How much is the protection of my identity worth?
March 29, 2024 2:59 PM Subscribe
I am considering cancelling my long standing identity protection service which used to cost $16/month and now costs $20/month. Wire Cutter says it's usually unnecessary for most people. Any advice or suggestions? More details below.
OK, for many years we paid $16 monthly for a certain famous credit bureau and identity theft protection service. It provided one consolidated summary of all 3 credit bureaus per month, as well as notifying us if loans were opened in our name, or a big change in our use of credit occurred (usually these notices were related to actions we had taken).
One time in 2020 we actually had a theft that involved our credit cards and their customer service was very helpful, I will give them that.
But around the time we retired the price for the service went up to $20 a month, and the consolidated credit bureau report summary shrank dramatically. Also, they want me to give them more information (account numbers, Bank names, etc.) so they can monitor for them also. Call me paranoid, but doesn't that just expose another "edge surface" where if they get hacked then I am worse off? So I am now trying to decide if this is really worth it any more.
The Wirecutter advice seems to be that most people do not need identity theft protection (as long as you have the time to follow some due diligence practices).
So I am close to cancelling the service. I just thought I would reach out to my AskMeFi friends and see if they had a more nuanced approach or used a better/cheaper service.
Thanks in advance!
OK, for many years we paid $16 monthly for a certain famous credit bureau and identity theft protection service. It provided one consolidated summary of all 3 credit bureaus per month, as well as notifying us if loans were opened in our name, or a big change in our use of credit occurred (usually these notices were related to actions we had taken).
One time in 2020 we actually had a theft that involved our credit cards and their customer service was very helpful, I will give them that.
But around the time we retired the price for the service went up to $20 a month, and the consolidated credit bureau report summary shrank dramatically. Also, they want me to give them more information (account numbers, Bank names, etc.) so they can monitor for them also. Call me paranoid, but doesn't that just expose another "edge surface" where if they get hacked then I am worse off? So I am now trying to decide if this is really worth it any more.
The Wirecutter advice seems to be that most people do not need identity theft protection (as long as you have the time to follow some due diligence practices).
So I am close to cancelling the service. I just thought I would reach out to my AskMeFi friends and see if they had a more nuanced approach or used a better/cheaper service.
Thanks in advance!
Best answer: I've been happy with Credit Karma's free credit monitoring. You can check your credit reports with 2 of the 3 big bureaus on the Credit Karma website and you can set up alerts for changes to those reports (that's how I found out one of my credit cards had been dropped for inactivity, which the company itself never bothered to tell me). They will present you with ads for "financial products" (which is how they support the service) but you don't have to sign up for any.
I decided to go ahead with Credit Karma when I found I had to give them only the last 4 digits of my SSN to sign up, not the whole thing; this might not be true for everybody.
They also have services where you can link it to your different financial accounts, but I don't do that, for the same reason you give. I have alerts set up with the banks themselves.
The rest of this is more about credit freezes which humbug gave a good summary of.
If you haven't already frozen your credit, maybe first sign up for things that might require validation to set up that would get blocked by the freeze, for example:
- Credit Karma (or a similar service), if you want to use it.
- My Social Security online, which is a good idea to sign up for anyway, before someone else does.
This usa.gov web page has links to the big 3 credit bureaus' credit freeze information. Among other options, they each offer free online accounts that can be used to administer the freezes (and maybe check your credit report, though they might limit how often). As humbug noted above, *do not* think you have to use a paid service they may also try to sell you; each of them has a free account option.
This NerdWallet article looks pretty good, including the Frequently Asked Questions which you have to click to expand.
posted by adventitious at 8:39 PM on March 29 [3 favorites]
I decided to go ahead with Credit Karma when I found I had to give them only the last 4 digits of my SSN to sign up, not the whole thing; this might not be true for everybody.
They also have services where you can link it to your different financial accounts, but I don't do that, for the same reason you give. I have alerts set up with the banks themselves.
The rest of this is more about credit freezes which humbug gave a good summary of.
If you haven't already frozen your credit, maybe first sign up for things that might require validation to set up that would get blocked by the freeze, for example:
- Credit Karma (or a similar service), if you want to use it.
- My Social Security online, which is a good idea to sign up for anyway, before someone else does.
This usa.gov web page has links to the big 3 credit bureaus' credit freeze information. Among other options, they each offer free online accounts that can be used to administer the freezes (and maybe check your credit report, though they might limit how often). As humbug noted above, *do not* think you have to use a paid service they may also try to sell you; each of them has a free account option.
