top of page
  • Writer's pictureBridget Sullivan Mermel CFP(R) CPA

Protecting Your Identity: 5 Important Tips

In this episode of Friends Talk Financial Planning, John and Bridget discuss the increasing threat of cybercrime and share five important steps to protect your identity. They delve into the importance of multifactor authentication, the use of strong passwords or passphrases, and the risks associated with sharing sensitive information via email. Join them as they provide practical tips and strategies to safeguard your identity from cybercriminals. Don't miss out on this valuable information that can help you stay one step ahead in the digital world. Subscribe to Friends Talk Financial Planning for more insightful discussions on managing your finances and protecting your financial well-being.

John's firm website:

For advisors around the US:

Thanks for watching and please subscribe!


John: Is it just me or does it seem like there's an increasing amount of spam emails, text messages, phone calls. On today's episode of Friends Talk Financial Planning, we're going to share with you five tips to help protect your identity from cybercriminals. Hi, I'm John Scherer, and I run a fee-only financial planning practice in Middleton, Wisconsin.

Bridget: And I'm Bridget Sullivan Mermel, and I've got a fee-only financial planning practice in Chicago, Illinois. John, before we proceed with cybercrime, let's ask everybody to subscribe. It helps us with YouTube and helps us reach more people. So John, let's talk cybercrime. What's your first tip?

John: Yeah, like I said, I've got five things. I think you have similar things that you talk about with clients. But the number one thing these days is multifactor authentication, or two factor authentication. That's the big one that's become relevant or at least popular in the last several years. And the one that I think is the most important. And what that means, just to be clear, what we're talking about here is when you log into your account at the bank, at the credit card, whatever it is, you've got some other thing that you need to do in order to get onto the account site.

I've got my login information, so something I know which is my password, and then something I have, which is typically the cell phone, you get a text message, there's an authenticator app or some places, some banks, you get a little fob thing that you got to push the button to get the number. In short, something extra that you have determines your ability to have access to your accounts. I'm interested in your thoughts on that, but that's our number one. Our recommendation is to get two factor authentication on everything you can.

Bridget: Yeah, I agree. And I know from my brother, who is a viewer and security expert on the Internet, that's one thing he was talking about, and the reason why he picked a certain custodian years ago was because they were innovators on the two-factor authentication. So I think it's the gold standard of approaches. The other thing is that I think we can get into a little bit of subtlety. Even with two-factor authentication, you can say, “Yeah, remember my password if I'm not going anywhere with this computer.” And I'm wondering what your thoughts are about clicking that box, saying, “Yeah, remember me.”

John: Yeah. I tend to be a belt and suspenders kind of guy when it comes to this. I don't know if it's necessary, but for me and my office, on any mobile devices we have, we never save that information. The one exception is we do have a fixed desktop computer for which we say, “Okay, that's never going anywhere, so we can save passwords.” But on phones, on iPads, on laptops, all those things, we never let those things get saved in there. How about you on that?

Bridget: I would say that's for the most part true. I would say that it depends on what their policy is on if you're on a device or in a location they don't recognize. But I think the approach with cybercrime isn't necessarily stop everything possible, but I try to remove kick me signs. That's my approach. I want to take out the most obvious, because I believe that if somebody really wanted to get in and hack me, they probably could. But you know what? The people who are really at risk for that are the people with a lot more money than I have. And so, the risk is for people who are figuring mass market attempts at cybercrime. And so, I kind of think some protections is way better than none, but I try to not go too crazy with it so that I'm not driving myself crazy on the other end. So that's the balance that I try to get.

John: On this topic, you reminded me of a phrase or a thought process. You can't protect everything. I look at it like having valuable things at home. If I leave my doors open, my garage door up, and leave all the stuff out there, it's easy to steal. Guess what? If they want to steal it, they can break in. If somebody really wants to get in, they're going to do it. But why make it easy for them? Why leave the car unlocked and the key and the ignition? Taking small steps and being smart about this. And the reality is, yeah, they want to break in and hotwire it, they can hotwire the car, but let's not make it easy. Take that low hanging fruit off the tree.

