Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
Old 08-15-2015, 09:36 AM   #21
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
NW-Bound's Avatar
 
Join Date: Jul 2008
Posts: 19,406
Quote:
Originally Posted by prototype View Post
I have no idea how I would react if I logged into my Vanguard Account and saw all my accounts were all $0.00.
Some years ago, I read about a hacker who did not transfer money out of a victim's account, but used it for shill trading a penny stock. And that was how he got caught.

So, if you log in and find yourself a sudden owner of a million shares of some unknown mom-and-pop Canadian gold mining companies, you know what happened.
__________________

__________________
"Old age is the most unexpected of all things that can happen to a man" -- Leon Trotsky
NW-Bound is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 08-15-2015, 09:59 AM   #22
Thinks s/he gets paid by the post
Cobra9777's Avatar
 
Join Date: Jul 2012
Location: Texas
Posts: 1,132
Quote:
Originally Posted by GTFan View Post
The last thing I want is hardware tokens for every account that I have to keep up with. Two-factor auth using your phone is good enough, methinks.
+1 We use the VIP Access app for our Fidelity account login. I see no need for an additional piece of hardware. We also use an encrypted password database to generate random user IDs and passwords that conform to the maximum strength allowed by each financial institution, and these are changed every 90 days. We also use random words as answers to each security question. We don't use the correct answers, which often can be easily discovered, and then used to change or reset the login credentials.
__________________

__________________
Retired at 52 in July 2013. On to better things...
AA: 55% stock, 15% real estate, 27% bonds, 3% cash
WR: 2.0% SI: 2 pensions, some rental income, SS later
Cobra9777 is online now   Reply With Quote
Old 08-15-2015, 10:21 AM   #23
gone traveling
 
Join Date: Sep 2013
Posts: 1,248
Quote:
Originally Posted by GTFan View Post
The last thing I want is hardware tokens for every account that I have to keep up with. Two-factor auth using your phone is good enough, methinks.
You just need single hardware token my friend

For example from E*Trade. Then you call Fidelity/Schwab and configure your Fidelity or Schwab account to use same Hardware Key.

I don't trust iphone. I rather have hardware key hanging on my keychain that nobody can hack into.
__________________
eta2020 is offline   Reply With Quote
Old 08-15-2015, 10:27 AM   #24
gone traveling
 
Join Date: Sep 2013
Posts: 1,248
Quote:
Originally Posted by Cobra9777 View Post
+1 We use the VIP Access app for our Fidelity account login. I see no need for an additional piece of hardware. We also use an encrypted password database to generate random user IDs and passwords that conform to the maximum strength allowed by each financial institution, and these are changed every 90 days. We also use random words as answers to each security question. We don't use the correct answers, which often can be easily discovered, and then used to change or reset the login credentials.
Well it just is easier to have single hardware key then bunch of ups (one per account) running in your mobile device.

(Looks more secure to me as well since I can not see you can hack RSA key) This is my opinion as Software Engineer
__________________
eta2020 is offline   Reply With Quote
Old 08-15-2015, 10:36 AM   #25
Thinks s/he gets paid by the post
Cobra9777's Avatar
 
Join Date: Jul 2012
Location: Texas
Posts: 1,132
Quote:
Originally Posted by eta2020 View Post
Well it just is easier to have single hardware key then bunch of ups (one per account) running in your mobile device.

(Looks more secure to me as well since I can not see you can hack RSA key) This is my opinion as Software Engineer
We only have one app for all our accounts.
__________________
Retired at 52 in July 2013. On to better things...
AA: 55% stock, 15% real estate, 27% bonds, 3% cash
WR: 2.0% SI: 2 pensions, some rental income, SS later
Cobra9777 is online now   Reply With Quote
Old 08-15-2015, 12:03 PM   #26
Thinks s/he gets paid by the post
 
Join Date: May 2008
Posts: 3,412
Easy to lose those little RSA keys.

Phone can be tracked or even wiped, locked out when lost.
__________________
explanade is offline   Reply With Quote
Old 08-15-2015, 12:06 PM   #27
Thinks s/he gets paid by the post
mpeirce's Avatar
 
Join Date: Feb 2012
Location: Columbus area
Posts: 1,587
Quote:
Originally Posted by eta2020 View Post
...since I can not see you can hack RSA key...
Nothing is fool proof...

State Department Trashed 30,000 Log-in Key Fobs After Hack - Nextgov.com

Never depend on the 100% invincibility of any solution. But do practice reasonable measures to secure your accounts.
__________________
mpeirce is online now   Reply With Quote
Old 08-15-2015, 12:32 PM   #28
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
NW-Bound's Avatar
 
Join Date: Jul 2008
Posts: 19,406
Quote:
Originally Posted by mpeirce View Post
Nothing is fool proof...

