Color of Money Live: How to stay financially secure online

Nov 02, 2017

Join Washington Post nationally syndicated personal finance columnist Michelle Singletary for an online discussion.

“Knowledge isn’t power. The right knowledge is power.”

Stay informed.

Sign up for Michelle Singletary’s free newsletters: "Your Retirement" on Mondays & "Personal Finance" on Thursdays

Read & share Michelle Singletary’s Color of Money Column on Wednesdays and Sundays:

Follow Michelle Singletary on Twitter (@SingletaryM) and Facebook

Read Michelle's recent columns.

Today's topic is data breaches. I'm happy to host a guest, Brian Krebs, who is the author of October's Color of Money Book Club pick "Spam Nation." He has a must-read site 

He's THE expert on data breaches and identity theft. So pick Brian's brain today. 

And still always welcome

Your personal finance questions

Thursday Testimonies

And from last week, "It never hurts to ask." 

Let's get started.

I was a regular participant in Brian's previous chats and reader of his columns when he was with the Washington Post. I want to say "thank you" for the article on credit freezes. I had it bookmarked for the longest time and had meant to get around to following it to freeze my credit when the Equifax breach happened. I was able to quickly freeze my credit with all the credit bureaus with the help of the article.

Thank you for that warm welcome! It's unexpected and delightful to be involved once again in a Live Online with WP. Glad to hear the info was useful. If anyone else is still grappling with what to do in the face of Equifax and other big breaches of late, please check out this Q&A.

I too have accumulated over $1M in my retirement accounts -- most is in a rollover IRA (from previous employers), but a little in a cash balance (previous employer) and a decent chunk with my current employer's 401k. And I'm only 50. How? Started early. Got the employer matches. Increased contributions with each raise until I maxed out. The one time I took a loan -- ensured it was paid back. Almost always rolled it over when I left an employer (and still regret that $10K that I didn't). Slow and steady. I have more than my husband -- and he thinks that is **hot**.


Read Michelle's column: The 401(k) millionaire next door

Definitely hot!

Any other 401(k) or TSP millionaires want to share? TSP is federal gov't Thrift Savings Plan in case you didn't know. 

Michelle, please ask Brian; Why isn’t our credit accounts frozen at birth? How do we change the current Opt-out approach? Thanks,Ken

This is a great question. For that matter, why aren't the credit bureaus required to sort out their records when more than one living person share the same SSN? Why is it possible for a 5 year old to have a credit file? How hard is it for the bureaus to flag accounts for minors?

I'm with you on the opt-out approach: Specifically, that by default our credit files should not be available to any potential lender (and potentially fraudulent applicant). That the system asks me first *before* opening up my personal data to others. 

I think the answer has to come in the form of innovation. The credit bureaus and the businesses they serve (primarily financial institutions) are so so resistant to change that the best way to make these companies obsolete is to out-innovate them. Unfortunately, innovation takes time, a lot of risk and this is a huge, entrenched industry. I don't think more government regulation is the answer if we want more positive, consumer-friendly systems for validating who we are.

I'm a recently married 20-something. My husband and I are both diligent savers and have over 20k saved away. Additionally, my husband didn't go to college and I went to an inexpensive in-state school (no student debt). This has been a HUGE blessing. We are now going to use the money saved for his college expenses as a down payment on our first home! This is a reminder that you don't need a degree to be successful! And that modest living and aggressive saving pays off. Thank you for being an inspiration!

Love it with young folks are financially savvy. Good for you two! Thanks for sharing.

Michelle, please ask Brian; What is your recommendation for Password Manager? (Windows, iOS)

I don't use a password manager myself because I'm a weirdo and actually enjoy coming up with and remembering complex passwords. That's because my system is based on length rather than complexity, and I have a few mnemonics I like to use to achieve both with maximum recall.

But, back when I did use password managers I used KeePass, which is a free, open-source password manager. I'm personally not trusting enough to place all my trust in the cloud, and so I've stayed away from cloud-based solutions.  But many of my security industry friends are quite happy with tools like LastPass and Dashlane.