Bridget: Yeah, I don't ask strangers to watch my bike.

John: Yeah, right, exactly. This multifactor authentication, two FA that's locking the doors when you go outside the house or when you go to bed at night. That's the sort of like saying, “Don't make it easy.” One thing related to that is there're so many passwords. Everything's online, so we've got these passwords. And one of the things that we've been embracing lately is using passphrases instead of passwords. So for passwords, there’re a couple of things. The first thing is don't have the same password or the same six passwords for everything. I've had a personal experience. I had my junk email account.

I've got one that I subscribe to newsletters, and it got hacked a few years ago, so it had been compromised. I said, “Oh what do I care about that? I'm not going to worry about it.” Well, that was a Google account, and it was connected to something else. And so, they were able to go into this other thing over here and buy some kind of tokens because my credit card at some point along the line for a subscription or whatever was tied into it. So I had a big ordeal with the email account and then changing a credit card.

And it was nothing that couldn't be solved, but it was a hassle and something that only happened because I was being lazy with that. So not having the same passwords is key. And we use a password keeper, one of the digital things. But then the evidence that we've seen in our research shows that it's the length of the password, not using symbols and other things, but once you get up to about 15 digits in the number of things on the password, it becomes really hard to crack.

And so, instead of things like a multi digit with stars and symbols and numbers, we'll have a series of unrelated words. For example, friends, basketball, potato, and that's around 20 letters, or whatever that is. And if I ever need to look, I can remember those three words, but the length of it makes a difference. So that's one other thing. One of the other topics for us is just having those passwords really pass phrases and making them longer.

Bridget: And one of the tricks that I use for my password is to try to make my password dependent on what I'm logging into, so it's different. I'll use two different initials based on the alphabet, blah, blah. I've got a little mental algorithm, but it's still a lot to keep track of even if you put something like that. So you need to have it figure out what your tracking system is going to be. Then that gets back to the same issue as before. That's making the fence higher. It's not making it up, it's just adding some more bricks to your fence.

John: I've got two other things that deal with mail. One is on email. And we've got a client who is a security specialist, and so I get a lot of this information from him and what he described as when you send things on email, it gets stored in servers pretty much anywhere. And he said, “Never put anything in an email that you wouldn't write on a postcard to a friend.”

Bridget: Right.

John: Would you put your Social Security number on a postcard? No. Would you put your account information? No. And it feels like it's confidential and secure, but it really isn't. And my experience with this was back in the olden days when the internet was first becoming a thing, we had dial up Internet. There would be a handshake, and it would take forever. I was in an office building where some of the first mapping software was being developed. And so, they had what was a T1 line back then, this super-fast line. And we got an email, we were storing everything. And one day, all the emails were gone. We didn't know about backups. We didn't save stuff. We were thinking, “Holy moly, everything's gone.”

We called the provider, and they said, “Oh, how many weeks do you want us to send it back to you?” And I said, “Well, just a couple of weeks.” They said, “Okay, we'll give you two months’ worth of emails just to make sure you don't lose anything.” And as I'm watching my computer screen, every email that we had received or sent or deleted was back onto our computer in seconds. So this stuff lives in cyberspace someplace. So on email, never send anything that you wouldn't put on a postcard. And then the other one, for just regular mail, is when you get things in the mail, shred all the paper documents that have anything confidential on them.

And I'll give just one other example of that. The same person who was talking about cybersecurity also did some other type of identity theft things, and he was telling me about his experience with a credit card. Everybody gets those credit card offers in the mail that say, “Sign up for this credit card.” Well, he had taken that, ripped it up into pieces like he was going to throw it in the garbage, but then opened the envelope, taped the pieces back together, mailed it in, and got a credit card two weeks later. One of the things that he would contend is that these offers can be a place for identity theft. I just got an envelope about getting a new credit card, and it comes in this blank envelope, right? It doesn't say anything, but everybody knows what it is.

