring services. There are a number of them out there, and they can help you stay on top of changes to your credit situation.

Each of the three major credit bureaus offers credit monitoring. Additionally, there are a number of credit monitoring and identity services from LifeLock and Identity Guard. Before you buy, though, it makes sense to shop around a bit. While there are indications that credit monitoring can help protect your identity, not all products are created equal.

Credit monitoring services can’t really do anything that you aren’t able to do, but it can give you peace of mind. You don’t have to be constantly watching if someone else is doing it for you. Before you sign up, though, make sure that you understand exactly what is offered, and that the alert situation matches your needs.

5. Credit Freeze

Another tool that can help you protect yourself is the credit freeze. You can actually request that a freeze be placed on your credit. This way, if someone tries to open credit in your name, they are blocked. In many cases, it requires some hoop-jumping to lift the freeze. You are pretty well protected, but it also means some inconvenience for you. Plus, a credit freeze might cost you some money.

If you want a less expensive and less limiting option, you can place a fraud alert on your account. However, in order to take advantage of this option you might have to first be an actual victim of identity theft. The fraud alert doesn’t mean that credit will be denied, but it can mean that issuers do a little extra legwork to verify your identity before moving forward.

A freeze or an alert can be helpful in discouraging fraudsters and protecting your identity.

Take the time to find ways to protect your identity. While nothing is full-proof, you can limit the damage with a little effort.

Are Identity Theft Protection Services Worth the Money?

It depends.

Identity theft protection services usually have two components – theft prevention services and theft repair services.

When it comes to theft prevention services, they aren’t doing anything you could do yourself. The question becomes whether or not the service fees, which can run $20-30 a month at some places, is “worth it.” If it takes you several hours to complete the same tasks, including setting up reminders, it might be worth it to pay someone else to do it. If it takes you an hour and it’s an hour you’d be spending watching television, then it might not be. In order to really do the tradeoff, let’s see what you would have to do to get similar results.

Do It Yourself Protection

The main thing that id theft services do on your behalf is freeze your credit reports. By freezing your report, no company can access your report and, subsequently, make a credit decision. This stops all credit card offers in their tracks because they know nothing about you. You can freeze your credit report yourself and it won’t be free (neither will “thawing” it), but it’ll be cheaper than the id services.

This stops new offers from coming along but it won’t stop offers from your existing relationships (if you have a Citi card, Citi might send you more offers since it has your payment history with the first card). To stop those, you need to call the company and ask to be removed from their marketing lists.

Finally, it might not come as much of a surprise but companies will offer you credit cards even if they know nothing about you (surprise!). To stop those offers from happening, you can register at OptOutPrescreen.com.

Now that you’ve stopped incoming offers, it’s time to “monitor.” You can use a combination of free credit score services like Credit Karma (TransUnion partnership) and Credit Sesame (Experian partnership) to keep tabs on your credit report. They give you credit bureau scores, not FICO scores, but you can use it as a way to monitor any changes to your credit report. A sudden drop or rise might indicate a need to review it in greater detail. Both are free.

Theft Repair Services

Here is where it gets tricky because theft repair services only come into play after your identity has been stolen. I’ve never had my identity stolen but I have had to repair erroneous listings on my report (there was an extra social security number, address, and cell phone account) and that took a couple hours to fix. I had to contact the bureau, they had to tell me what documentation I needed to refute the listing, I had to collect that information and fax it to them. All told it was about two hours plus the waiting time for them to review the documents – and it was a minor case (I wouldn’t even call it theft).

You can think of the id theft protection service plans as insurance, since in theory they will handle the clean up. Is an insurance policy worth the monthly service price?

Buy a Cross Cut Paper Shredder

Fellowes Cross Cut Paper ShredderOne of the most important tools you can buy to help you prevent identity theft is a cross cut paper shredder. A cross cut paper shredder does exactly what it says it does – cross cuts paper. Cross cutting means the shredder cuts vertically and horizontally to turn a regular sheet of paper into a hundred pieces of confetti-like bits. Traditional paper shredders, which cut only vertically, result in long strands that are easier to put back together. While a traditional shredder is better than ripping it up, a cross cut paper shredder is much better because it’s a lot harder to put the tiny pieces together.
Continue reading Buy a Cross Cut Paper Shredder