Have you ever been hacked? Ever had your I.D. used by someone else?
A couple years ago, a friend tried to file her tax return, and was shocked by a rejection from the IRS. Someone else had already collected a refund, using her personal information. This spring, same thing happened to one of my husband’s partners, and last week, to another friend.
All anyone needs to file a tax return is a name, birthdate and Social Security number, and as more company databases get hacked, that information becomes available to more thieves. This year, the IRS anticipates a potential $20 billion dollar loss to refund fraud.
The problem stems from many sources, including under-funded enforcement, and timing which allows refunds to be paid before employers have forwarded updated information.
Just because it happens a lot, doesn’t mean it’s any easier to straighten things out. Re-establishing your identity is a pain.
Take these two steps to protect yourself:
1. Don’t give your Social Security number to anyone other than the I.R.S. For most of us, that cat’s already out of the bag. In the good old days, many of us gave our SSN out all over the place. My college for instance, used to require it for identification at registration. What’s done is done, but from here on out, protect your SSN.
All kinds of businesses ask for Social Security numbers, including department store credit card companies, doctors and dentists. If your doctor gives you a form that asks for yours, leave the space blank. He or she will still take you as a patient. When applying for a job, only reveal the last four digits of your SSN, unless you are dealing directly with the I.R.S.
A Social Security number is not general I.D. It’s for you and the IRS, and no one else.
2.Juice up your password system.
Password laxity is stunningly common. Don’t be lazy.
- Choose good passwords (see my previous blog post on the best passwords ever).
- Keep track of yours, and establish a safe place to keep them.
- Do not use the same password, or a close variant, to access a dozen different websites.
A password app can make management much easier. These encrypt and store all of your data, are easily searchable and blind copy/paste i.d. and passwords to websites, so you don’t have to worry about painstakingly typing in those maddening cap/smallcap/symbol/numerals. All you have to remember is the master password — which you need to change regularly.
A couple apps to try (I’m not on their payroll, but tried and liked both):
KeePass, stores everything on your computer, is free, basic, pretty easy to use and set up, and while designed for Microsoft Windows, has a version that works on Mac OSX.
Dashlane, is a fancier storage service, for those who really don’t like messing with passwords. It’s also free, and not only stores and generates, but also can change all of your passwords in one go. It saves receipts and automatically signs you in when you visit a website. It’s pretty nice. All is encrypted. The only way for you, a Dashlane staffer, or a hacker, to get at it, is via your master password — so make it a good one.
Here are more suggestions from PC Magazine.
Can password manager apps be hacked?
Yep, everything is hackable — but these guys are in the business of staying ahead of crooks, unlike most of the rest of us, who just want to do our thing and tend to get sloppy. It’s a good idea to keep your most important passwords, like bank accounts, separate from those stored with a manager, preferably off your computer.
Someday your iris may be your one and only password, but we aren’t there yet. In the meantime, don’t give in to the temptation to let your password system slide — and keep that Social Security number to yourself.
How is your password system? Any tips for making private information secure?