Important: I am not affiliated with any of the manufacturers, brands, services, or websites listed on this page and this is my personal experience. If you find this helpful and want to say thanks, please buy me a coffee or take a look at my book on Amazon. It keeps this page ad-free. Thank you!
This guide is written from a US perspective, most of the tips will work anywhere in the world. I’m not affiliated with any of the companies listed, I simply wrote this guide to help. If you want to say thanks, you’re welcome to buy me a coffee. This list is not intended to be exhaustive, so please don’t email me saying “what about this…”.
You have probably seen the incessant ads for Norton LifeLock, they prey on the paranoia and fear some people have of the “internets” and basement-dwelling hackers in hoodies. If you want a reason to avoid Norton LifeLock, you should check out the action FTC has taken against LifeLock, including this quote from the FTC:
“While LifeLock promised consumers complete protection against all types of identity theft, in truth, the protection it actually provided left enough holes that you could drive a truck through it,” said FTC Chairman Jon Leibowitz.
Not only is this pretty damning, but in 2015 LifeLock had to pay the FTC US$100MM for contempt of the 2010 settlement. In my read of the decision, it seems that LifeLock has to maintain records and report to the FTC for 13 years on how they run their company (para VII.A).
I don’t know about you, but that level of oversight by the FTC hardly inspires confidence in LifeLock as a company and it raises a real question mark over whether LifeLock is worth the high price. The good news, is there are alternatives to LifeLock from a variety of other, mostly, free services that you should be using instead. Candidly, some of the free services also have a paid tier, but even the paid tiers offer better value than what LifeLock offers.
This post is designed to summarize services that offer LifeLock alternatives in one place to help you save some money and protect your personal data.
Free: Monitor for Data Breaches / Stolen Data
The best way to monitor for a data breach is to register your email address with HaveIBeenPwned. This is 100% free and my tests suggest that most paid identity theft protection rackets companies simply license this data. HaveIBeenPwned will send you an email should your email address ever be found in a data breach. Typically, they will also tell you what was breached, the data, and what data was involved.
Free: Password Manager
If you have been involved in a data breach, you will need a password manager. A password manager is the best way to ensure every site you use has unique passwords. The best free option is BitWarden. If you get an email from HaveIBeenPwned you should change your password on the impacted sites immediately. A paid BitWarden plan is also available, but free will be enough for most users. The paid plan is $10 a year. Yes, a year – that’s less than $1 a day, well under the price of LifeLock.
Free: Enable Two Factor Authentication (2FA)
Good passwords are not enough, which is why you should enable 2FA everywhere. Did you know LifeLock doesn’t even require you to set up 2FA by default? Yet they claim they “secure” your data. Hmm. Why does 2FA matter? In simple terms, 2FA will mean you will need to provide a unique code every time you log in to a site or service. The theory is that if your password is stolen or guessed, hackers still should not be able to access your account because they won’t have the second authentication required to log in. There’s a good explanation of what 2FA is on Lifehacker. If you’re ready to get started then 2FA.directory will help you find how to turn on 2FA for the most popular websites and apps.
Free: Privacy Safe Browser
There are two (2) main causes of Identity Theft, the first is poor security by companies you do business with and the second is someone in your household clicking on some sketchy website. There’s not much you can do about the former, but the latter can be managed if you use a better browser. Brave is a free browser, built using the Chrome engine, that blocks ads and tracking and has privacy as its core. You should switch to Brave. Alternatively, try the Firefox browser which is also privacy-centric and offers a few additional paid features like an anonymous VPN and anonymous email. Both browsers have PC, Mac, and mobile versions so you can use them everywhere.
Free and Paid: Anonymous / Private Email Relay / Disposable Email
Anonymous / Private Email Relays / Disposable Emails mask your real email address. In simple terms, this means on every site you use you can have a unique email address. that will forward to your real email. Why does this matter? Well if someone gets hacked, you can just disable the email you used on the site – protecting your real inbox. Apple offers this as part of various iCloud plans, but not everyone has an iPhone or Mac – so I recommend either Addy.io (formerly AnonAddy) or Firefox Relay. I have a full review of Addy.io (formerly AnonAddy) here and it does offer unlimited aliases for free (with bandwidth limits). Firefox Relay has a free limit of 5, with unlimited aliases at a promotional price of 99c per month.
Paid: VPN Service
There are endless ads for VPN services promising to protect you. If you genuinely want a private and secure VPN, use the Mozilla VPN (from the makers of Firefox). The Mozilla VPN starts at US$5 a month on an annual plan. If you are more technical, you could get yourself a Raspberry Pi and make your own at-home VPN with WireGuard. This will route all traffic when you’re away from home, via your home. I have written up instructions on how to make your own WireGuard VPN here.
Free: Freeze your Credit File
This is honestly a must-do, all credit bureaus offer the ability to freeze your credit file with varying degrees of simplicity. Please be careful during the process as some try to upsell you to their “monitoring” solutions which don’t need. This also means make sure you untick any box that asks you to opt-in to receive “useful news and tips” etc. when you sign up and never click Upgrade. Some of them price Upgrade as $0 but the fine print will have monthly charges after 30 days.
Full disclosure, some of the credit reporting agencies have been hacked (most famously Equifax). This may make you anxious, but unfortunately, these companies have all of your information anyway – whether you freeze your credit or not.
