Why you should freeze your credit

Identification details aren’t so personal these days.

Most Americans — 81% — had their personal identification information compromised in at least one data breach in 2023, according to James E. Lee, chief operating officer of the Identity Theft Resource Center, a California-based nonprofit established to minimize the risk and impact of identity theft and crime. Birth dates, Social Security numbers and other information traditionally thought of as private is no longer exchanged on the "dark web," parts of the internet only accessible with encryption software that obscures devices’ IP addresses. Now, people sell personal identification details on popular, public platforms, he said.

"YouTube, TikTok — pick your platform. That’s where they hawk their wares," Lee said. "It is ubiquitous at this point, and they don’t even need to hide because there’s just so much of them, and we have so much data. The likelihood they’ll get caught and prosecuted is very low."

The number of data breaches hit a record in 2023, and is on track to remain elevated in 2024, according to data from the Identity Theft Resource Center. Americans are responding by adopting cybersecurity standards recommended by Lee and his colleagues.

"We’ve always looked for: At what point will consumers begin to change their habits?" Lee said, citing the results of surveys by the Identity Theft Resource Center. "But this year for the first time, there’s two things that we have seen — finally — people really beginning to pay attention to."

Surveys indicate a big jump in the number of people using multi-factor authentication and passkey tools, he said.

Read on for details on these and other tips from Lee and Michael Nizich, director of the Entrepreneurship and Technology Innovation Center at the New York Institute of Technology:

• Freeze your credit. The major credit monitoring agencies have online tools that allow consumers to freeze their credit in "a matter of minutes," said Lee, who recommends going through the process with each agency. You may also call Equifax, Experian and TransUnion and request a freeze. This will not prevent you from accessing existing lines of credit, but will prevent someone from opening new ones.
• Use passkeys when possible. Passkeys generate two codes — one for the user’s device, and a second for a website or app. When someone uses facial recognition, a pin or other method to open their device, the code on their device automatically communicates with its counterpart, gaining access to the website or app, Lee said. The tool eliminates passwords, which can be leaked, tracked or guessed, he added. 
• Opt for multi-factor authentication as a second choice. This technology prompts users to enter a password, and to confirm their identity by entering a code sent through an alternative mode of communication: text, call or email, Lee said.
• Consider using an Apple, Windows or other password management tool to generate complex, unique passwords, and save them. The technology makes it more challenging for bad actors to guess and gain access to your accounts, according to Lee.
• Never reuse passwords — or use common sources of password inspiration: your name, relatives' names, pet names, birth dates, etc., said Nizich. He suggests writing a sentence, and then using the first letter of each word and punctuation to create a password. For instance, you could remember the password Mpgigeg,atngm! with the following sentence: My password game is getting extremely good, and they'll never get me!
• Change passwords to an account if you are alerted that it may have been compromised in a breach, Nizich said.
• Take extra precautions with the email account you use to recover forgotten passwords, Nizich said. If someone gains access to your primary email, they may be able to reset passwords and break into several of your other accounts.
• Ask businesses what steps they are taking to secure customers’ information. Lee says encouraging companies to use multi-factor authentication and passkeys will help foster a culture of responsibility and communicate to firms that cybersecurity is a critical investment.
• Shift your attitude and reframe new security protocols as a worthwhile investment, rather than a nuisance, said Nizich.

"Don't look at it anymore as: ugh, they're just making me jump through hoops," Nizich said. "If you can feel comfortable that somebody isn't going to easily acquire any kind of credit, or transfer money or something like that in your name, then it's worth it."

By Sarina Trangle

sarina.trangle@newsday.comSarinaTrangle

Sarina Trangle covers affordability and cost of living issues and other business topics. She previously worked as an editor and reporter at amNewYork.