NEFE’s On Your Own will be retiring on Dec. 30, 2019.

For more resources and tools, visit

Online Protection 101

(Find the Weak Spots)

Six out of 10 Americans believe that crime is on the rise, when the reality is that violent crime has decreased drastically in the past 25 years, according to the Pew Research Center. But that doesn’t mean you are safe. While violent offenses generally are on the decline, other types of crime, including identity theft, are on the rise.


Younger people are at risk for losing money to fraud, according to a report by the Federal Trade Commission. Since this report compiles only self-reported incidents, it can be assumed that the actual number is much higher.

Thieves often pose as the government, a business, technical support or even a relative claiming to be in trouble in order to con you out of money. The median amount lost per victim in 2017 was $429. Losses were highest in scams involving:

  • Travel, vacations and timeshare plans
  • Foreclosure relief and debt management
  • Job and business opportunities

Telephone was the method of contact in 70% of fraud reports and wire transfers were the most common way for thieves to get money. Remember to trust your instincts. If something sounds too good to be true, it probably is.


It’s easy to feel a false sense of security when using public Wi-Fi networks, answering email and shopping online. The reality is that you are vulnerable to scammers any time you use the internet.

If hackers gain access to your computer — often through links you click in attachments, emails and online ads — they might hold your files for ransom or even try to watch you through your webcam. (Don’t believe it? Read this eye-opening profile from GQ magazine.)


The average American has 150 online passwords and that number will rise to 300 by the year 2022, according to the password manager company Dashlane. Even if you have a stellar memory, it’s pretty hard to remember hundreds of unique passwords, especially given that each one is supposed to be 12-15 digits long and contain a variety of letters, numbers and symbols.

Common password tricks include:

  • Use a mnemonic — a memory trick that helps you remember a series — such as the treble clef notes on a musical staff: “Every Good Boy Eats Fudge,” which represents the notes E, G, B, E, F or “Super Man Helps Everyone,” which represents the Great Lakes in order from west to east: Superior, Michigan, Huron, Erie, Ontario. (But don’t use these. Use the mnemonic trick to remember your own phrases.)
  • Use a phrase only you will remember, such as “My first dog was Spot in 2004 and I was 5 years old” would be “MfdwSi#2004&Iw5yo.”

Security experts warn against using common words, slang or personal information that could be guessed easily. For example:

  • Don’t use your birthday, Social Security number, license plate number or phone number.
  • Don’t use “ihaveadream” or “tobeornottobe,” etc.
  • Don’t use the same password trick with the same words for different sites. For example, if you mix two words together don’t just swap it for another site. If thieves guess one, they can easily guess the other.
Young woman on laptop researches how to set up a password to protect her online accounts

One solution to the password overload is to use a digital password manager (such as Roboform, Lastpass, Dashlane) that stores your passwords for you. You only need to remember one master password, and these sites offer password generators that will come up with unique passwords for all your accounts — an important feature, since an alarming number of us tend to reuse the same passwords on multiple sites.


Two-factor verification, or multifactor authentication, is when you’re required to enter a second form of identification beyond your username and password. This might be a unique code sent to your mobile phone through an app or entering your fingerprint. Online companies, social media and government sites are exploring everything from eye scans and facial recognition to more sophisticated techniques to solve the password problem. After Yahoo! was hacked in 2016, they introduced on-demand passwords, which eliminates the overall password all together and sends a new one to your phone for each session. For now, creating strong passwords and enabling multifactor authentication are the best defense against password hacks.

Learn to spot the signs of identity theft and what to do if you are a victim. Unfortunately, this problem isn’t likely to go away soon. Take steps now to set yourself up for a more secure future.

As always, we’ve got your back. — The On Your Own Team End of article insignia

[Any reference to a specific company, commercial product, process or service does not constitute or imply an endorsement or recommendation by On Your Own, the National Endowment for Financial Education or any of its affiliate programs.]