I had to miss part of the chat due to work last week, so I submitted early. I was thrilled to see the responses and to help kick off a "never hurts to ask" marathon! I started the financial fast (on Day 9) and while I've fallen down a few times, I am already seeing results. I realized that I "reward" myself with lunches and fancy coffees when I'm at work because "I work hard." (I spent $120 on unnecessary food in one month alone.) On Day 8, I looked at my savings, and while I'm doing well there, I found an account that has a 0.5% higher interest rate and moved my money yesterday. That will potentially earn me $120 more per year. I never thought I spent wastefully, because I compared myself to other people--but I do. (And realized in the process that I was coveting.) Learning all of this hasn't been negative at all. I feel like I'm getting straight and it's so empowering.

Yup, you kicked off a great thing. In fact, my column on Sunday is from the responses I got right here in this chat. So keep them coming under "It never hurts to ask."

And thanks for sharing about my book "The 21 day financial fast."  The savings potential of shutting down your spending for three weeks can be huge. One couple reported saving $1,300 in just eating out! 


Not all is nefarious with the 401(k) proposal. The proposal is only to cap the pre-tax contributions to $3000 (or whatever it is). You can still make post-tax contributions up to the IRS max, I think $18,500 for 2018 plus $6000 for catch up contributions for those 50 or older. As I read somewhere: pay tax on the SEED not the HARVEST. This is a good think, especially for young people!


Read the latest: GOP tax plan would shrink mortgage interest benefit, slash corporate tax rate

They bill is just coming out but it appears they did not make changes to the contribution limits to 401(k). 

But mortgage interest deduction on the table. 

Single woman, 56, no children. I can't wait to retire, but I'll keep working and keep my money working for me a while longer.


How did you do it? What's your annual salary? I ask because I'm seeing a lot of people making under $100,000 who have managed to save $1 million or more in their retirement plan. 

Michelle, please ask Brian; What are your top 5 recommendations to avoid Identity Theft? 1) Freeze credit, 2), 3) etc.? Thanks!

1. Freeze credit file. There are four consumer credit bureaus, including Equifax, Experian, Innovis and Trans Union. For more on what a freeze is, why you should consider it, and how to do it, see this post.

2. Obtain/review credit report from new bureau every few months. Report/contest any inaccuracies.

3. Freeze your file at ChexSystems, which is used by a ton of banks to do new checking account applications.

4. Opt out of pre-approved credit offers by mail (a favorite target of mail thieves). To opt out for five years: Call toll-free 1-888-5-OPT-OUT (1-888-567-8688) or visit The phone number and website are operated by the major consumer reporting companies.


To opt out permanently: You can begin the permanent Opt-Out process online at To complete your request, you must return the signed Permanent Opt-Out Election form, which will be provided after you initiate your online request. 

5) Be judicious about information that you volunteer publicly about yourself and your family. This information, often offered in exchange for "free" services online, is almost always used for marketing and will invariably wind up in a database somewhere. This goes double for any information posted on social networking sites.

I didn't seriously start retirement savings till I was in my 40s and finally making enough dough to be able to stash away the maximum. Did it by living way below my means. Not owning a car really really helped! I'm now on the cusp of retirement and just so grateful to my past frugal self for caring about her future self, who is now the present self.


....from my 2 daughters, who are around 30 years old. Within the last month, they came to us individually and thanked us for our lifelong lessons on avoiding debt. They used their friends and classmates who are burdened by debt from student loans/cars, and credit card bills. Our daughters realized how lucky they were without that monkey on their backs.

Children live what they learn!

Greetings, My intended and I are both 42 and well-established in our careers. With a summer wedding date planned, I want to know the steps to merging our finances. We plan to follow the "one pot" approach for money earned from our jobs, but I also need to know how to merge assets that we each have, already. Mine are savings, investments and life insurance, his are savings and pension. What resources are available that can provide a guide so that I address each avenue of our holdings? Thank you in advance!

There are a number of books out there to help and I have one called "Your Money and Your Man."

But really, you merge savings, home, etc. by putting your new spouse's name on the assets. When it comes to pensions, insurance and retirement accounts you designate your spouse as beneficiary. 

It's also important to get your wills done that reflect your marriage union as soon as possible. And doing that will also get you to a professional that can walk you through sharing your financial assets. 