Freeze Your Credit Online:
The process to freeze your credit takes about 5-10minutes per credit bureau and is very easy. Just make sure you opt out of all of their marketing emails. Experian is the most sneaky when it comes to trying to opt you into this – you will need to go to “Your Account – Communication Preferences” to opt-out after you sign up.
One of the reasons you want a password manager is to ensure you can always easily log in to the above services (don’t forget to enable 2FA as well!). You will need to unfreeze your credit if you’re applying for any type of loan, some employment and rental applications, etc. You can temporarily unfreeze at any time but you will need the PIN you created during the freezing process. So don’t lose the PIN!
It’s also worth knowing that the credit bureaus offer active fraud alerts for free if you have been a victim of identity theft. You will need to submit an affidavit and possibly a copy of the police report so that they know your claim of identity fraud is legitimate.
Free: Monitor your Credit Score
This recommendation has some caveats, as many “free” credit monitoring services have a “catch” in that they sell your data. As a first step, you should check with your bank and their mobile app/website as a lot of banks now offer free monthly credit score reports.
Most of the credit reporting bureaus also offer the free ability to your score from them free (just them, not all bureaus) which is easy to do and access if you set up a credit freeze. Some will also alert you to attempts to access your file, etc. This means you should freeze your file first and turn on any free monitoring they offer. Freezing your account will help stop people from opening accounts in your name.
If you want a detailed analysis of what accounts you have open, payment history, etc. then using a free service such as CreditKarma will give you an easy way to see all accounts open in your name and your credit score across a few agencies. But as a rule, check what your bank and the bureaus offer you for free first.
Any unusual movement in your credit score could be a sign someone is opening accounts without your knowledge.
Free: Do Not Call Registry
The FTC operates a national Do Not Call Register which is intended to protect you from robocalls. It won’t stop spam calls, but it can help stop automated calls from a lot of companies. Registration is free, quick, and easy. After registration, you should see a reduction in calls after 30 days.
Free and Paid: Delete your Data from Data Brokers
There are a lot of sites on the internet that take stolen data or scrape other websites then package it up and sell it. You can remove your data from them for free by contacting the individual sites. There’s a useful wiki here that tells you how to remove your data from most of these sites. However, there are a lot of sites and the process can be slow and repetitive, as once you remove your data you have no guarantee that they won’t put it back again. This is why I use a service called OneRep that automates scans and removals every 30 days. You can read my OneRep review here. Doing this is necessary until the US has a proper Federal Privacy Law. If you’re uncertain if OneRep is worth paying for, they do offer a free basic scan. If you’re worried about the cost, get the Family Plan and split it across some of your friends.
Free: Opt Out of Various Services
If you’re trying to opt out of various services, unsubscribe, etc. SimpleOptOut has guides for 50+ of companies/sites. Some of them will let you opt out online and some will require a phone call *sigh* but it’s worth doing.
Free: Google Removal Request (Personal Information Only)
If someone has stolen your data or you have been hacked and personal information has been published online, you can ask Google to remove it from search results. Google’s tool is for personal information e.g. SSN, not for random requests because there’s a factual news story about you that you don’t like. You can find the Google sensitive information removal tool here. This tool won’t stop the dark web (nothing can really fix that but the FBI), but it’s will stop people casually finding your information.
Free: Report Identity Theft
The US Government operates a free and excellent site called IdentityTheft.gov. It will walk you through steps to determine what your issue is and develop a recovery plan, including who to notify, etc. Yes, this will require time to print, email, call, etc. people but you will have full control and know where things are at. The other bit of good news is most companies, especially banks, have teams dedicated to supporting victims of identity theft.
Paid: Identity Theft Insurance
One of the big selling points of LifeLock and others is “Identity Theft Insurance”. The thing is, a few home insurance companies offer this as an add-on as part of your home insurance policy for as low as $25 a year. Yes, that’s only $25 a year for identity theft insurance. You would pay 10x this amount for 1 year worth of coverage on the LifeLock family plan. If you really (really) want identity theft insurance, talk to your broker and see if you can add it to your existing policy, and if you can’t, then find a new insurer.
Free: IRS Fraud Protection
You can lock your IRS account with an “Identity Protection PIN” for free by going directly to the IRS here. You can do this online with an IRS.gov account or via paper form. Don’t lose your PIN as you will need it to file your taxes each year. If your social security number has been stolen in a data breach, locking your IRS account is a good idea. If your IRS file has been the subject of identity theft (false tax returns, etc) you can use the IdentityTheft.gov site to report it. The IRS has a department dedicated to helping with issues resulting from people fraudulently filing taxes under your SSN, etc.
Summary
The above list is by no means intended to be exhaustive, it’s really intended to summarize best practices and link to ways you can easily manage your data, privacy, and security without paying for services like LifeLock. There are many other things you can do to protect your security and identity, but I have limited this list to things easy enough that even your parents could do it. I hope you find it useful and thanks for reading.
Important: I am not affiliated with any of the manufacturers, brands, services, or websites listed on this page and this is my personal experience. If you find this helpful and want to say thanks, please buy me a coffee or take a look at my book on Amazon. It keeps this page ad-free. Thank you!