Money Talk with Liz Weston: Need help with your IRA? Call a CPA, or maybe a PFS

Dear Liz: My husband and I have substantial pre-tax savings in our workplace retirement plans and IRAs. Based on where those balances would be in retirement, we would definitely be paying more in taxes than now, and face the potential of running out of money if forced to withdraw it all. You often refer people to the Garrett Planning Network for fiduciary financial planners. Is there a similar organization for tax planners who can provide a strategy for rolling over our pre-tax accounts in order to take part of the hit now, and reduce taxes later? The financial planners we’ve found through Garrett have some tax knowledge, but refer us to tax professionals for more in-depth tax analysis.

Answer: Many fee-only financial planners work with tax professionals such as certified public accountants — CPAs — to craft Roth conversion plans that can reduce future taxes. If you want an all-in-one pro, though, you could consider hiring a CPA who is a personal financial specialist, or PFS. The PFS credential is similar to the certified financial planner credential, but is granted only to CPAs. To find one in your area, you can use the American Institute of CPAs’ directory at https://www.aicpa-cima.com/directories. Click the plus sign next to “Find a credential/designation holder,” select “PFS” in the box titled “Credential/designation name” and then input your location.

Safeguarding your personal data is hard. Here are a few tips.

Dear Liz: I was recently alerted that my Social Security number has been found on the dark web. My information was part of the AT&T breach that took place recently. I am no longer an AT&T customer and haven’t been for several years, but they have not made any contact with me. What do I do to keep myself safe and how do I get my information removed from the dark web? Why hasn’t AT&T reached out to me?

Answer: As a consumer, you don’t have much power. Companies often demand your personal data, such as Social Security numbers, before they’ll do business with you. Once your information is in their databases, you have no control over what happens to it. And if your information is leaked, there’s no way to remove it from the dark web.

You can’t even be sure how your information got there, given the sheer volume of database breaches in recent years. If you’re an adult with a Social Security number, chances are pretty good that number can be found on the black market sites where criminals buy and share information, says Eva Velasquez, chief executive of the Identity Theft Resource Center, a nonprofit that helps identity theft victims.

In other words, your data may have been compromised long before the latest incident, which AT&T says affected 73 million current and former customers. AT&T began notifying impacted customers via letters or email starting in April. Those customers should have received an offer for free credit monitoring.

There are a few things you can do to make yourself a bit less vulnerable to identity theft, such as putting freezes on your credit reports, not clicking on links in texts or emails if you didn’t initiate the transaction and using digital wallets or other secure payment methods.

Also, don’t be your own worst enemy. Beware of sharing personal information (birth dates, address, phone number, etc.) on social media. Consider limiting your audience to people you know and trust, Velasquez says.

The Identity Theft Resource Center also recommends using passkeys, a technology that replaces passwords, whenever you’re offered that option. If a passkey is not available, the center suggests using passphrases of 12 characters or more rather than shorter passwords. A passphrase is a sequence of words that can be personalized for easier memorization, typically with numbers added and a mix of capital and lowercase letters. The center gives an example of a passphrase for a 2015 University of Texas graduate: “H00kEmH0rns2015.” You’ll still need unique passphrases for every account and site. You also should turn on two-factor authentication or multi-factor authentication where available. This requires an extra step, such as getting a code on your phone or from an app, but this will make your accounts harder to compromise.

Liz Weston, Certified Financial Planner®, is a personal finance columnist for NerdWallet. Questions may be sent to her at 3940 Laurel Canyon, No. 238, Studio City, CA 91604, or by using the “Contact” form at asklizweston.com.