Tag Archive for: digital security

Your 23andMe DNA Is Up for Sale: Here’s How to Protect It Before It’s Too Late

If you’ve ever submitted your DNA to 23andMe, now is the time to act. The company has filed for bankruptcy, and buried deep in their user agreement is a disturbing clause: they can sell your genetic data to whoever offers the highest bid. And that’s not a hypothetical—at one point, a major pharmaceutical company was the highest bidder for millions of profiles. Your DNA, including markers for disease risk, ancestry, and physical traits, could soon belong to corporations, insurers, or even foreign governments—all without your explicit consent.

Here’s the problem: HIPAA doesn’t apply. Genetic testing companies like 23andMe aren’t bound by the same privacy protections as your doctor’s office. That means your most intimate biological data—your blueprint—can be sold off with fewer restrictions than your medical records from a routine check-up. Imagine a world where insurers hike your rates based on a gene you didn’t know you had. Or a world where governments use inherited markers to surveil or discriminate. That world is a lot closer than you think.

But you still have a window to protect yourself. The good news? You can download your data and delete your account before it changes hands. This includes requesting that your physical DNA sample be destroyed. Here is a step-by-step guide:

To completely delete your data:

  1. Log into your 23andMe account and navigate to “Settings.”
  2. Scroll down to the bottom to “23andMe Data” and click “View.”
  3. Scroll down to the bottom of this page and add your birthdate. Click “Delete Your Data.” You will then be taken to another page where you will choose “Permanently Delete Data.” This begins the irreversible process of removing all your genetic information from 23andMe’s systems.
  4. You should receive a message stating that 23andMe received your deletion request, but you need to confirm it by clicking a verification link sent to your email address. This two-step process is designed to prevent accidental deletions.
  5. Access the email titled “23andMe Delete Account Request.” Click the “Permanently Delete All Records” button at the bottom of the email. You will be taken to a confirmation page that states “Your data is being deleted.”
  6. After completing these steps, you should receive a final confirmation email from 23andMe acknowledging that your data deletion request has been processed. Keep this email as documentation of your deletion request.
  7. If you don’t receive confirmation within a reasonable timeframe (typically 30 days), contact 23andMe customer service directly to ensure your deletion request was properly processed.

The implications of this go far beyond 23andMe. This moment is a wake-up call for every person who’s handed over their DNA to a private company. Even if you didn’t, a close relative might have—and your genetic data overlaps with theirs. Once it’s out there, it’s nearly impossible to reclaim.

The 23andMe bankruptcy shows us how vulnerable we really are when it comes to genetic privacy. So take control while you still can. Download your data. Delete your account. And demand that companies treat your DNA with the same respect as your identity—because that’s exactly what it is.

Concerned about how your team is handling security threats like this—and the dozens more we face every day? Let’s start the conversation. Reach out at [email protected].

Why Passkeys are Much Safer than Passwords


Passkeys: A Better Way to Log In (Without the Password Headache)

Passkeys sound like one more tech buzzword you’re supposed to nod at in meetings. But the idea is simple:

A passkey lets you log in using something you already do every day—Face ID, a fingerprint, or a device PIN—instead of typing a password.

No guessing. No “Forgot password?” No sticky notes. And most importantly: it blocks the most common ways people get hacked.

What a Passkey Actually Is (in Plain English)

Think of a passkey like a digital “handshake” between:

  • The website/app you’re logging into, and
  • Your device (your phone, tablet, or laptop)

Your device holds the “secret proof” that it’s you. The website keeps only a matching “public” piece that can’t be used to log in by itself.

Key point: the secret proof stays on your device. It never gets typed, shared, emailed, or stored on a server as a password.

And you unlock it the same way you unlock your phone: face, fingerprint, or PIN.

Why Passkeys Beat Passwords

1) Phishing-proof by design

Phishing scams work because they trick you into typing your password into a fake page.

Passkeys shut that down because:

  • You don’t type anything
  • Your device only offers a passkey on the real site/app it was created for
  • A fake login page can’t “steal” what you never enter

2) Data-breach resistant

When a company gets breached, stolen password databases get sold and reused everywhere.

With passkeys:

  • The site stores only the “public” half
  • Hackers can’t turn that into a login
  • Your “private” half never leaves your device

So the typical “Your password was exposed” nightmare mostly disappears.

3) Breaks bad password habits automatically

Humans reuse passwords. Humans pick easy passwords. Humans forget passwords.

Passkeys fix that by default:

  • Each passkey is unique to that one site
  • There’s no temptation to reuse anything
  • There’s nothing to remember

4) Convenient and secure

Passkeys give you strong protection without extra steps:

  • No memorizing “Th!s1sMyP@ssw0rd!”
  • No juggling 2FA codes every time
  • Just Face ID / fingerprint / PIN and you’re in

Do Passkeys Work Everywhere?

They’re already supported across:

  • iOS, Android, Windows, macOS
  • Every major browser

And they can sync across devices through:

  • Apple (Passwords / iCloud Keychain)
  • Google Password Manager
  • Microsoft accounts
  • Password managers like 1Password (and others)

So once you set them up, they tend to “just work” across your devices.

Which Accounts Should You Switch to Passkeys First?

If you do nothing else, start with the accounts that let someone move money or reset your digital life.

Upgrade to passkeys first (highest risk)

  • Banking apps & credit unions
  • Investment/retirement accounts (brokerage, trading apps)
  • Payment apps (anything that sends money)
  • Crypto exchanges / wallets (if you use them)
  • Password manager vault (if it supports passkey login)

Next: the “keys to your kingdom”

Then: your personal data vaults

  • Cloud storage (Google Drive, OneDrive, iCloud)
  • Photo libraries & backups
  • Tax / health portals (where available)

Finally: the security tools that protect everything else

  • VPN account
  • Identity monitoring service
  • Security/antivirus accounts

How to Start Using Passkeys (Quick Setup)

  1. Open the app or website you want to upgrade
  2. Go to Settings → Security / Sign-in
  3. Look for terms like:
    • Passkey
    • Passkeys & security keys
    • Device-based sign-in
    • Security key / FIDO
  4. Follow the prompts and approve with Face ID / fingerprint / PIN

Not every service supports passkeys yet—but enough do that you can make meaningful progress quickly.

One Smart Reminder

Passkeys are strongest when your device is secure.

So do the basics:

  • Use a screen lock that has a backup password of 13+ alpha-numeric characters
  • Keep your phone/laptop updated
  • Don’t leave devices unlocked in public places; physical security is digital security

Bottom line

Passwords are a 1999 solution to a 2026 problem.

Passkeys are a simple “yes” because they:

  • block phishing
  • reduce breach panic
  • remove password chaos
  • make your life easier

I’ve already encouraged my own family to use them for the accounts that matter most—money, email, and primary identity logins—because those are the accounts criminals want first.