State Department Trashed 30,000 Log-in Key Fobs After Hack - Nextgov.com

Never depend on the 100% invincibility of any solution. But do practice reasonable measures to secure your accounts.
The above article has this:

Whenever a threat actor uses a "rootkit," a worm that allows hackers to mask virtually all their activity, investigations become incredibly difficult, at times impossible, said Dickson, also a principal at cyber consulting firm Denim Group.


This points to a major flaw of the OS. They made it so complicated that they could not tell what pieces of software belong and what does not. Bad, bad programmers!
__________________
"Old age is the most unexpected of all things that can happen to a man" -- Leon Trotsky
NW-Bound is offline   Reply With Quote
Old 08-15-2015, 12:40 PM   #29
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Apr 2013
Posts: 5,574
Quote:
Originally Posted by mpeirce View Post
Nothing is fool proof...

State Department Trashed 30,000 Log-in Key Fobs After Hack - Nextgov.com

Never depend on the 100% invincibility of any solution. But do practice reasonable measures to secure your accounts.
+1
Megacorp had to replace all theirs too. They also had a notion of a master password, don't know if it was device specific or global to their implementation. That always made me a little sceptical.
__________________
MRG is online now   Reply With Quote
Old 08-15-2015, 01:14 PM   #30
gone traveling
 
Join Date: Sep 2013
Posts: 1,248
Quote:
Originally Posted by mpeirce View Post
Nothing is fool proof...

State Department Trashed 30,000 Log-in Key Fobs After Hack - Nextgov.com

Never depend on the 100% invincibility of any solution. But do practice reasonable measures to secure your accounts.
I agree but Two-factor authentication is about as secure as it gets.

You just do your best.
__________________
eta2020 is offline   Reply With Quote
Old 08-19-2015, 01:51 PM   #31
Recycles dryer sheets
 
Join Date: Jul 2013
Posts: 129
If someone got into an account I would think it would be hard to get the money out and sent to the hacker. Wouldn't the broker require a letter with wire instructions and would the broker send to funds to a name other than the account holder?
May be a good idea to leave instructions that funds should never be wired unless I call and answer certain questions.
__________________
Refresher is offline   Reply With Quote
Old 08-20-2015, 08:12 PM   #32
Confused about dryer sheets
 
Join Date: Apr 2015
Posts: 6
For long passwords that are relatively easy to memorize, consider the xkcd Password Generator.


Sent from my iPhone using Early Retirement Forum
__________________
KarenC is offline   Reply With Quote
Old 08-20-2015, 11:54 PM   #33
Recycles dryer sheets
 
Join Date: Jan 2015
Posts: 170
Can someone recommend a good password app?

Sent from my EVO using Early Retirement Forum mobile app
__________________
Dreaming of Freedom is offline   Reply With Quote
Old 08-21-2015, 07:03 AM   #34
Full time employment: Posting here.
GTFan's Avatar
 
Join Date: Apr 2013
Location: Atlanta
Posts: 636
Password Safe

I use it for all of our financial stuff. Note that you absolutely MUST keep multiple backup copies of your safe (data file) on different devices because if you lose or trash your safe it's going to be a bad day. Mine creates totally random passwords with mixed case, numbers, special chars etc. so you never care what the PW is for a site, you just copy and paste it from the safe using your master safe password.

So if you lose the safe, you've lost all your passwords.
__________________
GTFan is offline   Reply With Quote
Old 08-21-2015, 08:46 AM   #35
Thinks s/he gets paid by the post
Cobra9777's Avatar
 
Join Date: Jul 2012
Location: Texas
Posts: 1,132
I use Password Safe as well. First installed it over 10 years ago. Since then, I have no idea what any of my user IDs or passwords are, except of course the master password for the safe. I just copy/paste or drag/drop from the database to the browser. Logging on is incredibly fast. As I said before, my user IDs and passwords are randomly generated to conform to the maximum strength allowed by each login site. I also store security questions and answers and other useful data like PINs, contact names, phone numbers, and URLs.

Every time I add or change something, I immediately backup the data file and copy it to a second PC as well as my Android smartphone where I run the mobile version of Password Safe.
__________________

__________________
Retired at 52 in July 2013. On to better things...
AA: 55% stock, 15% real estate, 27% bonds, 3% cash
WR: 2.0% SI: 2 pensions, some rental income, SS later
Cobra9777 is online now   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Vanguard or Schwab????? Watertree FIRE and Money 26 02-18-2014 08:34 AM
Schwab vs. Fidelity vs. Vanguard panacea FIRE and Money 21 10-04-2011 09:46 PM
Vanguard, Fidelity or Schwab? Midpack FIRE and Money 3 11-13-2010 08:18 AM
who is better - schwab, fidelity or vanguard bobbee25 FIRE and Money 28 03-10-2009 05:49 PM
Vanguard vs. Fidelity vs. Schwab vs. etc. etc. Mikedb Hi, I am... 2 10-08-2008 10:03 PM

 

 
All times are GMT -6. The time now is 05:14 PM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.