iPad versus a finances only computer

[Chuckanut]

I heard some interesting advice the other day intended to protect us from thieves stealing our financial assets and identity.

The first option was to have a special computer just for financial use - transactions, checking balances and keeping encrypted records. No emailing, web surfing, game playing and no other users except for those we share our assets with. Of course, all security fixes are applied, anti-malware software is used, etc.

The second option is to use an iPad (due to Apple's more controlled environment), and only use the apps provided by the financial institution. Never use the iPad browser for accessing financial systems just the official app downloaded from the App Store. But, the iPad could be used for other thing like web browsing, etc. unlike the computer. The idea is that if one keeps his password and other ID data secret any violation of accounts and their information must be due to a fault in the app. Thus it is the financial institutions problem and they are responsible to make us whole.

Regardless of the above options avoid connecting to one's financial accounts on an unknown network. But if one must, such as while away from home, data from the iPad would be more secure.

I have heard that iPad is inherently more secure than the normal PC including Macs. My research backs this up but I am certainly not a computer or network security expert.

Any thoughts on this?

 

[rbmrtn]

I think there was a thread a while back discussing this. Another option I have used before is a linux system on a USB stick. Plug it in, boot off the stick and do what you need to do, shutdown and remove the stick. You can pretty much boot any computer you have access to this way.

The ipad is more secure probably because root access is not available ( without some tweaking ). Don't run your windows PC with administrator rights will accomplish the same thing.

 

[Al in Ohio]

I think it's a really bad idea. It's too easy to lose track of an iPad or leave it somewhere by accident or have concealed by a thief and transported far away quickly. Along with all you data.

 

[Major Tom]

I think it's a really bad idea. It's too easy to lose track of an iPad or leave it somewhere by accident or have concealed by a thief and transported far away quickly. Along with all you data.

I don't think the idea was to use an iPad for storing any data on the iPads' HD - just to use it to access financial accounts online.

 

[Chuckanut]

What has me wondering is the part about using just the financial institution's app on the iPad. Does that really make the institution responsible if the app somehow 'leaks' my data to a criminal who might drain my savings account? I wonder if that belief is wishful thinking or has some legal teeth behind it.

 

[meierlde]

Or for Windows 7 or 8 set up a virtual machine running Xp to do the financial work. (For Windows 8 you can also run another copy of windows 8) You do need windows 8 professional to do this however. This essentially is the equivalent of the way big server installs now do business, a virtual machine for each web server. (If really paranoid, create 2 vms 1 for business and one for other purposes). But this does demand some level of technical sophistication.

 

[tuixiu]

Chromebook.

 

[Midpack]

I may be missing something, but the only thing I really have to protect is my usernames & passwords. If someone sees my holdings, it's annoying but so what, many people publish that kind of detail here.

I know some people (here) look at their holdings online daily, but I think that increases the likelihood of a "security breach," and why bother if you're a long term, buy-n-hold investor? I don't care about paper losses/gains so I "look" on average quarterly or less, and I'd never use a public PC to access my financials.

I have an iPad, but I don't access my financial info with it other than having my holdings on Bloomberg (all modified by a factor so they look smaller than they actually are) so I can see market impact on my portfolio easily. However, I'd be surprised if I even look at that more than 4-6 times/year, so I may delete it.

So I have my many non-critical usernames/passwords in an Excel file on my PC HD, and the few that access financial institutions are kept in an Excel file on a USB flash drive. When I update the important passwords, I generate 5-10 "strong passwords" for each institution so I can change them periodically without having to access the flash drive. I've printed the latter and hidden the list, so I only have to actually put the flash drive in every several years. Seems reasonably secure to me, but maybe I'm missing something.

 

[Ronstar]

My nephew is a programmer at a credit card co, working in the fraud dept. part of his job is hacking into their own systems, and then develop protection. He is paranoid about online security to the point that he uses encryption software on his personal stuff

 

[Katsmeow]

I know some people (here) look at their holdings online daily, but I think that increases the likelihood of a "security breach," and why bother if you're a long term, buy-n-hold investor? I don't care about paper losses/gains so I "look" on average quarterly or less, and I'd never use a public PC to access my financials.

I bother because I want to check to see that no one has changed the email address on the account and no one has initiated any transfer transactions on the account. If I see that happening, I can contact Vanguard before anything gets finalized. Checking quarterly (!) or even monthly or weekly doesn't do that as you can find out too late someone accessed your account.