Back when I first realized websites were grabbing my browsing history (for example something you looked at on Amazon, showing up as an ad in Facebook), I decided to stovepipe my browsing into different browsers. So I had one browser for banking and other bills that was used for nothing else and which had tight security settings. I put Facebook in a different browser, because they seemed the most aggressive. And I had a third for general browsing. This limits how websites can get to your cookies; and seemed to work for a couple years. But recently I've noticed Facebook and Amazon are working around this. Clearing cookies, cache, and browsing history has not broken that connection. How are they making the connection? Any ideas on re-stovepiping my browsing?

I like and recommend your segmented approach to everyone who asks. I personally have at least 3 systems I use for everyday use when I'm working out of my office. Only one of them is *not* operating in a virtual environment that can be reset at will. 

I need to do a short tutorial on this, but using tools like VirtualBox -- which is free and runs on Linux/Windows/OSX -- you can run a variety of operating systems simultaneously. I keep most of my casual browsing and clicking of links done on a locked-down browser that's running inside of a non-Windows guest OS. At the end of the day, I reset the virtual machine to its previous state and it wipes out any changes that day. 

This isn't practical or ideal for most folks, however. I do agree with the concept of using a dedicated machine for any sensitive transactions, such as bank or retirement account access and investments. I have recommended this approach since my days long ago at Washington Post.

To your question: It's getting very difficult to use a lot of social media sites without loading some very powerful code that is quite tenacious in your browser. I generally lump these sites into the general browsing category/window (i.e., unsafe) because they require so much third-party content and scripting to load that just viewing the content or video requires trusting 70 other Web sites that may also be trying to load content on the same page.

Honestly, my head is spinning after reading your response Brian. 

What about you guys? 

I'm feeling right now like protection isn't possible for regular people!

My husband's parents are in their early 60s and in poor health. From what we've seen from how they react to "life happens" emergencies, they have little to nothing prepared for retirement beyond a military pension and Social Security. We have encouraged them to make a will, but fear that inquiring further will get us shut out of any conversation until a crisis occurs. What can we do to establish some sort of safety net for them? Who would give us counsel on this? We are taking care of ourselves -- putting together a will, emergency savings, retirement and a life-happens fund. If we happen to have a little left over, what could we do for them? We are the best off on his side of family and would be the first looked to if (when) they needed help.

I get this ALL the time. 

AARP really has some great articles on talking to your elderly parents. Another good online resource is

But honestly if they won't talk nothing much you can do unless or until their health issues involve their mental capacity to run their affairs.

What I tell folks is you get your financial house in order so that you are prepared to help in a way that doesn't drag you down. This may include preparing for your parents to live with you or another sibling. 

Read all you can now on resources available. Make sure you have a tight -- TIGHT -- relationship with other relatives who can help you when or if they fall financially. You'll need the help. In other words, prepare for the worst -- they have little money and great health needs -- and hope/pray for the best -- they can manage on what they have because they aren't carrying debt, mortgage or take bad spending habits into retirement. 

Michelle, please ask Brian; What is the difference between Equifax planned “Credit Lock” versus a ; “Credit Freeze”? Thanks Ken

At a basic level, the difference is one is backed by laws and the other is backed by a promise and the company may change the terms at any time.

At a more practical level, the key difference is freezes are governed by state laws, and prevent the credit bureaus from making money by selling your credit history to potential creditors and banks. Those laws different slightly by state, but mainly around how much the bureaus can charge to place, lift or temporarily thaw a freeze.

A lock doesn't block the credit bureaus from selling your file. The bureaus also claim that a lock will block most inquires but allow through those that are intended only for specific purposes. Again, you are trusting the bureaus to manage this process with a lock (which is free, btw), as opposed to a freeze which requires you to take an affirmative step to undo.

When I got married, I had investments (stocks and mutual funds) and my wife did not. I opened a new account (same brokerage) in both our names and then instructed the brokerage to move the stocks in my individual account into the joint account. Only "issue" with this is I had a sign a document that said I knew by doing this I was transferring 50% ownership to her. It is quite simple. Other assets (e.g. cars, house, etc) take time and have a cost. For cars, we kept ours individually titled (not worth the cost and time) but when we bought new (or new to us) cars, they were titled in both our names.

