Paul Wagenseil, writing for Tom’s Guide: For a monthly fee, identity-protection services promise to do whatever they can to make sure your private personal information doesn’t fall into the hands of criminals. Yet many of these services — including LifeLock, IDShield and Credit Sesame — put personal information at risk, because they don’t let customers use two-factor authentication (2FA). This simple security precaution is offered by many online services. Without 2FA, anyone who has your email address and password — which might be obtained from a data breach or a phishing email — could log in to the account for your identity-protection service and, depending on how the service protects them, possibly steal your bank-account, credit-card and Social Security numbers.
of this story at Slashdot.