Slashdot Mirror

← Back to Stories (view on slashdot.org)

Many ID-Protection Services Fail Basic Security (tomsguide.com)

Posted by msmash on from the security-woes dept.

Paul Wagenseil, writing for Tom's Guide: For a monthly fee, identity-protection services promise to do whatever they can to make sure your private personal information doesn't fall into the hands of criminals. Yet many of these services -- including LifeLock, IDShield and Credit Sesame -- put personal information at risk, because they don't let customers use two-factor authentication (2FA). This simple security precaution is offered by many online services. Without 2FA, anyone who has your email address and password -- which might be obtained from a data breach or a phishing email -- could log in to the account for your identity-protection service and, depending on how the service protects them, possibly steal your bank-account, credit-card and Social Security numbers.

2 of 47 comments (clear)

  1. Security has no ROI... by ctilsie242 · · Score: 4, Interesting

    Ironic that the companies that are in business to watch people's IDs seem to not care about protecting security themselves with basic account security measures. However, I think this is typical of the computer industry as a whole with "security has no ROI" a mantra sung by the PHBs.

    Do these services even work? Once someone applies and gets a credit card, the damage is done... the ID theft service may not be able to do much, because the debt is already signed for and it is up to the victim to press the fraud allegations and do the police reports.

    1. Re:Security has no ROI... by nnull · · Score: 3, Interesting

      That's because we have a culture and society that doesn't value privacy or security. Take for example European countries who have a higher value in privacy that security companies actually flourish there, because more people on average care about security and testing for flaws.

      Meanwhile, the only security companies that flourish in the US are security camera installers who install completely open to the internet security cameras for everyone (Because it's easier to just leave the firewall open to the internet for the client, who cares? Job is done, got payed! Client is happy to be able to watch their place on their phone and forgets about all that secured network nonsense.). There's definitely zero risk assessment being done at many companies.