Different Identity Protection

[Jerry1]

With all the Equifax discussion, I realized that the main thing I'm concerned about is someone wiping out my retirement accounts. I have three main accounts (Fidelity, ING and Schwab). Is there any way that I can freeze those accounts? I really wouldn't care how difficult I make it on myself (like having to present my ID at a branch) to ensure that someone doesn't transfer out the entire balance or even a significant portion of it. Is there a gold standard to force brokerage companies or banks to validate and be responsible to ensure it is me requesting a significant transaction with those accounts?

 

[Blue Collar Guy]

With all the Equifax discussion, I realized that the main thing I'm concerned about is someone wiping out my retirement accounts. I have three main accounts (Fidelity, ING and Schwab). Is there any way that I can freeze those accounts? I really wouldn't care how difficult I make it on myself (like having to present my ID at a branch) to ensure that someone doesn't transfer out the entire balance or even a significant portion of it. Is there a gold standard to force brokerage companies or banks to validate and be responsible to ensure it is me requesting a significant transaction with those accounts?

Great, another thing to worry about..

 

[audreyh1]

With all the Equifax discussion, I realized that the main thing I'm concerned about is someone wiping out my retirement accounts. I have three main accounts (Fidelity, ING and Schwab). Is there any way that I can freeze those accounts? I really wouldn't care how difficult I make it on myself (like having to present my ID at a branch) to ensure that someone doesn't transfer out the entire balance or even a significant portion of it. Is there a gold standard to force brokerage companies or banks to validate and be responsible to ensure it is me requesting a significant transaction with those accounts?

Talk with each brokerage about best practices to keep your accounts secure and what kinds of protection they provide. We use two-factor authentication at Fidelity where they send my phone a code to verify certain operations and access from unknown computer or overseas. Any orders generate instant emails. So I feel pretty secure.

I don't have a Vanguard account and my Schwab account is very small.

 

[growing_older]

Maybe. I had a problem with my username being easy to put in if you typo common words and my online brokerage account got "locked" from too many access attempts. When we cleared that up, they offered to leave on the "read-only" lock. I can view my account and I can make contributions, but I cannot sell anything or take any distributions without a lengthy proof of identity process. This was great for many years during accumulation until I finally had to rebalance and had to turn it off. I'm strongly considering requesting the lock be put back in place.

 

[target2019]

With all the Equifax discussion, I realized that the main thing I'm concerned about is someone wiping out my retirement accounts. I have three main accounts (Fidelity, ING and Schwab). Is there any way that I can freeze those accounts? I really wouldn't care how difficult I make it on myself (like having to present my ID at a branch) to ensure that someone doesn't transfer out the entire balance or even a significant portion of it. Is there a gold standard to force brokerage companies or banks to validate and be responsible to ensure it is me requesting a significant transaction with those accounts?

Each company will have separate approaches to hoe they implement security. The approach is based on what security standards are required in the industry, and additional policy the company feels is necessary. With Schwab I use the symantec VIP token they provided.

You'll have to speak with each company to find out what additional precautions you can take.

 

[marko]

I use TRPrice but I'd imagine all the major and minor players give you the option of getting an email/text the second that a change, withdrawal or money movement takes place.
I usually still online with them when I get a text telling me that I've made a withdrawal, password change etc.

 

[bclover]

Great, another thing to worry about..

Blue, I'm starting to feel like retirement takes more energy than working.

 

[pjm-7]

Having been the biz, you can request that all withdrawals be done in writing with a signature guarantee. Also adding the text and e-mail notifications for all changes (passwords, withdrawals, address, etc.) can help.

 

[savory]

The two factor as suggested above is a good idea. I would like to see 2-factor be generated by a separate device, like the Symantic VIP token. I use yubikey for some programs.

The other thing not mentioned yet (or I missed it) is the regular changing of passwords. Once your password is changed, it could obsolete your data. And, I would use one of the password generators that have been suggested on other posts. I use Keepass on a thumb drive outside of the cloud, with a backup thumb drive. It feels better that it is not online.

The more your change your passwords, they shorter time someone has to decipher your information. The more sophisticated password, it seems like the longer it will take.

Having said all this, if a thief has a enough information about you and knows how to leverage it with the financial site, they maybe able to get inside. At least this is my impression. The balance of finding a way to let ourselves back-in (if we forget a password for example) and preventing a crook, seems to be a balance.

 

[Big_Hitter]

With all the Equifax discussion, I realized that the main thing I'm concerned about is someone wiping out my retirement accounts. I have three main accounts (Fidelity, ING and Schwab). Is there any way that I can freeze those accounts? I really wouldn't care how difficult I make it on myself (like having to present my ID at a branch) to ensure that someone doesn't transfer out the entire balance or even a significant portion of it. Is there a gold standard to force brokerage companies or banks to validate and be responsible to ensure it is me requesting a significant transaction with those accounts?

i requested a token ring and incorporated a verbal password

 

[gayl]

I've got the " at Schwab my voice is my password"

 

[razztazz]

Great, another thing to worry about..

