|
|
08-04-2020, 08:09 PM
|
#41
|
Recycles dryer sheets
Join Date: Aug 2013
Posts: 437
|
To me, those saying they don't have online access are the most vulnerable.
1. They don't have quick access to notifications on changes to their account.
2. Their account is basically "unclaimed" for online access.
It's much better to take control and learn about the ins and outs of your accounts.
|
|
|
|
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!
Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!
You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!
|
08-04-2020, 09:38 PM
|
#42
|
Recycles dryer sheets
Join Date: Dec 2007
Posts: 377
|
Quote:
Originally Posted by jetpack
To me, those saying they don't have online access are the most vulnerable.
1. They don't have quick access to notifications on changes to their account.
2. Their account is basically "unclaimed" for online access.
It's much better to take control and learn about the ins and outs of your accounts.
|
This ^^^ is an interesting viewpoint. It actually makes sense to me.
|
|
|
08-04-2020, 09:46 PM
|
#43
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Jun 2006
Location: Boise
Posts: 7,866
|
Quote:
Originally Posted by ut2sua
This ^^^ is an interesting viewpoint. It actually makes sense to me.
|
Like another poster upthread, one of the things I do is have a lot of alerts set up on all of my credit cards. I may get lots of emails, but they're cheap to receive and delete, and if anything untoward happens I'm more likely to notice.
I note with interest that nobody on this thread has mentioned identity theft protection services. (I don't use LifeLock either.) Not sure if people don't think it's worth the money, or don't think it actually provides much real protection, or some other reason. But notable by its absence regardless of the reason(s).
__________________
"At times the world can seem an unfriendly and sinister place, but believe us when we say there is much more good in it than bad. All you have to do is look hard enough, and what might seem to be a series of unfortunate events, may in fact be the first steps of a journey." Violet Baudelaire.
|
|
|
08-04-2020, 09:53 PM
|
#44
|
Thinks s/he gets paid by the post
Join Date: Dec 2018
Location: DuPage County IL
Posts: 2,702
|
Quote:
Originally Posted by SecondCor521
Like another poster upthread, one of the things I do is have a lot of alerts set up on all of my credit cards. I may get lots of emails, but they're cheap to receive and delete, and if anything untoward happens I'm more likely to notice.
I note with interest that nobody on this thread has mentioned identity theft protection services. (I don't use LifeLock either.) Not sure if people don't think it's worth the money, or don't think it actually provides much real protection, or some other reason. But notable by its absence regardless of the reason(s).
|
alerts on all accounts are set for amounts greater than $1. this alert setting results in a lot of texts a d e-mail but there aren't that many transactions to begin with and the upside is i'll be alerted to any test transfers. we also are Lifelock members.
__________________
Rich
Ham Radio, Sport Pilot, RVer
FIRE: 8/11/2005, age 55y,1d
Dispatcher, then shift supv, then administrator for a regional 9-1-1 call center
|
|
|
08-05-2020, 09:54 AM
|
#45
|
Thinks s/he gets paid by the post
Join Date: Sep 2006
Posts: 1,396
|
Quote:
Originally Posted by jetpack
To me, those saying they don't have online access are the most vulnerable.
1. They don't have quick access to notifications on changes to their account.
2. Their account is basically "unclaimed" for online access.
It's much better to take control and learn about the ins and outs of your accounts.
|
I agree.
|
|
|
08-05-2020, 09:56 AM
|
#46
|
Thinks s/he gets paid by the post
Join Date: Sep 2006
Posts: 1,396
|
Quote:
Originally Posted by SecondCor521
I note with interest that nobody on this thread has mentioned identity theft protection services. (I don't use LifeLock either.) Not sure if people don't think it's worth the money, or don't think it actually provides much real protection, or some other reason.
|
I think identity protection services like LifeLock are a waste of money and provide little protection beyond what you can do on your own. For example, you can freeze and thaw your own credit for free at each of the credit agencies. You can also set up alerts at your financial providers for free.
|
|
|
08-05-2020, 10:24 AM
|
#47
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Mar 2017
Location: City
Posts: 10,337
|
Quote:
Originally Posted by jetpack
1. They don't have quick access to notifications on changes to their account. ...
|
Schwab communicates via email, so I receive their messages on my mobile devices just fine. This despite the fact that I load no financial apps and do no financial business on my mobile devices.
Quote:
Originally Posted by jetpack
2. Their account is basically "unclaimed" for online access. ...
|
I have no idea what this even means.
|
|
|
08-05-2020, 11:02 AM
|
#48
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Jul 2014
Location: Spending the Kids Inheritance and living in Chicago
Posts: 17,012
|
Quote:
Originally Posted by JustCurious
I think identity protection services like LifeLock are a waste of money and provide little protection beyond what you can do on your own. For example, you can freeze your own credit for free or at very low cost.
|
It's FREE to freeze credit, since Congress passed the law.