I don't check on public WiFi networks, but when I'm at home I check on each business day.

 

[Mulligan]

I bother because I want to check to see that no one has changed the email address on the account and no one has initiated any transfer transactions on the account. If I see that happening, I can contact Vanguard before anything gets finalized. Checking quarterly (!) or even monthly or weekly doesn't do that as you can find out too late someone accessed your account.

I don't check on public WiFi networks, but when I'm at home I check on each business day.

I "invested" a $199 for a Google Chromebook whose sole purpose is for online transactions and investment monitoring. I don't know if it was necessary or not. Probably no more necessary than me blowing $119 for an HP Slate 7 inch tablet I bought online today. Just couldn't pass it up and was itching to waste some money today.

 

[Chuckanut]

I "invested" a $199 for a Google Chromebook whose sole purpose is for online transactions and investment monitoring. I don't know if it was necessary or not. Probably no more necessary than me blowing $119 for an HP Slate 7 inch tablet I bought online today. Just couldn't pass it up and was itching to waste some money today.

Do you have a monthly fee with the Chromebook?

 

[Mulligan]

Do you have a monthly fee with the Chromebook?

No, I think there is a fee for using a certain amount of "cloud space", but I do not use any. Google controls all the security so none is needed on the chromebook. When you close out of the laptop the info is wiped out. I have the Acer Chromebook, but Samsung has a little better one with stronger battery for $50 more.

 

[photoguy]

My nephew is a programmer at a credit card co, working in the fraud dept. part of his job is hacking into their own systems, and then develop protection. He is paranoid about online security to the point that he uses encryption software on his personal stuff

Is he using anything more than encrypted hard drives/filesystem? This is what I use on my mac (filevault) and it is both painless and seamless. I'd use the same on windows too.

 

[tuixiu]

I
I know some people (here) look at their holdings online daily, but I think that increases the likelihood of a "security breach," and why bother if you're a long term, buy-n-hold investor?

For me it goes beyond long term investing, I use mint which aggregates my accounts so it is easy to take a daily peek at what transactions happened across everything from bank to cc to investments.

I've found it much better than my old way of once per month looking at every transaction on every account, since daily things are fresh in my head and if some nefarious activity happened I'd see it and be dealing with it within a day or two.

Knowing investment gains/losses and net worth is a plus, but it is mainly for the day-to-day stuff.

 

[tuixiu]

No, I think there is a fee for using a certain amount of "cloud space", but I do not use any.

Yup but what you get for free now is way more than someone using a Chromebook as a finance appliance would bump against.

 

[Mulligan]

Yup but what you get for free now is way more than someone using a Chromebook as a finance appliance would bump against.

Are you referring to the internal storage capacity of the Chromebook? I do not believe that they have much storage capacity. The only thing I have used it for is online transactions. I should take 10 minutes and go to their store and see if they have some of the apps for my bank, credit cards, and Vanguard. All I have done is just book marked the sites, so when I sign into my google account they are there at the top of the screen ready to sign into.

 

[grasshopper]

I now do all my surfing on my tablet. If I buy something online, I sign in on my laptop and get a virtual CC number and use that. I can get CC transactions on Quicken 13 android app securely. My laptop is only used to sign in to my financial websites, nothing else.

 

[tuixiu]

Are you referring to the internal storage capacity of the Chromebook? I do not believe that they have much storage capacity.

Nah I mean the cloud storage. It is currently 15 gigs for free, which isn't easy to fill up with documents related to finances. Chromebook itself (at least my Samsung) has 16 gigs onboard.

Sure one can fill up 15 gig by uploading videos, music, and lots of high-res photos but for someone using it mainly to handle their online finances isn't likely to run out of space on the free tier.

 

[Mulligan]

Nah I mean the cloud storage. It is currently 15 gigs for free, which isn't easy to fill up with documents related to finances. Chromebook itself (at least my Samsung) has 16 gigs onboard.

Sure one can fill up 15 gig by uploading videos, music, and lots of high-res photos but for someone using it mainly to handle their online finances isn't likely to run out of space on the free tier.

Gotcha. I couldn't remember if some storage was free, then you pay, or just a trial period was free. Yes, I agree for me anyways, I will never need 16. Probably don't need one gig. I have only found a couple apps on my iPad that I bothered to even download and keep. Of course this site was one of the few though!

