Since the recent attention regarding the “hack” of Governor Sarah Palin’s Yahoo email account, there has been a lot of discussion around protecting one’s own accounts and identity. This is a subject close to me due to my personal, repeated thoughts over online security issues whenever I am asked to provide — what I consider very private — information for “security” or other purposes to online businesses. Whether I’m registering for a sweepstakes or subscribing to a new email service, I am VERY careful about what I give out. And you should be too.

Below are some tips for “tricks” that I have been using since the dawn of providers requesting private, identifiable information. Some people have thought me a bit “paranoid,” but even years later, after being a victim of ID theft by someone I had trusted, I realize that my precautions have been very wise.

Tips for Protecting your Identity

NEVER give out the following information to ANYONE

Aside from the Government and credit applications:

  1. Social Security Number – unless you are applying for a credit card, bank account, unemployment insurance, or similar, NEVER give out this number, especially online. This includes your “last four” digits. Companies off-limits also include medical offices and insurance companies, which don’t use your Social Security number anymore for identification purposes. I also warn giving this out to a new partner/spouse because, yes, they have been known to steal too. Remember, this number is the key to ALL your financial data. If you do need to give it out online, make sure the page is secure (e.g., look for the lock at the bottom of the browser).
  2. Birthdate — Yeah, even on a sweepstakes. Why risk it? A birthdate is used to often identify you, so it’s not worth taking the risk of giving it out so easily, especially on those Social Networking sites where everyone’s cousin can find out your birthdate. How do you think our hacker found out Sarah Palin’s? (Well, I don’t really know, but it’s a plausible avenue!). What to do instead? Give out a “special” birthdate online (except for health insurance or credit cards, etc.). By special, I mean a number that’s not necessarily your real birthdate, but close enough if someone just needs an idea of your age for demographics purposes. Alter the day or month for example. But just be sure to use the same date consistently in case you do forget your password or username and are asked for it later.
  3. Mother’s Maiden Name — Since your mother’s maiden name is still often used for identity purposes, it makes sense to also guard it carefully. Nowadays, with so much of our private life made more accessible to the public, I recommend even using a different name when asked this for online services, which require it for account retrieval. Just as for birthdate, use a name that you will remember each time, in case you ever need to recall it again for your password or username.
  4. Your password — I don’t care who’s asking for it: your child, your boy/girlfriend/partner, your colleague, or your IT Administrator. NEVER, EVER, yes, I mean Never give out your password to anyone. No one needs to know it. And even if an IT person says they need to do some work on your account, tell them to just reset it temporarily and you can change it later (if they say they can’t reset it, I would question their intentions). Now, of course, many of you are going to respond, “My partner/boyfriend/girlfriend? Are you kidding?” The answer is simply, No, I am not. Would you want your partner to read your diary? Well, this could possibly be the same thing. Now, I am far from telling you not to trust the one you love. I wish everyone could 100%; but unfortunately, there are too many incidences of bad falling outs or people turning out to be not quite whom we thought they were — and it ended up in identity theft, disputed property, etc. My point is just protect yourself. Think about separating shared password from your own, personal passwords.

Use Multiple Passwords

Don’t take the risk of someone getting access to all your accounts by using the same password for all of them. Instead, have varying passwords for different types of accounts or use a formula that changes the password for each account, but one that only you can decipher.

For example, using a variety of passwords for different accounts, you might use one password for your banking, another for online shopping, and yet another password for online gaming or other entertainment. This at least protects you to a certain degree if someone should discover one of your passwords.

When using a formula, try to think of a combination of letters and numbers (more secure passwords will always use a combination of characters) that apply to the site. For example, your password could be “5768ebay” for ebay.com and “5768amazon” for amazon.com. Unless someone guesses your formula, every account will have a different password, but not one you can’t remember if you stick to one formula.

Choose an alternate PIN

Most banks and credit institutions (even others like your wireless carrier) will allow you to create your own PIN (Personal Identification Number) instead of using the “last four” of your social security number. This is an extra precaution that can improve the security of your accounts, especially when your bank can ask for it in addition to your Social Security Number (SSN). I highly recommend doing this, as it can prevent an identity thief from accessing your account further even if they do have your SSN.

Be wary of giving out the following

  1. Fax number — Really? Really. I’ve only given out my fax number online twice in my life and both times I was registering for a conference. And both times after that, I started receiving an endless supply of “fax spam.” Are they really going to contact you by fax? Chances are 99.999% of the time, the answer is a big fat NO. And if they do want to fax you, they can ask for it.
  2. Home Address — I like using a mailbox or work address when registering domain names or for anything else where I am sure my personal information could be used for solicitation (domain contact information is public by default). In general, I like having a mailbox (e.g., UPS Store) to protect my identity on checks I write (a girlfriend was stalked by a man she wrote a check to) or when I don’t feel comfortable giving out my home address. It’s also easier to sort out the “Junk Mail.”
  3. Middle name — Why bother give it out unless it’s absolutely necessary? It certainly is if someone wants to steal your identity.
  4. Home phone — unless you like solicitations. I don’t even give it out to my credit card companies after a bad experience with one harassing me with automatic solicitations and refusing to stop them even when the police requested it. My secret? I use a voicemail pager. I give this number out for sweepstakes, voting, credit apps, you name it — whenever I really don’t care to hear from these people. It has really protected my privacy from unwanted calls. How many people really need your home number anyway? If someone important does need to reach me, they can always leave a message on my pager (if they don’t, I don’t have any business bugging me). If I win the Grand Prize? They’ll probably send me a Certified Letter.

Summary

When dealing with everyone but certified institutions (your bank, the government, etc.) — and even with those, make sure the page is secure:

  1. Never give out your Social Security number, your mother’s maiden name, your password, or your birthdate.
  2. Be wary and vague when giving out other personal information unless otherwise necessary.
  3. Use “alternate” information, like a birthdate that’s close to but not exactly yours.
  4. Be consistent in the “alternate” answers you give when answering “security questions” so you will remember them later, if necessary, for account retrieval.
  5. Never give you password out to anyone. No exceptions in my book, especially if you use that password for multiple accounts.
  6. Use varying passwords for different types of accounts so that a password break doesn’t open you up to hacking on all accounts (see above for details).
  7. Apply the above tips offline as well as online.