• Skip to main content
  • Skip to primary sidebar

Ask Liz Weston

Get smart with your money

  • About
  • Liz’s Books
  • Speaking
  • Disclosure
  • Contact

two-factor authentication

Q&A: Safeguarding your personal data is hard. Here are a few tips.

May 13, 2024 By Liz Weston

Dear Liz: I was recently alerted that my Social Security number has been found on the dark web. My information was part of the AT&T breach that took place recently. I am no longer an AT&T customer and haven’t been for several years, but they have not made any contact with me. What do I do to keep myself safe and how do I get my information removed from the dark web? Why hasn’t AT&T reached out to me?

Answer: As a consumer, you don’t have much power. Companies often demand your personal data, such as Social Security numbers, before they’ll do business with you. Once your information is in their databases, you have no control over what happens to it. And if your information is leaked, there’s no way to remove it from the dark web.

You can’t even be sure how your information got there, given the sheer volume of database breaches in recent years. If you’re an adult with a Social Security number, chances are pretty good that number can be found on the black market sites where criminals buy and share information, says Eva Velasquez, chief executive of the Identity Theft Resource Center, a nonprofit that helps identity theft victims.

In other words, your data may have been compromised long before the latest incident, which AT&T says affected 73 million current and former customers. AT&T began notifying impacted customers via letters or email starting in April. Those customers should have received an offer for free credit monitoring.

There are a few things you can do to make yourself a bit less vulnerable to identity theft, such as putting freezes on your credit reports, not clicking on links in texts or emails if you didn’t initiate the transaction and using digital wallets or other secure payment methods.

Also, don’t be your own worst enemy. Beware of sharing personal information (birth dates, address, phone number, etc.) on social media. Consider limiting your audience to people you know and trust, Velasquez says.

The Identity Theft Resource Center also recommends using passkeys, a technology that replaces passwords, whenever you’re offered that option. If a passkey is not available, the center suggests using passphrases of 12 characters or more rather than shorter passwords. A passphrase is a sequence of words that can be personalized for easier memorization, typically with numbers added and a mix of capital and lowercase letters. The center gives an example of a passphrase for a 2015 University of Texas graduate: “H00kEmH0rns2015.” You’ll still need unique passphrases for every account and site. You also should turn on two-factor authentication or multi-factor authentication where available. This requires an extra step, such as getting a code on your phone or from an app, but this will make your accounts harder to compromise.

Filed Under: Identity Theft, Q&A, Scams Tagged With: credit freezes, dark web, Identity Theft, multi-factor authentication, passkey, passwords, Social Security number, two-factor authentication

Q&A: Authentication apps can help thwart hackers

December 4, 2017 By Liz Weston

Dear Liz: I’ve heard that authentication apps are a better way to go than two-factor authentication that texts codes to your cell phone. Can you explain more?

Answer: Two-factor authentication adds an additional layer of security to financial, email, social media, cloud storage and other accounts. The first factor is something you know, which is a typically a password, and the second is something you have, such as a code that’s texted to you or generated by a device or authentication app.

The second factor is important, since passwords can be guessed or stolen in database breaches. Texted codes can be intercepted by hackers, so security experts recommend using an authenticator. Three popular apps are Google Authenticator, LastPass Authenticator and Microsoft Authenticator.

To use an authenticator, you must first enable two-factor authentication on the account you want to protect. Unfortunately, not every account provider offers two-factor authentication, although they should. You can find whether yours does at twofactorauth.org.

If the account provider supports authentication, you’ll typically be asked to take a snapshot of a QR code using the authenticator app to establish a connection between your account and the app. When you later log in to those sites, you’ll be asked to type in the code randomly generated by the app.

Any security approach can be thwarted, but the idea behind two-factor authentication is making your accounts hard enough to crack that most hackers will move on to an easier target.

Filed Under: Identity Theft, Q&A, Scams Tagged With: apps, authentication, hackers, q&a, two-factor authentication

Tuesday’s need-to-know money news

January 24, 2017 By Liz Weston

Today’s top story: How medical bill advocates can slash your costs. Also in the news: How two-factor authentication protects your online info, how investing apps can foil financial planning, and four credit card trends for 2017.

How Medical Bill Advocates Can Slash Your Costs
An advocate will go to bat to reduce your medical costs.

How Two-Factor Authentication Protects Your Online Info
Taking the important steps to protect your online information.

Investing apps can foil financial planning
Trusting your intuitions.

4 credit card trends for 2017 and what they mean for you
The good news and the bad news.

Filed Under: Liz's Blog Tagged With: credit cads, Financial Planning, Identity Theft, investing apps, medical bill advocate, medical bills, two-factor authentication

Primary Sidebar

Search

Copyright © 2025 · Ask Liz Weston 2.0 On Genesis Framework · WordPress · Log in