This NerdWallet article looks pretty good, including the Frequently Asked Questions which you have to click to expand.
posted by adventitious at 8:39 PM on March 29 [3 favorites]
Best answer: (A quick note to add: I signed up for the credit bureaus' online accounts under the same principle of "before someone else does." I thought the questions used to "verify my identity" were alarmingly Google- or guess-able. This might be a reason to sign up for them even if you haven't decided to do the freeze.)
posted by adventitious at 5:45 AM on March 30 [1 favorite]
posted by adventitious at 5:45 AM on March 30 [1 favorite]
Response by poster: Thanks very much for these answers and for the links to existing consumer resources!
Now that we are retired we have the time to make use of them and to save the monthly charge.
Best wishes and have a nice weekend!
posted by forthright at 6:37 AM on March 30 [1 favorite]
Now that we are retired we have the time to make use of them and to save the monthly charge.
Best wishes and have a nice weekend!
posted by forthright at 6:37 AM on March 30 [1 favorite]
I thought the questions used to "verify my identity" were alarmingly Google- or guess-able.
Indeed they are. Which is exactly why, when some service I find useful bone-headedly mandates the use of such "security" questions, my answers all look like qmmbi-cncpo-shedu-zdhwu-eyjeq and are unique per service, not shared across services. Answers to security questions are functionally equivalent to passwords and need to be managed the same way.
I do not use any form of paid identity protection service. Instead, I have always relied on making my identity much harder to steal online than most people generally bother to.
Sadly, all that this requires is remaining religious about using excellent free password management software to make it not only feasible but easy to avoid re-using credentials across multiple online services. Every one of the hundreds of online password I use is long, unique, and machine-generated at random, and the only one of them that I actually know is the master password for my own locally-stored passwords.kdbx file.
Over the years, several of the online services I use have suffered data breaches and had customer data exfiltrated. This has never given me cause for personal concern, because I have good reason to be confident that any password hash they have on file for me will remain computationally infeasible to crack until long after I'm dead and gone. Even if they've done it outrageously wrong and stored my actual passwords or "security" answers as plain text that requires no cracking, the damage is limited to that one service and easily dealt with by changing only the credentials I use with that specific service.
Bonus benefit: never having lost a username or password for any online service I have ever used.
Only downside: initial setup for access to a new service is a little fiddlier and involves extra steps.
posted by flabdablet at 6:01 PM on March 30 [2 favorites]
Indeed they are. Which is exactly why, when some service I find useful bone-headedly mandates the use of such "security" questions, my answers all look like qmmbi-cncpo-shedu-zdhwu-eyjeq and are unique per service, not shared across services. Answers to security questions are functionally equivalent to passwords and need to be managed the same way.
I do not use any form of paid identity protection service. Instead, I have always relied on making my identity much harder to steal online than most people generally bother to.
Sadly, all that this requires is remaining religious about using excellent free password management software to make it not only feasible but easy to avoid re-using credentials across multiple online services. Every one of the hundreds of online password I use is long, unique, and machine-generated at random, and the only one of them that I actually know is the master password for my own locally-stored passwords.kdbx file.
Over the years, several of the online services I use have suffered data breaches and had customer data exfiltrated. This has never given me cause for personal concern, because I have good reason to be confident that any password hash they have on file for me will remain computationally infeasible to crack until long after I'm dead and gone. Even if they've done it outrageously wrong and stored my actual passwords or "security" answers as plain text that requires no cracking, the damage is limited to that one service and easily dealt with by changing only the credentials I use with that specific service.
Bonus benefit: never having lost a username or password for any online service I have ever used.
Only downside: initial setup for access to a new service is a little fiddlier and involves extra steps.
posted by flabdablet at 6:01 PM on March 30 [2 favorites]
You are not logged in, either login or create an account to post comments
I have frozen my credit with the Big Three bureaux, which is also (in the US) free. (Do not get snookered by, you guessed it, the $$$ credit-monitoring offers. Find the way to freeze your credit.) This will prevent loans being opened in your name. Should you need a new loan or credit line, you can unfreeze, get the loan/line, then refreeze.
File your taxes as early as you can to avoid various tax scams.
That's the 80/20 point for most folks. Do these things, and a lot of identity-theft tactics cannot touch you.
posted by humbug at 4:47 PM on March 29 [7 favorites]