Good practical tips. Thanks.

I love the book "The Two income trap" by Elizabeth Warren

It is a good book and a good cautionary tale.

I make about $90K now, but I've been saving and investing since I was in my early 20s, making $20K. I'm a savvy consumer and have a watchful eye for anyone who is trying to separate me from my money. I have little interest in most material things and spend reasonably on experiences that I enjoy. My only debt is my mortgage, on which I owe about $100K now. I make extra payments to pay it off faster. Being frugal pays off!

Yup. Penny pinching helps. 

I'm not there yet (only 40) but I'm well on my way - when I first started working for the govt, an older coworker of mine was adamant that I contribute 14% to my TSP. I am forever grateful to her, because starting young was definitely key! As for taxes, the tax bill as proposed will probably increase my taxes a bit by cutting the deduction for local taxes. I absolutely do not mind paying taxes, they are important to the country and society (and no, they don't pay my salary, my agency is fee-funded). But it makes me mad that I might have a tax increase to offset tax cuts for the richest (estate tax, etc)!

The rich get richer!

Please explain the steps to take to prevent someone filing for my federal tax refund.

Your biggest and best defense is to file your taxes at the state and federal level as soon as legally possible, which is usually in late January. But this is impossible or impractical for many folks (especially since many businesses delay mailing W2 forms till well after the filing season starts).

The IRS used to allow people to file for an Identity Protection PIN, a unique code assigned to taxpayers by the IRS that must be inputted along with the taxpayer's 1040 forms the following tax year. But that IP PIN program has been suspended (this article from my site explains one of the reasons why).

It's important to remember that tax refund fraud can impact all Americans, not just those who are due a refund from the IRS. Also, while I have mentioned credit freezes a few times, it's important to note that having a freeze on your credit won't stop ID thieves from filing a phony tax refund request with the IRS in your name. But it might stop them from abusing other online services that require access to your credit report to validate your identity. Here are a couple of examples of what I mean:

Student Aid Tool Held Key for Tax Fraudsters

IRS Re-Enables Get Transcript Feature

I can't participate in the chat today, I will read the transcript later. Another major problem (from my perspective) ... the tax bill will no longer allow medical deductions.

It does appear from early reports that medical deductions are cut in the tax reform being proposed. 

I had people trying to get credit using my name because of the Equifax data breach. I did their freeze online free and called the other two to get free credit freezes. I have mail from Experian and Transunion but nothing from Equifax. Short of calling equifax and waiting on hold, is there a way to check that credit freeze is in place? The whole thing is a nightmare.

I know this is probably not what you want to hear, but if you try to place a freeze online and you already have one in place you will be prompted to choose an option to permanently unfreeze or temporarily thaw your freeze. At that point you will a freeze is in place.

Husband and I are early 60's, both employed, and will have our mortgage paid off in about 2 years. The plan is to save the money we would have put toward our mortgage to use for a new-build retirement home (within the next 5 years or so). What's the best way to save that money?

Since you will want to use the money within the next 5 years you don't want to risk it by investing. So this means parking the money in a bank/credit union deposit account or you can choose a CD, even a 5-year CD to eek out a little interest on it. 

I froze my credit info before discovering that I then couldn't set up the online MySocialSecurity account and would have to go into a social security office to set up the account. So I opted to have my s.s. info sent by snail mail. Is there a security risk in getting your social security account balance delivered by mail?

Compared to everything that could wrong managing your account online with the SSA, I say doing it through the mail is relatively more secure. That is, provided all the adult members of your household have already signed up for the Postal Service's "informed delivery" service :) 

Also, not sure how old you are but Social Security is not mailing about statement anymore -- only to folks who are 60+ and not receiving benefits. 

If you are younger than 60 to get your statement you will have to have an online account or make the trip to an office to set up your account. 

I just hired a well-known financial planning company to provide us advice and management of our accounts. He recommends we "link" our various accounts (IRA's, savings, TSP) to a planning tool in order to get one consolidated view of our investments. This will necessitate me providing the user id's and passwords via encryption. This information is NOT kept by the system. I know these tools are common in the industry, but do you recommend I trust "linking" investments into this one holistic "view" for management?

