Basic Personal Identity Hygiene
..........
Use a password manager
How?
Sign up with a password manager provider and install its browser extension and mobile app. BitWarden is the most secure and easiest to use. Be sure to create a new password for every service you use. Use passwords that are at least 32 characters long, made up of a random sequence of all available character types.
Why?
The most secure passwords are long, made of arbitrary characters, and are used on only one service. While it's possible to do this manually, a password manager makes it easy to use such passwords.
Use two-factor authentication
How?
Most services nowadays make two-factor authentication available. You'll have to turn it on on each service separately. Check the security settings page on their website or mobile app. Using an authenticator app is preferable to having a code sent to your phone. Using a security key is even better but less convenient because you have to have the key with you to re-authenticate once in a while.
Why?
Two-factor authentication provides a second layer of security, protecting you in case identity thieves get hold of your password.
Avoid insecure websites
How?
When visiting a website, make sure that the address line starts with https:// and that a locked padlock (🔒) is shown next to it.
Why?
When a locked padlock icon is shown an https is used, the connection between your browser and the web server is encrypted, making it virtually impossible to eavesdrop on the communication.
Keep your computer, phone, and browser up to date
How?
When updates are available, your computer, phone, and browser will notify you. Don't delay - install them right away.
Why?
Your devices rely on sophisticated software and hardware. Mistakes made by the companies that build and maintain these devices may make it easier for identity thieves to do their deeds. When these errors are identified, companies often issue security updates to plug known vulnerabilities. Installing them quickly makes your device safer.
Don't give PII to people who call you
How?
If you receive a call, text, or email from someone who identifies as a representative of a bank or another company you have an account with, do not give them any PII. If the matter is valid, call them on their published number and give them only the minimum amount of PII required to complete the task.
Why?
Identity thieves often impersonate financial institutions, government entities, etc., and reach out to unsuspecting victims in an attempt to get them to provide PII such as account numbers and social security numbers.
Only share PII if absolutely necessary
How?
Avoid sending PII by email, text, chat, mail, or other communication forms. This applies to PII in plain text, inside documents, and in images. If you need to share PII with someone else, ........... taxes on IRS website, share PII with a lawyer on a dedicated secure document sharing website.
Why?
PII sent to others, including people you trust, can be forwarded or otherwise made available to less trustworthy people. Avoiding pii spread in the first place will prevent its misuse.