Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
Vanguard Security Questions Reset
Old 08-23-2014, 09:05 AM   #1
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
TromboneAl's Avatar
 
Join Date: Jun 2006
Posts: 11,197
Vanguard Security Questions Reset

I got this email the other day from Vanguard. I'm pretty sure I haven't answered the questions incorrectly. It isn't possible that someone entered my user name by mistake, because it is a random series of letters.

Have you ever gotten this email? What do you think is going on?
We've disabled your access to certain areas of Vanguard.com because your security questions were answered incorrectly multiple times on .

It's possible another user mistakenly entered your user name and locked your security questions. However, if you believe someone attempted to access your account information, contact us immediately.

To access your account, follow the directions below.

From a computer that you use frequently to access your Vanguard account:
Log on to Vanguard.com. Choose new security questions and answers.
__________________

__________________
Al
TromboneAl is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 08-23-2014, 09:13 AM   #2
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
braumeister's Avatar
 
Join Date: Feb 2010
Location: Northern Kentucky
Posts: 8,591
It sounds legitimate, since they don't ask you to click a link in the email. I've had similar things happen. Someone tried to get access to your account and failed. Good idea to reset your security settings.
__________________

__________________
braumeister is offline   Reply With Quote
Old 08-23-2014, 09:20 AM   #3
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Sep 2005
Location: Northern IL
Posts: 18,264
I'd contact Vanguard direct, and if your username is really too complex to think someone got in accidentally mistyping their own, or by an actual 'brute-force' attempt, then I'd be very concerned that there is a keylogger on your computer. How else would they get a complex username?

And for some systems, I think they will ask the security questions if a new computer is trying to get access - either no cookies or a different IP?

I'd be worried. (edit/add): And I wouldn't just change the security questions, I'd change to a strong PW - which reminds me, Vanguards security sucks. You enter username and password on separate pages, so a bad guy gets confirmation of the username, and can then try the password. When they are on one page, they need to get BOTH right at the same attempt. And their PW are too short, I had to use a simpler system than my usual one for secure sights.

-ERD50
__________________
ERD50 is offline   Reply With Quote
Old 08-23-2014, 09:21 AM   #4
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Apr 2013
Posts: 5,565
It sounds legit. If you're really suspicious give them a call to make double dog sure.

Sent from my SAMSUNG-SGH-I337 using Early Retirement Forum mobile app
__________________
MRG is online now   Reply With Quote
Old 08-23-2014, 09:27 AM   #5
Thinks s/he gets paid by the post
martyb's Avatar
 
Join Date: Nov 2006
Location: Bossier City
Posts: 2,182
Yes, Vanguard sends out letters like that. I've received them several times for my & my wife's accounts whenever I screw up with the passwords.
__________________
“Change is the law of life. And those who look only to the past or present are certain to miss the future.”
-John F. Kennedy

“Hard work never killed anybody, but why take a chance?” - Edgar Bergen
martyb is online now   Reply With Quote
Old 08-23-2014, 09:56 AM   #6
Administrator
W2R's Avatar
 
Join Date: Jan 2007
Location: New Orleans
Posts: 38,846
Wow! Al, I have never received a communication like that from Vanguard.

I am no expert on computer security, but for what it's worth (very little) here's what I'd do:

1) Do a full sweep with Malwarebytes and Norton (or whatever internet security suite you use), and fix any issues found.
2) Change my password to a different, longer, strong password
3) Change my security questions
4) Write down (and hide) the new password and security questions, and be extremely careful not to type in the wrong thing.
5) Log in daily for at least a month or two to check and make sure everything is OK. Frequently repeat steps 1-4 above.
__________________
Already we are boldly launched upon the deep; but soon we shall be lost in its unshored, harbourless immensities.

- - H. Melville, 1851
W2R is online now   Reply With Quote
Old 08-23-2014, 10:09 AM   #7
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 7,885
Would be nice if Vanguard had the feature to change user names like some banks do to be sure the user name won't work in case that got into the wrong hands.
__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is online now   Reply With Quote
Old 08-23-2014, 10:15 AM   #8
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Chuckanut's Avatar
 
Join Date: Aug 2011
Location: West of the Mississippi
Posts: 6,322
After you contact Vanguard, change the answers to your security questions to silly things.