Yes, there are ways this can be done with APIs and cryptographic hashes so that your passwords account data is treated with maximum security. However, I would just make sure you understand what level of access you are granting these applications before you do this. For example, access which is read/view only is very different from access that allows transactions or if/then financial scenarios. You might also wish to inquire at those financial providers what they think of the idea and your potential exposure.

It's easy to feel overwhelmed, Ms. Singletary. Some simple things you can do: Don't click any suspicious links (phishing attacks) Turn off bluetooth & file sharing unless absolutely necessary Keep your software current and patched Choose a strong password - 8-10 characters allows sufficient entropy.

You are right. And I do those things. But it still just doesn't feel like enough protection. 

I was just expressing that no matter what we do if companies aren't protecting their systems we are still vulnerable. 

It seems sensible to me to cap mortgage interest at $500k. Why subsidize the purchase of expensive houses? Let's encourage sensible home purchases! What do you think, as someone who encourages folks to live within your means?

I actually don't disagree. But for this reason more than anything. A lot of people have been sold on the idea that they should get a home for the mortgage interest deduction. This has caused a lot of people to buy too much house not just in terms of them not affording the monthly payment (sorry about the doubt negatives) but at the expense of leaving enough money in their budget to save for retirement or their kid's college fund. I see a lot of folks overextended in their home. They can make the payments but barely and only if nothing goes wrong.

Do you fear cyber-retribution from the criminals you've exposed? How do you protect yourself? Mega-firewall? Thanks

Hah! I probably get this question about how I protect myself  more than any other. I'm always on the fence, too, about whether to answer it completely or honestly -- or at all -- worried that to reveal one's defenses in the face of a talented, invested adversary necessarily weakens the potential effectiveness of said defenses (if only slightly).

As I referenced in an earlier response, the main weapon is segmenting my life according to work, personal, trusted and untrusted. For me, this has become a way of life, a series of habits and petty inconveniences. Not just in the online world, either. Physical privacy is a constant and expensive challenge, for example.

Online, I try to separate my casual browsing and social networking from more sensitive activity such as email and financial access, and to do the latter whenever possible from a dedicated machine that I don't use for more casual purposes. I also pay for VPN access and use virtual machines to separate my host system from the one doing the browsing.

Finally, I try not to post a ton of personal information about myself and my family online. That helps more than most people realize.

People please reread Brian's last sentence. We help the criminals by revealing way too much about ourselves online!

We each have million plus in each IRA and have been retired and having to draw down as required for more than five years. I don't expect the stock market to continue as it has but we have found that over the last few years we draw out what is required only to have the accounts fill back up so the balances haven't dropped. Also because of the size of the IRAs plus other income our adjust gross is now twice what it was when we were working so don't automatically assume you'll be paying less taxes when you retire. Once recommendation is that between the time you retire and have to take from the IRA at 70.5, move and pay taxes on some of the IRA to Roth thus lessening the overall amount later subject to taxes.

Thanks for sharing. And good for you!

Michelle, It seems like there is a lot of discussion about "the rich"...could you please identify what income is the "the rich" vs the middle class?


Read more: Is $100,000 middle class in America?

Read this story from the Post. Who is rich depends on where you live, cost of living etc. 

But I do concede we toss around "rich" too loosely. 

I have a very basic understanding of computers. I've set up my PC to automatically install security updates from Microsoft (and I assume from Dell and Mozilla, etc.) . What more should I do to ensure my PC is properly protected? Are there basic items I can check to see if something hasn't been inadvertently disabled?

My three rules of online safety come to mind here. 

1) If you didn't go looking for it, don't install it. 

2) If you installed it, update it. 

3) If you no longer need it, get rid of it (one fewer thing to worry about/update). 

I expand on these and other basic tips in this piece.

Also, realize that your email account is perhaps the most important account you have, because if an attacker hacks that, he can hack any account tied to that inbox. See The Value of a Hacked Email Account for more on that.

