You can increase security with 2-factor authorization tied to a physical object, such as your phone. Photo by Photo credit: Austin Distel on Unsplash

My identity was stolen. This is what I learned.

I thought I was adding a level of security. It made me more vulnerable.

I was working on my computer a few weeks ago when a notification popped up on the screen. Apparently I had just purchased takeout from a restaurant in a city about 500 miles from where I live.

Not likely.

I dialed my payment provider, but my phone had been set for emergency calls only. A text message from my cell service provider told me my telephone number had been ported to a new carrier.

I soon learned that I no longer had access to three accounts. The perpetrator had changed passwords. Using my cellphone number, this person had received text codes as part of a two-factor authentication to access my accounts.

Having an online account text an authorization code was supposed to be an added security measure. It had become a liability.

Using an internet phone service and online messaging, I contacted the relevant parties and regained access before suffering any significant damage.

A little bruised from the ordeal, I offer these 7 suggestions for protecting your identity online.

Avoid using your cellphone number to receive 2-factor authentication codes. An authentication app., for example, requires access to the device itself. You can also get a physical key that looks like a thumb drive. Arrange with your service provider to apply port protection to your number. This is an extra level of security which restricts transfer of your number to another provider. Set up push notifications so you know immediately when there is a charge to your credit cards or other payment provider. Cancel accounts you don’t use. Will you know if someone steals that credit card number you don’t have? How about that email address you no longer use? Is it sitting there with your personal data, including your contacts? Use fake answers to security questions. Those Facebook memes that ask you to create your Hogwarts name (or whatever) with your month of birth and your first car may be fun. They also make public the very kinds of stray data security questions ask for. This one is for protecting others. Please, please, please, please, please! When you are sending a group email, put the email addresses in the bcc field. Otherwise, if one account becomes compromised, all those addresses are available to the thief. Finally — and this shouldn’t have to be said — keep your passwords secure. I called a debt collector early one morning. She had just arrived to work and had to login to her computer. I heard her whisper her user id as she typed. “I can hear you,” I said. “Don’t let on your password.” “Oh, it’s MONEY!” she said. “That’s everyone’s password here.” No comment.

The playing field continues to change as new technology arises. The above is a small sample of security measures.

What security measures do you prefer? Please don’t comment with your password. Or your mother’s maiden name.