I review ID protection services and these 10 things help me secure my identity online

Credit cards on a laptop's keyboard
(Image credit: Virrage Images / Shutterstock)

For the past few years every fall I have spent several months using and reviewing the best identity theft protection services. So far (knock on wood), I have avoided having my identity hacked and kept my online identity protected, but it takes some effort.

No technique is foolproof but my key to staying safe and secure online is to create a defensive wall around my computers and information. It ranges from using the best antivirus software and identity protection services to being careful about what attachments I open and keeping my identity close to the digital vest. 

These 10 protective practices have helped keep my secrets close to my digital vest and they can help keep you safe too.

Subscribe to an ID protection service

Hacker using a stolen social security card

(Image credit: Blazej Lyjak/Shutterstock)

Protecting my identity online starts with an effective and thorough ID protection service. It needs to combine monitoring the dark web for evidence of my data showing up in the wrong places, watching my credit for the early signs of a break in and include identity protection insurance as well as experts to make things right after a break in. 

My favorite is Bitdefender Ultimate Security Plus, which combines the company’s excellent malware protection with Identity Force’s thorough ID protection and three bureau credit monitoring. The good news is that many employers and insurance companies offer some form of ID protection as a free or low cost option. In other words, there’s no excuse not to sign up for identity theft protection.

Set alerts for transactions

One of the best parts of using credit monitoring is that it can be an early warning signal that someone might have access to my accounts. It might be a hacked credit card, a password that’s used too much or just that someone peeked over my shoulder while using an ATM machine. 

Most, but not all, ID protection services have transaction alerts for credit or debit accounts to show potential surreptitious use. The key is to set a comfortable level that is low enough to avoid large losses but not so low that I ignore them. I set mine at $250 and if the transaction is not valid, I am able to quickly lock my credit. (Here’s how to freeze your credit with Experian and TransUnion.

Don’t open email attachments that look suspicious

Fish hook on a keyboard

(Image credit: Shutterstock)

We all get lots of emails and hidden inside too many are phishing links or attachments aimed at stealing log-in credentials. I have three rules that have worked over the years: I need to recognize the email address of the sender, it has to look legit and the grammar and wording have to make sense. 

A screenshot showing an example of a phishing email from USPS

(Image credit: Tom's Guide/Google)

I get lots of emails purporting to be from places like BestBuy, Norton or – in this case – the Post Office, that fail the test. Here, the signs couldn’t be clearer: the complex return address doesn’t contain USPS.com, the lack of the USPS eagle and the plum color of “USPS” rather than the standard purple and I’ve never seen an exclamation point used in a post office email. It all adds up to a fake email aimed at getting me (or you) to click on the “Check Here” box. These rules may not help as cybercrooks get smarter and use artificial intelligence to make these emails more convincing.

Use updated Anti-Malware software

Regardless of which platform is used, all computers – including phones and tablets – need effective antivirus protection that’s frequently updated with signatures for the latest exploits. The best malware packages update their databases hourly if not more frequently during a viral onslaught. 

Any of the major security suites will more than adequately protect a notebook, tablet and phone from a variety of viral agents, old and new. That is, with one major exception: Apple refuses to let security apps scan iOS-based iPhones and iPads for malware that might compromise the system and its data. However, Intego Mac Premium Bundle X9 gets around this by letting you scan iPhones and iPads connected to one of the best Macs with a USB cable.

2FA, all the way

I set my online accounts to require two-factor authentication (2FA), and if the service doesn’t offer this security-enhancing option, I have to think twice. Sure, it can be a pain to have to get and enter a six digit code to do anything from watching Apple TV Plus shows to checking my credit card balance but this is an effective way to prove that I actually am me. I lighten the security overhead with fingerprint or facial recognition log ins that can speed up getting into the account. The only real frustration is that it rarely works for me on the first try. 

Require HTTPS security

Before I enter any personal data or make a purchase online, I make sure the website’s URL starts with HTTPS. This means that the computers at both ends of the digital conversation are using a Hypertext Transfer Protocol Secure online session that uses 128-bit AES encryption and enables Transport Layer Security (TLS). In essence, it creates a secure channel over the inherently insecure Internet that only allows the legitimate recipient to decode the data and see what I’ve typed. For online banking, I also use an on-screen keyboard to further protect my passwords. 

Dedicate a single credit card for online purchases

Person Shopping Online

(Image credit: Shutterstock)

My favorite online identity security tip is the easiest to use every day. I have a Discover card that I only use for online shopping. This makes tracking and paying for my online purchases a snap and means that if the card is ever compromised, it is easier to figure out what happened. Rather than tracking several cards and accounts, fixing things with a new card and account is a one stop affair. Luckily, it has not come to that, and I get a healthy cashback bonus that I use for an occasional treat.

Use a password manager

Holographic login above laptop keyboard

(Image credit: Song_about_summer / Shutterstock)

Unless you are a memory superstar, like Alex Mullen, the idea of remembering a different password for each online account is just a pipe dream. There is a way to avoid using “passw0rd” over and over and over again that can make my online life more secure. The major browsers have built-in password managers but using one of the best password managers like 1Password can consolidate all my log-in credentials into one super-strong master password. It not only makes logging in easier across all the major computing platforms but has a place to keep digital versions of my driver’s license and passport along with 1GB of encrypted online storage space.

Shred old documents

In an age of instant-access to digital information, thinking about paper documents might seem quaint, but old tax returns, receipts and even credit card bills contain information for enterprising hackers to exploit. Called synthetic identity fraud, crooks might combine an account number from one, a birthday from another and an address from a third, creating enough to start a break-in. 

My approach is to toss the things I can’t safely throw away into a Fresh Direct bag. When it’s filled, I take it to FedEx where its contents are put into a locked garbage can for secure shredding by Iron Mountain. Sure, at $1.50 a pound, it’s expensive but the alternative can be more costly.

Wipe old digital devices

A person holding an iPhone 8, representing an article about how to make your iPhone last longer

(Image credit: Shutterstock)

My new Google Pixel 7 phone is shiny, powerful and is quickly making me forget my beat-up old Samsung phone. The problem is that I want to turn it in to get a $100 rebate. Before I mail it in, though, it needs to be wiped of my data or who knows where it might end up. 

To clear the contents of my phone, or any Android 13 device, I started at the Settings section’s System category and tapped Reset Options. Erase all data did the trick. To wipe an iPhone running iOS 14, start at Settings, tap on General Reset and then Erase all Contents and Settings.

Making security a habit

While these items are the major ways I secure my identity, there are dozens of little things I do everyday that are second nature to me, like using a mobile hotspot or one of the best VPNs instead of public Wi-Fi. In fact, the more I do, the easier it is to sleep at night.

More from Tom's Guide

Brian Nadel

Brian Nadel is a freelance writer and editor who specializes in technology reporting and reviewing. He works out of the suburban New York City area and has covered topics from nuclear power plants and Wi-Fi routers to cars and tablets. The former editor-in-chief of Mobile Computing and Communications, Nadel is the recipient of the TransPacific Writing Award.