Do not re-use the same password across multiple sites. Use a password manager if you need to (see previous questions about this above), and wherever possible, take advantage of 2-factor authentication (particularly for email). See for detailed information on which online services offer 2 factor.

I started my serious savings in my mid-30s (was in a pensioned position in the UK before that). I maxed out what I was allowed to put into TIAA-CREF (401K equivalent for universities for those reading) when starting the job. I was making much more than I had previously, so wouldn't miss something I'd never had before. Moved to the federal government several years later and have contributed the max to TSP. I'm sitting a bit over $800K at the moment and will probably cross the millionaire status sometime in the next few years. The most important thing is that I always kept contributing and never invested scared. I've saved through two market crashes and made money on both of them. This is money for retirement and I won't be touching it for at least another 10 years. This approach works over the long run.

Good approach. Smart.

I'm happy with pwSafe (mac & ios), I understand there's a windows variant as well. I understand Mr. Krebs misgivings about putting this info in the cloud. But I feel I need to be able to get at these things on the road. And really how many long unique passwords can you really remember? My list is over 150 sites, and that's not all of them that I've collected over decades. pwSafe is based on a design by Bruce Schneier, who literally wrote the book on Cryptography. So I have a reasonable level of trust.

I'd forgotten about Password Safe. Didn't realize it was still supported. It also is a computer-based system for storing passwords. It also integrates with the browser, if I recall correctly. Anyway, the program is available at

I just realized that one of my utility bill payments didn't go through last month and I was hit with a fee. I called and showed that I tried to pay in good faith, and they waived the fee (I also paid for this month and next month right then and there). My question is if this is going to show up on my credit report; the customer service rep couldn't tell me. We're planning to buy a house soon. I was in the upper 700s before, so I'm worried. Should I hold off applying for a mortgage for a few months so that I can check for this bill and get it removed if/when it shows up?

I think you will be okay. And even if you are dinged it shouldn't be enough to push you down into another bracket that would impact the interest rate you will get. 

It's true that capping the deduction may prevent folks from buying more house than they should - but in DC and in many other areas on the East and West coasts, $500K is near the bottom of the housing market. It still smacks as an intentional hit against those who live in "blue" states.

No question this could hurt sales in that range if people are just buying for the deduction. Keep in mind you can still buy a home. 

While I don't fully disagree, $500,000 in the DC/NYC/SanFran area buys a lot less than elsewhere. It should be indexed to cost of living and not so much to a fixed dollar amount.

An idea.

I need to implement multiple browsers myself - guilty! As a Firefox user, I make liberal use of their privacy extensions. It's easy to find the page for these add-ons under Firefox's Settings in the top right. Some of my privacy extensions include uBlock Origin, Adblock Plus, Decentraleyes, and Disconnect. I also recommend Lightbeam, which shows you how other websites are talking to each other. And of course, EFF's Privacy Badger is a wonderful friend. (HTTPS Everywhere, too!) I would avoid Ghostery. Many former fans are rankled that they got sold to... an advertising company.

All great recommendations, aside from Lightbeam, which I've not used. Https Everywhere and Privacy Badger are terrific and Badger is eye-opening. Thank you.

I just read in another WaPo article that, among other deductions, the GOP wants to eliminate the tax deduction for medical expenses. Most of us never use that deduction, but when my mother lived in a CCRC, she paid $3,000 a month in rent, and at the end of the year, about $12,000 of her rent was allocated as a medical expense. She never paid any income tax while she lived there, because of the medical deduction. That will have a big impact on retirement communities.

Huge point!

Our employer 401k plan has high fees that range between 1-3%. We are a small non-profit. I tried to encourage our administrator to look at other plans such as Vanguard. Do employers have a fiduciary duty to pick the best plan for employees?

I'm not sure of the answer because the may have the right to offer any plan. And you have a right not to participate at those high fees. This is a great concern because fees do matter. Keep pressing your employer. Get other employees to band together with you to advocate for a better plan. 

Michelle, please ask Brian; How do you un-Freeze your credit without the credit agencies charging the fee? The credit agency websites don’t remember that you are a victim of identity theft. Thanks Ken R

I would just call them to do this. Assuming you have already provided documentation (police report, ID theft affidavit, etc) to the bureaus about being a victim, they should have that information on file.