If I'm out in the neighborhood walking the dog and I get a credit card application in your name, well, I go and just poke my head in your mailbox as I walk past every day at 03:00, and when I see that come in, I've got it. Now I can go and change the address on it. You don't even maybe know that that credit card was opened. And then three years later, you got a $10,000 delinquent bill and try to explain why you haven't made that payment on time, because you're not even getting the notices. So for email, don't put anything in it you wouldn't put on a postcard, and everything that comes in the US mail, shred it, at least anything that might be confidential.

Bridget: Another thing I want to bring up is that the criminals are particularly targeting older adults, which infuriates me. As you get older, a lot of times people’s ability to filter out this stuff and know what's right and what's wrong and maybe they come up with a new scheme, et cetera, is compromised. So I just want to remind people, if they have older adults, just talk about this, and don’t just give up on it. Talk about it once every six months or so, so that people know about the latest scam. I think AARP is a particularly good resource to find out about the latest scams and how to protect yourself from the latest scams, so I just wanted to mention that.

John: Yeah, I think that's great. I just read something recently that scams like this on people over age 65 were $3 billion worth of losses in I think it was 2021. So that’s a significant thing.

Bridget: Yeah. Well, they have more money, and they're less savvy, and they could be totally able to function, drive, et cetera, but a little less skeptical about what they're seeing.

John: I got one more of my tips that I use, and I think that you might have a different opinion on this, Bridget, but we tell everybody that they should freeze their credit so that no new accounts can be opened in their name. Used to be that you had to pay $20 or $40 every time you opened and closed a credit. Now that's free. You can go online and fill out the forms and get credit frozen for everybody. We suggest that everybody do it because you can turn it back on and off really quickly, but I think you're not necessarily on that same page, if I remember right.

Bridget: I think it's low on the priority list. Of all the other things that we've talked about, I would put that at the bottom. And there's two reasons for that. I think criminals are going for bank accounts right now and not credit cards. And I don't like the credit agencies, and so I just don't want to deal with them, so that's part of it. I don't want to give them another piece of my information. And so, there's a part of just resentment, paranoia on that.

John: I love your honesty. That's awesome. I had somebody recently ask a question about what if I need to buy a car? I was at a presentation and one of the people said that a couple had just bought a car. They were at the Ford or GM dealership, and the person got on the phone with TransUnion Experience, said, “Hey, we're looking to do this. Can we know?” The credit was unfrozen and frozen back again, and it was a phone call that took two minutes as part of the car buying process.

Is it a little bit of a hassle? Yeah, but maybe not quite what it used to be on things. Those were our five things that we've got you guys. Two factor authentication. Anywhere you can use it absolutely do it. Pass phrases, longer things. Don't repeat passwords. Email. Don't put confidential things in there. Regular mail. Shred that stuff that comes in. And at least think about freezing your credit. If you do those things, and you keep those doors locked on your car, and on your house, you won’t let the bad guys in easy.

Bridget: Yeah. And I'm going to add two more. Look at your statements, both credit card and your bank statements. Review them once a month so you can catch something before it's too late.

John: Yeah, that's great. Well, hey, with that, that's a great place to wrap up again. I'm John Scherer. I run a fee-only financial planning practice in Middleton, Wisconsin.

Bridget: And I'm Bridget Sullivan Mermel. And I've got a fee-only financial planning practice in Chicago, Illinois. John and I are both proud members of ACP, or the Alliance of Comprehensive Planners, which is a not-for-profit organization that helps financial planners who focus on tax-focused, comprehensive, fee-only financial planning, so if you're interested in a plan, John and I are both taking clients. But if you're interested in a planner in your area, you can check out

John: And don't forget to hit that subscribe button.

At Sullivan Mermel, Inc., we are fee-only financial planners located in Chicago, Illinois serving clients in Chicago and throughout the nation. We meet both in-person in our Chicago office and virtually through video conferencing and secure file transfer.

18 views0 comments


bottom of page