Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
Computer and Identity Security
Old 07-18-2019, 08:16 AM   #1
Full time employment: Posting here.
 
Join Date: Jul 2009
Posts: 684
Computer and Identity Security

This has been a complex topic - from the beginning.

Was considering ways to both secure my computers, online access process, and identify ... what are the great ways others have done this?

My current "system" -
1. Mac laptops, Apple iPads, Apple iPhones
2. Safari web browser
3. Backup on Apple iCloud
4. Backup on separate hard drives from drives on the laptops
5. Keep everything everywhere - i.e. I do not have financial information on a special drive
6. Have accounts with Fidelity, Vanguard, BBT (soon to be "Truist"), and Navy Federal

Thanks!
__________________

stephenson is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 07-18-2019, 08:39 AM   #2
Confused about dryer sheets
 
Join Date: Jul 2019
Location: Hartford County, CT
Posts: 9
Computer and Identity Security. Important stuff.

1) I use a Password Vault (there are a bunch out there for small fees) with complex passwords for all financial websites. 30+ password length. Change every few months. These tools let you copy them into the website automatically so you don't need to type. However, you are trusting that your Master Password is very strong and trusting the password tool vendor. I use one with MFA.
2) Multi-Factor Authentication (MFA) turned for all websites if offered. Apple and Google have it. Schwab has it. More and more having it. Use it.
3) Backup using Carbonite. But other vendors are good as well.
4) Browsers - keep up with the latest updates for any browser you use.
5) Operating Systems - keep up with the latest updates for any OS you use.
6) I print my statements once a quarter, in case my financial vendor fails in their security planning.
7) Don't click on e-mail links you don't know. E-mail Phishing is the biggest hack of all.
__________________

PJHawk is offline   Reply With Quote
Old 07-18-2019, 10:20 AM   #3
Moderator
MBAustin's Avatar
 
Join Date: Jul 2010
Posts: 5,416
That's a good start. We have two hard drives for backups that we alternate - one is active and the other is in our safe deposit box.

I'm also a big fan of using DuckDuckGo as my default search engine instead of you-know-what.

In addition to not clicking on e-mail links you're not 100% certain are legit, don't open any attachments that you aren't expecting. Be wary of links and attachments that appear to be from people you know - address spoofing is rampant.
__________________
"One of the funny things about the stock market is that every time one person buys, another sells, and both think they are astute." William Feather
----------------------------------
ER'd Oct. 2010 at 53. Life is good.
MBAustin is offline   Reply With Quote
Old 07-18-2019, 10:28 AM   #4
Full time employment: Posting here.
The Cosmic Avenger's Avatar
 
Join Date: May 2016
Location: Mid-Atlantic
Posts: 635
Good tips from PJHawk.

1) I'll second a reliable and reputable password app; I use Lastpass, and have it generate random passwords for every account for me, so my passwords can't be guessed from personal information, and knowing one doesn't help with any others. I'll save you the technical details, but LP is very secure, more so than having a browser save passwords, or writing them down.

2) I also turn on two-factor authentication (2FA) wherever it is available, which is all my financial accounts. It is a slight pain to open an app or wait for a text, but that's incredibly minor compared to the pain of account breaches or identity theft.

3) I keep most of my non-sensitive data on Dropbox, and more sensitive data on Google Drive, both with 2FA and local backups.

4) Very important, and be careful with add-ons or extensions, and on that note, don't authorize too many games or apps on Facebook either, if you keep any personal information on there. (see #7 for more)

5) 'nuff said.

6) I keep PDFs of my documents, because I hate paper, but that's just me. I do NOT recommend this approach or #3 if you are not sure about securing your computers and your home network.

7) This also applies to browsers. If your browser is not secure, everything you do on that computer could be compromised. I recommend an ad blocker and a script blocker, such as AdBlock or AdBlock Plus, and NoScript and/or Privacy Badger. Malicious ads can run scripts that are basically malware through your browser, and compromise your computer, even if you never click on the ad. It's true that clicking on strange links is more risky, but browsing websites with an unprotected, insecure browser is almost as bad. And even reputable websites can have malicious ads appear on them through ad network/affiliate programs.

Sorry that last one was so long, but IMO it's the most neglected part of individual cybersecurity.


EDIT: Of course, as soon as I finish commenting here and go to read the Washington Post, the first article that catches my eye is "I found your data. It’s for sale.", about malicious and insecure browser extensions.
__________________
Looking to FIRE in the mid-2020s, which would be our mid-50s.
The Cosmic Avenger is offline   Reply With Quote
Old 07-18-2019, 10:40 AM   #5
Full time employment: Posting here.
The Cosmic Avenger's Avatar
 
Join Date: May 2016
Location: Mid-Atlantic
Posts: 635
Oh, since "identity security" was mentioned, some meatspace precautions, too:


1) Shred all sensitive documents (banking, etc) that you are not keeping. If you do not want to buy a shredder, some places have public shredding dropoff events. (Possible security risk, but here they're usually sponored/held by local government, and the companies doing the actual shredding are very reputable, like Iron Mountain.)


2) If you do not have any plans to take out a loan in the near future, put a credit freeze on at all FOUR agencies (Experian, Equifax, Transunion, and Innovis, which most people forget about). This will prevent any accounts from being opened in your name without the freeze being lifted.
__________________
Looking to FIRE in the mid-2020s, which would be our mid-50s.
The Cosmic Avenger is offline   Reply With Quote
Old 07-18-2019, 10:47 AM   #6
Thinks s/he gets paid by the post
Rianne's Avatar
 
Join Date: Aug 2017
Location: Champaign
Posts: 1,943
Use an iMac.
-Always clear cookies and history
-Set in security, only accept apple downloads unless I approve
-Use Malwarebytes by Macabee, suggested by Applecare
-close all applications after every use.
-Use Lastpass and 2FA
-Shut down when things look unusual. For instance, once in awhile websites stick or the rainbow keeps churning. Applecare suggestion.
-Delete most e-mails without opening. They don't follow my instructions to stop sending them, so they get deleted without even opening.
-Rarely click on links
-Use Adblocks, this hurts when a good article won't open b/c of the block. I've found if you read the news through google news, they let you read the article.
__________________
"If you want to go fast, go alone. If you want to go far, go together.
Rianne is offline   Reply With Quote
Old 07-18-2019, 11:18 AM   #7
Moderator
Jerry1's Avatar
 
Join Date: Nov 2014
Posts: 2,670
So, I’m looking at some of these cloud storage options and they are expensive. Seems like I could buy a couple external hard drives and store them off site cheaper and be just as effective. What is the advantage of cloud storage versus a couple hard drives and storage offsite? I’m thinking I could get two drives and swap them on a regular basis with one of my daughters and take one from them so we all have off site backup. Am I missing something other than convenience?
__________________
Every day when I open my eyes now it feels like a Saturday - David Gray
Jerry1 is offline   Reply With Quote
Old 07-18-2019, 11:25 AM   #8
Full time employment: Posting here.
The Cosmic Avenger's Avatar
 
Join Date: May 2016
Location: Mid-Atlantic
Posts: 635
Quote:
Originally Posted by Jerry1 View Post
So, I’m looking at some of these cloud storage options and they are expensive. Seems like I could buy a couple external hard drives and store them off site cheaper and be just as effective. What is the advantage of cloud storage versus a couple hard drives and storage offsite? I’m thinking I could get two drives and swap them on a regular basis with one of my daughters and take one from them so we all have off site backup. Am I missing something other than convenience?
Security and reliability.

Dropbox and Google have much better security than we could possibly afford as individuals, plus distributed data centers with duplicate failovers. The reliability part we could probably live with, as only enterprise systems need 99.99+% uptime; we peons can live with an occasional inconvenience. But the security part is where it's at. Can you encrypt your data, provide up-to-date SSL certificates, and offer two-factor authentication?

Of course, if you're hosting just, say, a media server, or some other non-sensitive data, you might not care about security.

If you're just talking about backups, sure, that would work, as your data would probably never be exposed outside your home networks, and the only inconveniences are 1) having to wait for the physical backup to be relocated and restored, 2) only having backups as recent as the last time you swapped disk drives, 3) not having immediate online access to specific files you may have accidentally deleted or overwritten (not as big as the first two, but I've used that feature a few times on both Carbonite and Dropbox).
__________________
Looking to FIRE in the mid-2020s, which would be our mid-50s.
The Cosmic Avenger is offline   Reply With Quote
Old 07-18-2019, 01:29 PM   #9
Moderator Emeritus
braumeister's Avatar
 
Join Date: Feb 2010
Location: Flyover country
Posts: 13,237
Quote:
Originally Posted by The Cosmic Avenger View Post
O2) If you do not have any plans to take out a loan in the near future, put a credit freeze on at all FOUR agencies (Experian, Equifax, Transunion, and Innovis, which most people forget about).
Also ChexSystems, which even more forget about.
__________________
I thought growing old would take longer.
braumeister is offline   Reply With Quote
Old 07-18-2019, 02:29 PM   #10
Moderator
Jerry1's Avatar
 
Join Date: Nov 2014
Posts: 2,670
Quote:
Originally Posted by The Cosmic Avenger View Post

If you're just talking about backups, sure, that would work, as your data would probably never be exposed outside your home networks, and the only inconveniences are 1) having to wait for the physical backup to be relocated and restored, 2) only having backups as recent as the last time you swapped disk drives, 3) not having immediate online access to specific files you may have accidentally deleted or overwritten (not as big as the first two, but I've used that feature a few times on both Carbonite and Dropbox).
I'm still learning my way through this. I'm one of those who are lucky to have a backup period. But, I think getting something off site is important because I think one of the more likely catastrophes is someone breaking into my house and stealing my computer and finding the backup drive. Probably the second biggest risk for me after just a physical breakdown of the disk.

I'm not sure why I would need a cloud service, unless I ran a small network in my house and wanted to use files from anywhere in the world where there's an internet connection. I don't run a network and I've never needed a file while away from home.

I noticed that iDrive had 5GB for free. I may take a couple critical files and store them there for free. Something like my last couple tax returns and my quicken file and some PDF's of my statements. Kind of belts and suspenders, but won't hurt and I'll learn about this service in the process.
__________________
Every day when I open my eyes now it feels like a Saturday - David Gray
Jerry1 is offline   Reply With Quote
Old 07-18-2019, 02:40 PM   #11
Thinks s/he gets paid by the post
ExFlyBoy5's Avatar
 
Join Date: May 2013
Location: Country Living
Posts: 3,324
Quote:
Originally Posted by Jerry1 View Post
But, I think getting something off site is important because I think one of the more likely catastrophes is someone breaking into my house and stealing my computer and finding the backup drive. Probably the second biggest risk for me after just a physical breakdown of the disk.

I'm not sure why I would need a cloud service, unless I ran a small network in my house and wanted to use files from anywhere in the world where there's an internet connection. I don't run a network and I've never needed a file while away from home.

I noticed that iDrive had 5GB for free. I may take a couple critical files and store them there for free. Something like my last couple tax returns and my quicken file and some PDF's of my statements. Kind of belts and suspenders, but won't hurt and I'll learn about this service in the process.
Natural disasters. Fires. Floods. Lots of reasons to have data backed up in a remote location. We have a backup drive that is kept in a firebox that is also in a F-5 rated tornado shelter. Probably pretty safe there but there have been occasions when even a bank safe deposit box had issues and contents were lost. So, we have additional copies of pretty important stuff in "the cloud" which as I understand, usually backed up in several locations.

Nonetheless, even though Google does encrypt the info, it's not a bad idea to do your OWN encryption prior to uploading it to the cloud.
__________________
Retired in 2014 at the Ripe Age of 40
Founder and Head Lounger @ The Life of Leisure Institute
ExFlyBoy5 is offline   Reply With Quote
Old 07-18-2019, 02:55 PM   #12
Thinks s/he gets paid by the post
ExFlyBoy5's Avatar
 
Join Date: May 2013
Location: Country Living
Posts: 3,324
Doing some catch up on this subject, it looks like physical keys are actually pretty good and require inserting a physical key into a computer to access info from sites like Google, Facebook, Dropbox, and others. Some search terms you can use to further gain understanding:

-Titan Security Key
-U2F Security Keys

More recent technology: https://en.wikipedia.org/wiki/WebAuthn
__________________
Retired in 2014 at the Ripe Age of 40
Founder and Head Lounger @ The Life of Leisure Institute
ExFlyBoy5 is offline   Reply With Quote
Old 07-18-2019, 02:56 PM   #13
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
imoldernu's Avatar
 
Join Date: Jul 2012
Location: Peru
Posts: 6,218
I confess to being dumb as a rock when it comes to internet security.

Coming from the other side, how does a "crook" actually access my assets, even if he has my personal information? (other than some minimum dollar limits on my accounts). Maybe a website that explains... instead of having to write a long post.

I do have copies of all important papers on external drives.
__________________
We grow too soon old, and too late smart-
Old Dutch saying
imoldernu is offline   Reply With Quote
Old 07-18-2019, 03:21 PM   #14
Full time employment: Posting here.
The Cosmic Avenger's Avatar
 
Join Date: May 2016
Location: Mid-Atlantic
Posts: 635
Quote:
Originally Posted by imoldernu View Post
I confess to being dumb as a rock when it comes to internet security.

Coming from the other side, how does a "crook" actually access my assets, even if he has my personal information? (other than some minimum dollar limits on my accounts). Maybe a website that explains... instead of having to write a long post.

I do have copies of all important papers on external drives.

They can run up debt in your name and then disappear, and if you search the internet for "identity theft" you'll come up with nightmare stories from victims who have trouble clearing their name. They have to prove that the person who gave all this information is NOT them, and in the meantime, credit worthiness may be affected, assets can be frozen...


And if they can figure out how to access your actual accounts, obviously they could set up a wire transfer and steal your money. Remember, a lot of banks used to use information like "mother's maiden name" to verify your identity on the phone, after which they'd let you do anything with your account. Detailed personal information can often be used to guess or circumvent passwords.
__________________

__________________
Looking to FIRE in the mid-2020s, which would be our mid-50s.
The Cosmic Avenger is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
(FAQ) Identity theft, online security, privacy MichaelB Early Retirement FAQs 5 05-07-2019 06:21 AM
Identity Security anyone? Bogie Life after FIRE 5 07-12-2014 10:33 PM
Old Computer to New Computer...Help! MovingtotheCove Other topics 3 09-18-2010 12:58 PM
Identity Theft at eBay and PayPal SamHouston FIRE and Money 70 09-08-2007 02:03 PM

» Quick Links

 
All times are GMT -6. The time now is 02:13 AM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2019, vBulletin Solutions, Inc.