ANOTHER thing? That's the first thing I thought of. All the other things are the "Other Things"

 

[btdt22]

We presently use two factor authentication with Vanguard for unknown computers, but seriously considering having Vanguard send me an access code via text every time we try to sign on.

 

[Chuckanut]

We use two-factor authentication at Fidelity where they send my phone a code to verify certain operations and access from unknown computer or overseas. Any orders generate instant emails. So I feel pretty secure.

The instant emails is good.

The phone code is not. Unfortunately, the phone companies make it all to easy for an imposter to say "Hi, I'm Prunella and my phone fell off a 1200 foot cliff while I was hiking in Wyoming. Can you give me a new sim card for my new phone and port my existing number to it?" Once they have ported your number to their phone, they have what they need to neutralize your 2FA. They will quickly change passwords to lock you out of your various accounts and proceed to make your life miserable.

What you need is a time based random code generator like Google Authenticator (there are others also) or an actual device like a Yubikey.

 

[easysurfer]

....


What you need is a time based random code generator like Google Authenticator (there are others also) or an actual device like a Yubikey.

I'm up to a count of 7 now for my new hobby of collecting QR codes for my random code generator .

 

[audreyh1]

The instant emails is good.

The phone code is not. Unfortunately, the phone companies make it all to easy for an imposter to say "Hi, I'm Prunella and my phone fell off a 1200 foot cliff while I was hiking in Wyoming. Can you give me a new sim card for my new phone and port my existing number to it?" Once they have ported your number to their phone, they have what they need to neutralize your 2FA. They will quickly change passwords to lock you out of your various accounts and proceed to make your life miserable.

What you need is a time based random code generator like Google Authenticator (there are others also) or an actual device like a Yubikey.

They would have to successfully log into my account as well as figure out which phone I was using and replace my phone.

 

[Jerry1]

Maybe. I had a problem with my username being easy to put in if you typo common words and my online brokerage account got "locked" from too many access attempts. When we cleared that up, they offered to leave on the "read-only" lock. I can view my account and I can make contributions, but I cannot sell anything or take any distributions without a lengthy proof of identity process. This was great for many years during accumulation until I finally had to rebalance and had to turn it off. I'm strongly considering requesting the lock be put back in place.

Having been the biz, you can request that all withdrawals be done in writing with a signature guarantee. Also adding the text and e-mail notifications for all changes (passwords, withdrawals, address, etc.) can help.

DW is going to call them tomorrow, but the "in writing with a signature guarantee" is the kind of thing I'm looking for. I also like the "read-only" lock. The need to take distributions is zero right now and I want the accounts locked down. Three accounts represent more that 70% of my accumulated investments (401k's) and about 60% of my net worth. Losing any one of them would be more than painful and losing all of them, no matter how unlikely, would be devastating. I'm willing to jump through some hoops to keep that from happening.

Thanks for the input.

 

[aja8888]

They would have to successfully log into my account as well as figure out which phone I was using and replace my phone.

Not only which phone, but also which carrier. And some phone don't use SIM cards.

 

[jazz4cash]

The instant emails is good.

The phone code is not. Unfortunately, the phone companies make it all to easy for an imposter to say "Hi, I'm Prunella and my phone fell off a 1200 foot cliff while I was hiking in Wyoming. Can you give me a new sim card for my new phone and port my existing number to it?" Once they have ported your number to their phone, they have what they need to neutralize your 2FA. They will quickly change passwords to lock you out of your various accounts and proceed to make your life miserable.

What you need is a time based random code generator like Google Authenticator (there are others also) or an actual device like a Yubikey.

I saw you posted about this in another thread without this additional detail. The way it works for me is a one time temporary PIN is sent via text to my cellphone. It expires if not used within a short period. Changes to permanent PW, username, cellphone, etc generate a notice to my email account. It doesn't seem to be as insecure as you suggest for this reason as well as reasons cited by Audrey1.

 

[aida2003]

The instant emails is good.

What you need is a time based random code generator like Google Authenticator (there are others also) or an actual device like a Yubikey.

Why/how are instant emails better than a text to a phone? The crooks got my email from Equifax, I'm sure, so if the same email address is linked to my Vanguard account, can they get into my inbox and get the anything they need.

I think I'll soon start another thread because all the info I've read so far makes my head hurt and I don't know where to start.

 

[audreyh1]

Why/how are instant emails better than a text to a phone? The crooks got my email from Equifax, I'm sure, so if the same email address is linked to my Vanguard account, can they get into my inbox and get the anything they need.

I think I'll soon start another thread because all the info I've read so far makes my head hurt and I don't know where to start.

Emails are not normally part of your credit record. Equifax didn't say anything about email addresses being disclosed, and I have never seen emails listed on a credit report.

How does someone get into your email inbox? Even if they know your email address, they have to figure out the provider and hack their way in to gain access to your email account and lock you out of it.

You probably do want to make sure your email services are secure: some well known free email providers do get hacked occasionally.

 

[rayinpenn]

My main brokerage account requires my password (cap & numeric & special character i.e Rayinpenn321@) and a pin that i get from a Tolkien i have. Pretty happy with that...