 

[Cooked]

If you want your personal data in the cloud then thats ok for you. All systems can be broken to extract information.
I agree with the OP. I have a system with VMWARE and a partition with finance only. The only thing that partition does is personal finance. Maybe I am fooling myself, but unless I am actively working, that partition is sleeping and not responding to anything (I hope).
The cloud is convenient (for us) and lets us use our multiple devices to access our data very nicely but beware. Put the stuff in the cloud that you are wiling to let anyone see, because the only people beside you that see it are you, the people that you allowed and the industrious people looking for nuggets.

 

[explanade]

I don't know that the iPad is technically more safe than a computer. I think they use the same kind of SSL encryption, though it's nice to see the visual confirmation with the lock icon on the secure pages you load.

I've looked at a bunch of apps. like the Vanguard app, but really to enter all the data, you need to use the computer.


On a related note, I'm looking around at various retirement calculator because there's been some threads on the topic. So searching around, I came across this:

Economic Security Planner
Lusardi says some people don’t trust calculators because they suspect their bias is always to tell you to save more. If that’s your suspicion, and you can tolerate complexity, give this program a try. Rather than simply assuming you should replace, say, 80% of your income in retirement (a common assumption of simple calculators), ESPlanner takes where you are now financially and then calculates the optimum amount to save and spend going forward, to achieve a stable living standard, now and through retirement. (In other words, it won’t suggest you live like a pauper now, so you can live in luxury later.) We at Forbes like this program so much that we’ve made it into the Forbes Lifetime Financial Planning app, available for download free on the iPad. Or try the free basic web version here. Warning: Both versions require a lot of data input, and some getting used to, although the iPad version has better graphics and, we think, is more user friendly.

Here's their app.:

https://itunes.apple.com/us/app/forbes-lifetime-financial/id491483343?mt=8

Anyone use it or the underlying calculator on which it's based, Economic Security Planner?

 

[Midpack]

I may be missing something, but the only thing I really have to protect is my usernames & passwords. If someone sees my holdings, it's annoying but so what, many people publish that kind of detail here.

I know some people (here) look at their holdings online daily, but I think that increases the likelihood of a "security breach," and why bother if you're a long term, buy-n-hold investor? I don't care about paper losses/gains so I "look" on average quarterly or less, and I'd never use a public PC to access my financials.

I bother because I want to check to see that no one has changed the email address on the account and no one has initiated any transfer transactions on the account. If I see that happening, I can contact Vanguard before anything gets finalized. Checking quarterly (!) or even monthly or weekly doesn't do that as you can find out too late someone accessed your account.

Fair point. I checked Vanguard's fraud policy and found

"If assets are taken from your account in an unauthorized online transaction on Vanguard.com®—and you've followed the steps described in the Your responsibilities section below—we will reimburse the assets taken from your account in the unauthorized transaction. Check your account frequently"

though I didn't see any definition of frequently Deliberate?

So maybe I should check a little more often, though the more often I access, the more risk of hacking a password. Another of life's Catch 22's. OTOH, Vanguard's security measures look as solid as they can make them ( as expected) even if there are no absolute guarantees.

I'd still say looking daily should be unnecessary. YMMV

 

[Lsbcal]

I bother because I want to check to see that no one has changed the email address on the account and no one has initiated any transfer transactions on the account. If I see that happening, I can contact Vanguard before anything gets finalized. Checking quarterly (!) or even monthly or weekly doesn't do that as you can find out too late someone accessed your account.

I don't check on public WiFi networks, but when I'm at home I check on each business day.

If there are any changes of this sort, Vanguard will email you to your current email account with a message on the changes. Transfer transactions would be to accounts you hopefully have good security on and that you control. For the bad guy to be successful, he would have to change the VG account to transfer to an account he controls but that is in your registered VG name and you would have to miss seeing the email about the change.

I do not think one could add a transfer account change and quickly do that transfer i.e. I think (but am not sure of this) that there is a transition period before you can actually do that transfer. My guess is if the transfer is out of character, VG will flag this as unusual. I guess if one is leaving on an extended trip and will not access one's secure email, you would have a security risk there. In that case, one could notify VG of the trip length like one does with a credit card company.

 

[Lsbcal]

Here is a link to what Vanguard wants from us regarding our security practices: https://personal.vanguard.com/us/help/SecurityOnlineFraudPledgeContent.jsp