I'm not yet a TSP Millionaire, but I am well on the track to be. When I started out in the government (day one), I put in the minimum match, then increased what I put in by half my raises each year. Pretty quickly, I got up to the max and didn't really notice it. I also have a ROTH from $$ I earned when from my high school and college jobs. Between those and my separate mutual fund accounts, I probably have about 750K and I'm only 40. I don't think I would have gotten here without the higher TSP limit - it just acts as a goal for me. I think if it had been $2500 when I started, I would have (naively) thought that that was enough to save and wouldn't have set the goal at (eventually) putting away the max.

Thanks for sharing. And your last point is why I opposed limited contributions.

We moved into our house in 2015. Took out a 10 year mortgage of $100k since we are close to retirement, want to get it paid off before we retire. We have been paying extra when we can this month's payment we are finally below $50k 30 mos after we started. I will come back and let you know when it is paid off in full.

Please come back and tell us what it's like to be debt-free!

Thanks for including Innovis in the freeze. I never heard of them until your article. And, Michelle is Sen. Warren going to have any luck on regulating these credit cos?

You're welcome. I know your question was for Michelle, but I wouldn't hold your breath on regulators doing much in response to this breach. If they only are able to pass a law prohibiting the bureaus from charging a fee for freezes, that would be progress, though.

I agree. The least Congress could do is make a freeze free!

Banks where I am seem to push their own app to customers a lot. I do online banking from my personal home computer, but was always nervous about an app. Can you give us a brief idea about security issues with apps? And if they're bad, then why would financial institutions try to convince us to use them--shouldn't they have some responsibility?

Banks want customers to use the bank's app because then you opt in to a much more detailed and rich level of marketing and profiling. The good thing about mobile banking is that it's convenient, fast, and if done right, more secure because you have more ways to validate trust. Unfortunately, a lot of banking and financial apps aren't terribly well-designed.

Leaving aside questions of non-specific banking apps, a lot also depends on how you use the mobile device that you would be using to do online banking. If you're the type of person who likes to download hundreds of apps from the Google Play store and throws caution to the wind about what permissions those apps request or their provenance/reputation, maybe you should stick to doing your banking on your computer (assuming you don't practice the same behavior there). 

But generally speaking for people who are relatively security conscious and judicious about what they allow on their mobiles, I say doing it over a mobile is probably way more secure than over a computer.

My condo building uses a billing company for our water metering. They did a weird two billings in one month thing and then charged a late fee. They had apparently sent something in the post but I never got it. I called up, paid immediately and courteously asked if they could wave the late fee as it was off the normal schedule - they did.

Never hurts to ask!

Should I add a anti-malware to my iphone? Which are the best ?

No, just be judicious about what you allow to be installed on your iPhone. Malware in the Apple store is rare but not unheard of. Focus on maintaining strong, unique passwords/passphrases for important accounts, and using 2-factor authentication whenever possible.

A lot of us didn't buy homes just to get the mortgage interest deduction. We purchased a home (within our means) 2 years ago for $650,000. It's right at a metro stop which enables us to live near work and without cars, a huge cost savings. But it's not a huge home - it's a 1000 square foot 2-bedroom, 2 bath apartment with no outdoor space, not some huge McMansion.

Totally understand that in many areas home prices are ridiculous. And what you get isn't necessarily a mansion. 

But I also know that many people buy thinking it's a good financial move because of the tax break. 

Both can be true. 

Thanks to all of you who participated in the chat today. I appreciate your questions/comments/opinions. I'm so sorry if I didn't get to your question.

Brian has agreed to answer some leftover questions, which I'll put in my newsletter next week. 

See you next week.

In This Chat
Michelle Singletary
Michelle Singletary writes the nationally syndicated personal finance column, "The Color of Money," which appears in The Post on Wednesday and Sunday and is carried in more than 120 newspapers.

Read recent columns
Subscribe to Michelle's newsletter
Color of Money Q&A Archive
Brian Krebs
Brian Krebs is an independent investigative reporter who writes about cybercrime at He worked at The Washington Post from 1995 to 2009.
Recent Chats
  • Next: