Tablet devoted solely to financial programs

[Z3Dreamer]

My email was hacked recently. I suffered no loss, but it was a pain as they used my email to tell various financial websites that I "forgot" my use id then my password. They got into paypal, and purchased some electronic gift cards. $88 worth but paypal reversed them. They tried to get into my H.S.A. but were unsuccessful. At that point I changed every password and ratcheted up on my security. The 2 step verification stopped them good. What I mean is that when they logon for the first time from a new device, the financial company sends a code to my cell phone. This thwarted much of their efforts.

Anyhow, yesterday we purchased a tablet we are devoting just to bank, H.S.A., brokerage, IRA, etc. We also set up a new google account and email just for this purpose. We will do nothing on this tablet but finances.

Email address of record for all of our accounts is now this new gmail account. Passwords are written down in a secure location as well as stored on this device.

Many more little details that I won't bother you with. But has anyone done this and were you happy with the results?

Maybe this should be in Fire and Money?

 

[CoolRich59]

IMO, a separate device is not going to make a difference. Your problem was weak security - which you've partially solved. I think two-factor authentication and strong passwords should take care of your problem.

I use a password generator (Bitwarden). For my bank, brokerage, credit cards, and any other financial sites, I generate 20-character long passwords made up of letters, numbers, and special characters that would take some serious effort to break.

When I'm out, I also try to use Apple Pay instead of my credit cards so that my card number is not exposed.

EDIT: Passwords are written down in a secure location as well as stored on this device.
I forgot to mention that I think this is not a good idea, especially storing them on your device.

 

[Alan]

The only thing I would add to the changes the OP has made is to be sure to turn on 2 factor authentication on the new GMail account. My GMail account uses Google Authenticator, and is needed the first time I access my email account from a new device. Authenticators are better than codes to a cell phone because SIM cards can be spoofed without access to the physical card or phone.

https://www.vice.com/en_us/article/vbqax3/hackers-sim-swapping-steal-phone-numbers-instagram-bitcoin

 

[atmsmshr]

My email was hacked recently. I suffered no loss, but it was a pain as they used my email to tell various financial websites that I "forgot" my use id then my password. They got into paypal, and purchased some electronic gift cards. $88 worth but paypal reversed them. They tried to get into my H.S.A. but were unsuccessful. At that point I changed every password and ratcheted up on my security. The 2 step verification stopped them good. What I mean is that when they logon for the first time from a new device, the financial company sends a code to my cell phone. This thwarted much of their efforts.

Anyhow, yesterday we purchased a tablet we are devoting just to bank, H.S.A., brokerage, IRA, etc. We also set up a new google account and email just for this purpose. We will do nothing on this tablet but finances.

Email address of record for all of our accounts is now this new gmail account. Passwords are written down in a secure location as well as stored on this device.

Many more little details that I won't bother you with. But has anyone done this and were you happy with the results?

Maybe this should be in Fire and Money?

I did the same thing two months ago.

 

[Aerides]

I doubt the device is the cause/solution, but dedicated email accounts is a good idea. Google will save the pw's for you which is nice, but I confess I have to keep a hard copy in a safe/separate place too.

What's the alternative? Remembering everything? pfft, I've failed that test more times than I care to share...

 

[ERD50]

The only thing I would add to the changes the OP has made is to be sure to turn on 2 factor authentication on the new GMail account. My GMail account uses Google Authenticator, and is needed the first time I access my email account from a new device. Authenticators are better than codes to a cell phone because SIM cards can be spoofed without access to the physical card or phone.

https://www.vice.com/en_us/article/vbqax3/hackers-sim-swapping-steal-phone-numbers-instagram-bitcoin

Related to all this, is 2-factor authentication any good if I lose my device (and have not been able to remotely turn it off or reset it yet)? Seems to me, they have the device that gets the code, so they get in.

I guess it protects against all other attempts, but that is a weakness, correct?

... but I confess I have to keep a hard copy in a safe/separate place too.

What's the alternative? Remembering everything? pfft, I've failed that test more times than I care to share...

I've shared a system that I have used for years (6 years now), and it keeps working for me. It's very simple, works for everything, and you can write down a secure version and keep it right by your computer, or stored on your device with no worries. From my 3 year old post:

http://www.early-retirement.org/forums/f27/online-passwords-82241.html#post1741973

But I've been using a simple system for ~ 3 years that works for me.

... For sites where I have a concern, I use use a common prefix and a common suffix for all. This makes it easy to remember, and adds plenty of complexity. For each site, I add a unique middle set of chars that are easy to remember. Example:

Common prefix APPLE123 --- Common Suffix zebra789

So local bank might be:

APPLE123lclb$zebra789

If my broker was Schwabb, it might be:

APPLE123swbzebra789

etc. I can add any special char requirements to the word. Nice thing about this, I can keep a low tech piece of paper with my passwords on it, even in my wallet, and it is secure. It would look like this:

mybank --- lclb$ ---
stocks --- swb ---
online bank --- olb$
Fidelity Credit Card --- fcc ---

See, not enough info there to give it away. All I need to remember are my prefix and suffix 'keys'. I can even write those down somewhere where the connection would not be made.

Works for me.

-ERD50

-ERD50

 

[Mdlerth]

Some money houses can't swallow a tablet

I've had difficulty accessing brokerage and credit union accounts online using a tablet. The site will open, but then sit there "thinking" forever.

For some reason, laptops don't have the same difficulty. Don't know why.

 

[jim584672]

I would worry more about the OS and not the physical device. Windows has always had security problems due to bad design and it being a big target. It also sends info back to Microsoft as telemetry, which is a big problem for me, since no one knows what is being sent back. Closed source OSes, like Windows, have no way for the source code to be reviewed by third parties, which means you are at the mercy of Microsoft as to whether to trust them, which I don't.

I would look at open source OSes as a starting point. Then apply things like whole disk encryption, smart password management, physical security, and 2FA.

 

[Chuckanut]

The only thing I would add to the changes the OP has made is to be sure to turn on 2 factor authentication on the new GMail account. My GMail account uses Google Authenticator, and is needed the first time I access my email account from a new device. Authenticators are better than codes to a cell phone because SIM cards can be spoofed without access to the physical card or phone.

https://www.vice.com/en_us/article/vbqax3/hackers-sim-swapping-steal-phone-numbers-instagram-bitcoin

+1

Alan is spot-on about SIM cards. They are certainly better than no 2FA, but an authenticator is far better.

 

[easysurfer]

I wouldn't have the self-discipline to have a device dedicated just for finances. Plus, as Jim mentioned, the OS may be more vulnerable than the device itself.

When I travel, I bring along a laptop (along with phone). The laptop I used to remotely connect to my desktop at home were all my data and majority of my passwords are located using a password manager. The laptop is password protected.

This way, if my laptop gets lost or stolen, at least I won't have all my data on the device and I can still use my laptop to connect to the mothership .

 

[Alan]

Related to all this, is 2-factor authentication any good if I lose my device (and have not been able to remotely turn it off or reset it yet)? Seems to me, they have the device that gets the code, so they get in.

I guess it protects against all other attempts, but that is a weakness, correct?


-ERD50

If you lose your 3rd party device then you can’t get in and neither can a thief unless they know the passcode for the 3rd party authenticator.

With HSBC I had a credit card sized device that required me to enter an 8 digit passcode to generate the authentication code. For HSBC customers with smartphones including myself now the option is there to use the HSBC app as the 3rd party authenticator so if I lose my iPhone the thief would first have to break into the phone and then access the app using Face ID or the multi character passcode.

Same goes with the Google authenticator app.

 

[Chuckanut]

The trick is to have two of the little 'key' devices. Many sites allow the use of more than one. If you lose one, get on the website and just remove it from the list of authorization methods for 2FA uses.

Non of this is perfect. And all of it is extra work.

 

[badatmath]

I do something similar to what ERD50, using consistent "rules" then change up a few things which are noted with either characters or hints. I work in IT, I don't trust pw generators.

 

[NW-Bound]

I have done something similar to ERD50's method. The password fragments that vary between accounts are stored in a file on a cloud.

However, that file is encrypted, and accessible only from 2 physical devices: my smartphone and my laptop.