Identity Theft Protection in 2023


Identity Theft Protection in 2023: a reader asks…

I’m more and more concerned about identity theft these days. It seems like everything has been hacked, and successful scams hit the news every day. I use a computer and an iPhone. Do you recommend any identity protection software or service?

In a word, no. I don’t trust so-called comprehensive identity theft protection services. Their track record is spotty, I think they are mostly opportunistic, and offer some weak remediation services if your identity is stolen. I last wrote about this in my article Identity Theft Protection back in 2016. I haven’t seen any substantial improvements since then, other than more players joining the market to hawk their services. They do throw in other ancillary services (like antivirus, VPN, etc.) that you probably already have or don’t need. My article from 2016 is still worth reading imo. As an update to that, here’s my expanded ‘dirty dozen’ list of things that each consumer household should do:


One: Get a credit monitoring subscription from one of the three main credit bureaus: EquifaxExperian, or TransUnion.

  • Families could use Equifax Complete Family Plan, which covers both parents and up to four children
  • Keep fraud alerts active and keep your credit report locked. The only time you unlock your credit report is before you apply for credit anywhere, and then re-lock it immediately afterwards.

Two: Look at your financial accounts every month, comparing transactions against what you spent or bought.

  • Make sure each account has a long and unique password. Enable two-factor authentication if offered by the institution.
  • This includes banking, credit card, and brokerage accounts.

Three: Make a copy (front and back) of every card in your wallet/purse and update that from time-to-time.

  • If your wallet or purse is lost/stolen, you can use the copies to notify the institutions of the loss or theft.

Four: Make sure that your email accounts are secured with long and unique passwords for each.

  • Enable two-factor authentication if offered by the email service provider
  • Many/most online accounts have a forgotten password feature that emails a password reset to your email account. If your email account isn’t secure, someone else could use that feature to get into your other accounts.
  • Re-used passwords are an easy way for hackers and scammers to get access to your digital identity.

Five: When it comes to passwords, “long” means:

  • 20 characters or longer. This may not be as convenient as shorter passwords, but a longer password is always stronger than a shorter one.
  • Use whatever rules each organization has in terms of capital letters, numbers, etc.
  • Truly random passwords are fine, as are the popular ‘four words’ strung together method.

Six: I recommend you use a platform-independent password manager tool, such as 1Password or LastPass to manage your passwords, and clear any saved passwords from your computer’s web browser (Edge, Chrome, Firefox, etc.). Also turn off the browser’s ability to save passwords for you.

  • “Platform-independent” means it works on any computer or device type you have. Your iPhone and Macs have an excellent password manager built in (called Keychain) which is secure and fine to use, but doesn’t work outside of the Apple ecosphere (like on a PC). If you use both Apple and non-Apple devices or computers, you really need a platform-independent password manager.

Seven: For any accounts where you have a saved credit card (,, etc.), heck for every online account you have anywhere, use a long and unique password for each. Your password manager will help make this easy.

  • Enable two-factor authentication anywhere it’s offered, except…
  • We are slowly moving toward passwordless environment, where passwordless authentication is replacing two-factor authentication. It’s going to take awhile for this to catch on, but I recommend you use it wherever it’s offered. Think how Apple uses your iPhone, iPad or Watch to authenticate logging into Apple websites. Passwordless authentication may use a secure and trusted email account (sending a “magic link”), or a secure and trusted biometric device or USB key to verify your identity to online resources.

Eight: Be very wary, suspicious, even a bit paranoid about any unsolicited email, text messages, phone calls, even door knockers. Scammers are hard at work, very inventive and creative when they design scams.

  • Any kind of warning is almost certainly going to be fake

Nine: Never give anyone (unsupervised) access to your iPhone or other devices. Never let anyone remotely control your computer (except for a known and trusted tech support company).

Ten: If you’re not 100% sure of something in consumer technology, it’s the same as being 0% sure. 99% doesn’t cut it.

  • If you’re unsure, ask a known and trusted expert, not the internet.

Eleven: If something with your computer or device is not working the way it should, restart/reboot/repower it before you try anything else or call for help.

  • If you do call someone for help, don’t depend on an internet search for someone, get a known and trusted tech support company to help you. For Macs/iPhones, you can use Apple Support or the Genius Bar at an Apple Store. For PCs, don’t call Microsoft, they won’t help you. Neither will calling Google or most any other company unless you have a service contract with them and pay them money. Free is worth exactly that, and fake tech support is rampant.

Twelve: If you live in the Washington D.C., metro area, I know and trust Baer Technology for consumer tech support. Email at or call at (202) 364-1000. Susan Baer and Humberto provide excellent support including off-hours/weekends.

You should also consider what type of identity theft to protect against, and take appropriate action. If you’re simply worried about your social media accounts, secure them with a long and unique password, and enable two-factor authentication. The loss of them (except for high-earner influencers) isn’t going to affect you materially. Identity theft that affects you financially or criminally are another matter, and you should take steps to protect yourself, e.g., the above dirty dozen.


Many instances of identity theft can be directed to your own less-than-stellar digital hygiene. If you use the same password for multiple places, use weak (e.g., short) passwords, don’t use two-factor authentication when available, and don’t use the internet safely (see this article), you are a ripe candidate for identity theft. What’s worse, the identity theft insurance you buy from any provider may not cover you, if it can be traced back to your own actions or inaction. Identity thieves and scammers are on the lookout, and prey on people who don’t take seriously the security of their digital lives.

This website runs on a patronage model. If you find my answers of value, please consider supporting me by sending any dollar amount via:

Click or tap to open a new browser tab or your Venmo app and send money via Venmo to @positek

Click or tap to open a new browser tab or your Paypal app to send money via your Paypal account to

Click or tap to open a new browser tab or your Paypal app to send money using your credit card to (no Paypal account required)
(using any credit card)

or by mailing a check/cash to LLC 1934 Old Gallows Road, Suite 350, Tysons Corner VA 22182. I am not a non-profit, but your support helps me to continue delivering advice and consumer technology support to the public. Thanks!

Leave a Comment

Your email address will not be published. Required fields are marked *

For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.

This site uses Akismet to reduce spam. Learn how your comment data is processed.