Many ID-Protection Services Fail Basic Security

Paul Wagenseil, writing for Tom's Guide: For a monthly fee, identity-protection services promise to do whatever they can to make sure your private personal information doesn't fall into the hands of criminals. Yet many of these services -- including LifeLock, IDShield and Credit Sesame -- put personal information at risk, because they don't let customers use two-factor authentication (2FA). This simple security precaution is offered by many online services. Without 2FA, anyone who has your email address and password -- which might be obtained from a data breach or a phishing email -- could log in to the account for your identity-protection service and, depending on how the service protects them, possibly steal your bank-account, credit-card and Social Security numbers.

Post-Experian: Endless whack-a-mole

[Rick+Schumann]

130+ million horses have already left the barn, and they doused it with gasoline and threw in a lit match on the way out (THANKS, EXPERIAN!). Frankly I'm surprised there hasn't been hundreds of thousands of cases of identity theft so far from this. As the subject line alludes to, I have little faith in any 'identity protection' service being able to do much of anything for anyone at this point in time, and how you log into their 'service' is probably the least of your worries. The mere fact that I haven't seen evidence of mass identity theft cases actually makes me more worried than if there had been, I've go no idea what these thieves are up to with all that very-much-personal data.