GOLDEN VALLEY, Minn. -- Equifax dropped a bombshell this month when it announced hackers obtained information it had gathered on 143 million Americans. While some met the news with a yawn, "What else is new?" others have wrestled with the question, "How do I protect my information?"
Even more frustrating for consumers, many didn't supply Equifax with their information. The credit reporting agency, like it's competitors, Experian and TransUnion, gathers your information whether you like it or not.
Greg Scott is an I-T security consultant, as well as author of the book, "Bullseye Breach." The cyber thriller is meant to teach lessons about internet security.
Scott said he used to think everyone would benefit by freezing their security, but he acknowledges there are trade-offs. You have to freeze it with all the CRA's. Each charges a fee, although for a limited time, Equifax is offering it for free.
Any time you want to open a new account or apply for a loan, you need to unfreeze your credit, and companies charge for that. Scott sees a situation where this freeze/unfreeze cycle will become a lucrative side business for CRA's. Scott says that means any incompetence on the part of companies that are hacked turns into a windfall for the CRA's.
Logistics are also tough right now. Many consumers report difficulty trying to reach companies online or by phone to freeze their credit.
How to solve it? Scott says the big problem with social security numbers right now is you can have a number and a name that goes with it, but no way to verify the person holding the number is actually the person to whom it belongs. Still, the social security number remains the gold standard for companies to verify a person's authenticity.
Scott is floating the idea of a pass phrase. Not a word, but a phrase. He says it's easier for a person to remember "Your mom wears Army boots" than a password, "@rMybOOts!" It's also a lot harder to guess.
In the meantime, consumers are left with precious few choices to really secure their information.
Read more about the Equifax breach on Greg's blog.