We know there are many things we can do to protect ourselves from identity theft and other security threats. But surprisingly, we often do not do them. The Identity Theft Resource Center (ITRC) and DIG Works surveyed 1050 U.S. adults about data breaches and credit freezes. They found that although most surveyed were aware of credit freezes, they were reluctant to use them to protect themselves and their families from the risks posed by breaches.
Although more than three-fourths of consumers surveyed were familiar with the credit freeze process, fewer than one-third of respondents had frozen their credit for any reason, and only 3% froze their credit after receiving a data breach notice. Confusion about the process, potential costs and impact on credit scores caused many to avoid freezing their credit. For example, 11% of survey respondents believed that it would negatively affect their credit scores, or a payment would be required to freeze their credit. Although one-third of those surveyed said that they did not believe it was necessary to freeze their children’s credit, the good news is that a greater number said that they had actually put a freeze on their children’s credit.
The ITRC suggests that the following should be done to encourage consumers to protect themselves:
- Data breach notices issued to consumers should include an explicit recommendation for victims to freeze their credit as soon as possible.
- Data breach notices should explain that credit monitoring alone cannot prevent a new account from being created.
- Businesses, victim advocates and government representatives should create an education plan to educate consumers about the importance of credit freezes. A special emphasis should be placed on the benefits of freezing a minor’s credit.
- The consumer reporting industry should make it easier to implement credit freeze and thaw requests, especially for minor children. This would include creating a common system where consumers could freeze or thaw their credit without contacting each Credit Reporting Agency (CRA).
Another way consumers can protect themselves from having their accounts compromised it to use a password manager. A study by the Wall Street Journal, identified several reasons people are reluctant to make the change to using a password manager. One of the main reasons is the effort involved. If you are already using a password manager, switching to a different provider is simple. You just export your passwords and import them into the new solution. The problem is getting started in the first place as it means entering passwords into the manager manually or setting new passwords for all accounts, both of which are time consuming.
Some are reluctant to use a password manager because they do not trust the solution with their data. Although most password managers operate under the zero-knowledge model where they do not have access to users’ vaults, there are still issues with trust.
Another key issue that needs to be overcome is the problem of what happens if the master password for the password manager is forgotten. That would mean no passwords could be accessed and the user would be locked out of all their online accounts.
The Wall Street Journal recommends that password manager developers should make it much easier for people to get started, such as providing a feature that allows passwords to be imported from web browsers or spreadsheets.
To get around the trust issue, it must be made clear that password managers really do operate under the zero-knowledge model and that the solutions are truly secure. Another solution is to go open source, as some password managers have, to enable transparency. The source code is open and available for any user to examine.
Finally, biometric authentication should be used to get around the loss of access. If a passphrase for the password manager is forgotten, a fingerprint or iris scan could be used or face recognition technology could be implemented.