If they want to know the mascot of your High School don't give the real answer - "porcupines". Instead come up with something really off the wall like "dragonducks". In this way even if somebody knows what high school you attended they still won't know your answer.

Also, the thought of you sending fire breathing ducks to avenge yourself, will scare them.
__________________
The worst decisions are usually made in times of anger and impatience.
Chuckanut is offline   Reply With Quote
Old 08-23-2014, 10:18 AM   #9
Thinks s/he gets paid by the post
martyb's Avatar
 
Join Date: Nov 2006
Location: Bossier City
Posts: 2,182
Hey, wait...just went back & re-read your OP. Since you say you know you haven't incorrectly answered the questions, I withdraw my previous reply and suggest you definitely contact Vanguard & report what you think is a security breach attempt on your account. Sorry I answered so quickly without reading your question thoroughly enough!
__________________
“Change is the law of life. And those who look only to the past or present are certain to miss the future.”
-John F. Kennedy

“Hard work never killed anybody, but why take a chance?” - Edgar Bergen
martyb is online now   Reply With Quote
Old 08-23-2014, 10:37 AM   #10
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Sep 2005
Location: Northern IL
Posts: 18,264
Quote:
Originally Posted by martyb View Post
Hey, wait...just went back & re-read your OP. Since you say you know you haven't incorrectly answered the questions, I withdraw my previous reply and suggest you definitely contact Vanguard & report what you think is a security breach attempt on your account. Sorry I answered so quickly without reading your question thoroughly enough!
+1000 - A lot of people are missing this.

1) He said he has not entered wrong answers.

2) He said his username is very complex.

Put those together, and that means someone knows his complex username. How could that be? A keylogger is one explanation, and that is BAD.

I would take this very seriously, make sure my computer was clean, or better yet, do this from a known clean computer like a chromebook or something (boot linux from a flash drive, etc), and update all my important passwords and security questions - but not until I knew I was clean, or you might just be giving bad guys the new keys.

-ERD50
__________________
ERD50 is offline   Reply With Quote
Old 08-23-2014, 10:39 AM   #11
Thinks s/he gets paid by the post
mpeirce's Avatar
 
Join Date: Feb 2012
Location: Columbus area
Posts: 1,590
Quote:
Originally Posted by Chuckanut View Post
After you contact Vanguard, change the answers to your security questions to silly things.

If they want to know the mascot of your High School don't give the real answer - "porcupines". Instead come up with something really off the wall like "dragonducks". In this way even if somebody knows what high school you attended they still won't know your answer.
+1

I'd never answer a security question truthfully. There are just too many ways to figure out the real answer to many of these "security" questions.
__________________
mpeirce is online now   Reply With Quote
Old 08-23-2014, 11:33 AM   #12
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
TromboneAl's Avatar
 
Join Date: Jun 2006
Posts: 11,197
I just talked with a Vanguard rep. They showed that someone tried to log on with my user name yesterday, and failed to answer the security questions.

I've set things up so that my VG account can only be accessed from my computer in the future.
__________________
Al
TromboneAl is offline   Reply With Quote
Old 08-23-2014, 12:06 PM   #13
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Sep 2005
Location: Northern IL
Posts: 18,264
Quote:
Originally Posted by TromboneAl View Post
I just talked with a Vanguard rep. They showed that someone tried to log on with my user name yesterday, and failed to answer the security questions.

I've set things up so that my VG account can only be accessed from my computer in the future.
But how do you explain this:

Quote:
It isn't possible that someone entered my user name by mistake, because it is a random series of letters.
Aren't you concerned that they got your username through a keylogger on your system? How else can you explain this?

And if it is a keylogger, doesn't that mean everything you've entered passwords for is at risk? Not just Vanguard? Maybe all your data as well?

-ERD50
__________________
ERD50 is offline   Reply With Quote
Old 08-23-2014, 12:09 PM   #14
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Chuckanut's Avatar
 
Join Date: Aug 2011
Location: West of the Mississippi
Posts: 6,322
I would also do a quick check of my credit reports. Then freeze your accounts at the three credit bureaus along with getting copies of your credit reports.

I think you have to assume somebody has managed to get some information about you, and it may be a deliberate attack on your personal ID.
__________________
The worst decisions are usually made in times of anger and impatience.
Chuckanut is offline   Reply With Quote
Old 08-23-2014, 12:24 PM   #15
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 7,885
Quote:
Originally Posted by TromboneAl View Post
I just talked with a Vanguard rep. They showed that someone tried to log on with my user name yesterday, and failed to answer the security questions.

