New Vanguard Security System

[ferco]

Have anyone had any problems with the new Vanguard online security system when using a computer other than your own to log on. I'd had the unfortunate experience when using a outside computer. Vanguard asked me different security questions than the ones originally used to set up the system. When I "failed" the questions, they locked my access. The acct person said they've been having problems with the new system but none in which the questions were changed.

Any similar experiences?

 

[Tom57]

I have never had the problem you described of the Vanguard Security system asking me a security question which I had not previously selected and answered.
I routinely log on to Vanguard when traveling. Whether it be a cruise ship (December), another US city (Philadelphia, November), a foreign country (Belgium September) I answer the security question and get access.

 

[scrinch]

No problem here the one time I accessed my account from a different computer.

 

[uncledrz]

No problem here from home or other computer.

 

[d]

ditto

 

[Sisyphus]

No problems here, but I would encourage you to contact Vanguard with this issue. I am sure they would appreciate knowing about any issues and could maybe give you some more direct answers about why this might be happening.

Good luck!

 

[bbuzzard]

Many of you know this, but just in case. You should think long and hard before accessing a financial account from a computer that you do not control. The security built into the website does nothing to prevent malicious software installed on the computer from recording your user name and password. While I would never use a public computer on a cruise ship or hotel, at a minimum you should (if using a windows computer) use the on screen keyboard to enter your user name and password. You should then change your password as soon as you get home. Better yet, leave your account alone until you get home unless you have the knowledge to boot the computer from a UNIX based bootable CD such as Knoppix or TinFoil Hat. TinFoil hat even protects against hardware keyloggers.

 

[kramer]

It is not even clear if an on-screen keyboard helps -- that is probably making the same Windows API calls as the keyboard driver to send the actual keystrokes to the operating system internals. In other words, if the logger is low level enough, and it probably is, any such input is traceable. Also, if the browser itself is compromised, it doesn't matter, either.

Two steps that are not perfect but that I think help a lot and are pretty simple:

1) Run your own browser software off your portable USB key for secure sites (see portableapps.com page)
2) Never enter keyboard strokes in order, use your mouse to enter in various sequences. Not just for brokerage accounts but for email accounts, too.

These two together still are not fullproof, but I think help a lot. Nothing is fullproof if you do not control the client completely. Personally, I plan to use my own PDA for this. Also, if you are using wireless, make sure that your account has some kind of customizable visual image, so the sight can't be spoofed (after entering user name, "your" image appears, before you enter password).

Just like SPAM, I expect this problem to get worse and worse. I don't see how you can ignore it, unfortunately.

Kramer

 

[Spanky]

If security is of concern, boot Linux OS and all software from the USB drive.

 

[Goonie]

I just had the same situation last night at ING. Had to call their 800 #, to get help.

Fortunately I found out I was just a dumb-*ss dislexic. I mis-typed my cutomer number (twice), and got someone else's security questions (for the acct # I typed in). What a dufus I am!!!

 

[kramer]

If security is of concern, boot Linux OS and all software from the USB drive.

My understanding is that this can be problematic and that you need a certain BIOS level for this to work off USB and also the Linux OS once booted needs to be configured correctly to work on that particular network and plus the cafe owner has to allow this and the original system has to be set up with reboot privileges for you or you need to manually (and unsafely) power it down? But I don't have any personal experience. It seems worth exploring.

Kramer