I've set things up so that my VG account can only be accessed from my computer in the future.
That's pretty scary stuff about someone trying to log on with your user name, especially since it was one that someone couldn't just guess.

I went ahead and updated my Vanguard challenge questions to make them harder to guess randomly. While I was at Vanguard, I noticed they have a voice verification system:

https://personal.vanguard.com/us/XHT...JumpPage.xhtml
__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is online now   Reply With Quote
Old 08-23-2014, 12:27 PM   #16
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
TromboneAl's Avatar
 
Join Date: Jun 2006
Posts: 11,197
Quote:
Originally Posted by ERD50 View Post
Aren't you concerned that they got your username through a keylogger on your system? How else can you explain this?
A key logger is unlikely. Note that I don't type the user name for the VG site. It is entered via my password system.

I've done complete scans without finding anything suspicious. I have realtime protection enabled. No one has access to my computer. Even if someone broke into our home, it is fingerprint/password protected.

My current hypotheses are:

1. A dictionary attack. Boris tried a succession of user names. My user name was only eight characters long.

2. The alert was actually a glitch on VG's end. There was no attempt.

3. I flaked out and did try to log on and got a security question wrong. Not likely, since this just happened yesterday.

I called VG back to see if they had a record of the answer attempts, but they did not. That information would have been useful.
__________________
Al
TromboneAl is offline   Reply With Quote
Old 08-23-2014, 12:29 PM   #17
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Chuckanut's Avatar
 
Join Date: Aug 2011
Location: West of the Mississippi
Posts: 6,322
Easysurfer, I looked at the Vanguard Voice Verification. As I read it is is a substitute for answering security questions when you phone. But, unless I am wrong, it is not a second form of verification. Still, it could be very useful especially for people who don't remember their answers.
__________________
The worst decisions are usually made in times of anger and impatience.
Chuckanut is offline   Reply With Quote
Old 08-23-2014, 12:34 PM   #18
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 7,885
Quote:
Originally Posted by Chuckanut View Post
Easysurfer, I looked at the Vanguard Voice Verification. As I read it is is a substitute for answering security questions when you phone. But, unless I am wrong, it is not a second form of verification. Still, it could be very useful especially for people who don't remember their answers.
After reading, I stuck with the regular security questions. Especially after reading about having to use the phone where I regularly call.
__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is online now   Reply With Quote
Old 08-23-2014, 12:35 PM   #19
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Chuckanut's Avatar
 
Join Date: Aug 2011
Location: West of the Mississippi
Posts: 6,322
I may be wrong, but most financial institutions usually will require one to answer a security question when they try to logon from a new and/or unfamiliar computer. Even if the logon ID and password are correct.

Doesn't Vanguard offer this feature? That and truly unknowable answers to security question would go far in keeping Boris from Babushkin out of one's account.
__________________
The worst decisions are usually made in times of anger and impatience.
Chuckanut is offline   Reply With Quote
Old 08-23-2014, 12:37 PM   #20
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Chuckanut's Avatar
 
Join Date: Aug 2011
Location: West of the Mississippi
Posts: 6,322
If nothing else this thread will help keep us all on our toes:

Financial firms not offering two factor authentication | Computerworld Blogs

This guy is big on using a Chromebook for security

http://blogs.computerworld.com/data-...authentication

Quote:
Perhaps the biggest safety factor that Chrome OS offers is that the end user can't screw things up. Software updates can't be ignored or postponed. Malicious software can't be installed. This is H-U-G-E. Really huge. And, it's above and beyond the advantages that Linux already brings to the table such as kissing antivirus software goodbye.

On top of that, Google has beefed up the Defensive Computing in Chrome OS with features such as sandboxing, verified boot and a recovery mode. In addition, all files stored locally are encrypted and accessible to only one user.
__________________

__________________
The worst decisions are usually made in times of anger and impatience.
Chuckanut is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
The Great Reset Charlie_Boy FIRE and Money 3 09-12-2010 03:46 PM
Will the "great reset" cause the masses to embrace FI(RE)? Gerbil Wheel Young Dreamers 78 09-12-2010 12:55 PM

 

 
All times are GMT -6. The time now is 07:53 PM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.