Free to freeze , and free to thaw credit reports (needed when getting new CC)
__________________
Fortune favors the prepared mind. ... Louis Pasteur
|
|
|
08-05-2020, 12:07 PM
|
#49
|
Moderator Emeritus
Join Date: Apr 2011
Location: Conroe, Texas
Posts: 18,645
|
Quote:
Originally Posted by JustCurious
I think identity protection services like LifeLock are a waste of money and provide little protection beyond what you can do on your own. For example, you can freeze your own credit for free or at very low cost.
|
LifeLock will notify you after your account is hacked....maybe.
__________________
*********Go Astros!*********
|
|
|
08-05-2020, 04:57 PM
|
#50
|
Thinks s/he gets paid by the post
Join Date: Dec 2017
Posts: 1,594
|
Quote:
Originally Posted by sengsational
I don't think changing passwords often is going to do a bit of good, as long as you never re-use a password. And you should certainly never, ever, not ever, reuse a password.
|
That's what I have thought too. I have long 20+ character passwords for banking and investment web sites with 2 FA.
I have a lot of passwords for various web sites like newspapers, facebook and forums. I have reformed and the all have unique passwords now but I just let the browser remember them.
I am thinking that I might do the same with credit card accounts. Is that a bad idea. They seem less critical than investments/banking
|
|
|
08-05-2020, 05:56 PM
|
#51
|
Recycles dryer sheets
Join Date: Dec 2007
Posts: 377
|
Quote:
Originally Posted by RetMD21
I have a lot of passwords for various web sites like newspapers, facebook and forums. I have reformed and the all have unique passwords now but I just let the browser remember them.
|
Bolded by me, I wonder how safe that is (?)
|
|
|
08-05-2020, 06:21 PM
|
#52
|
Thinks s/he gets paid by the post
Join Date: Dec 2017
Posts: 2,534
|
Quote:
Originally Posted by OldShooter
I have no idea what this even means.
|
I believe that the poster means that a person has an account, but has never set up online access. If this is the case, it's much easier for some external party to gain access to your account if they know your personal information, as they can register new online access with your personal info and their new password. Then the hacker can set up alerts to go to their email or phone, and set up their own MFA; they can move $ out of the account in a few days or weeks, without you even knowing it, and can turn off paper (mail) statements. Perfect storm. I agree with others...setting up text and email alerts is the best way to go, as you'll have instant notification of anything happening with the account.
__________________
Balance in everything.
|
|
|
08-05-2020, 10:51 PM
|
#53
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Jul 2014
Location: Spending the Kids Inheritance and living in Chicago
Posts: 17,012
|
Quote:
Originally Posted by ut2sua
Bolded by me, I wonder how safe that is (?)
|
I think person means for non-important sites, the browser remembering is OK.
__________________
Fortune favors the prepared mind. ... Louis Pasteur
|
|
|
08-06-2020, 07:09 AM
|
#54
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Feb 2007
Posts: 9,953
|
Quote:
Originally Posted by Katsmeow
I did a couple of threads that talked about using separate email accounts for financial accounts and whether to use a separate financial computer.
https://www.early-retirement.org/for...se-104265.html
https://www.early-retirement.org/for...ok-104300.html
You might find those threads helpful as they discuss many of those issues.
In addition to what is in there. One thing that I do is that I usually log into my financial accounts on any business day. If someone has logged into my account and has a transaction pending then I will see it.
On the trade offs of different levels of protection see post number 40 by me in my Financial Chromebook thread where I discuss the possible protections.
|
Kats did you actually buy the chrome book? As of 7/11 you had not gotten one. I'm thinking about canceling my landline and will lose my 25 YO email address and might as well think about account security now. Start from scratch with a dedicated email and chomebook. On the fence right now.
|
|
|
08-06-2020, 08:09 AM
|
#55
|
Thinks s/he gets paid by the post
Join Date: Sep 2006
Posts: 1,396
|
Quote:
Originally Posted by ivinsfan
Start from scratch with a dedicated email and chomebook. On the fence right now.
|
I have gone back and forth on the issue of using a separate dedicated email for financial accounts only, there are pros and cons. I even set up a separate email and started using it for my financial accounts for a while but ultimately I decided that the cons outweighed the pros, especially since my Gmail account is enrolled in the advanced protection program...it is next to impossible for anyone to get access to my email account, even if they know my password.
Here are the disadvantages that caused me to stop using a separate email:
1) You may not check the private email as often as you check your primary email so there may be a delay in receiving important notifications regarding your financial accounts. For example, if you only check the private email at home, and you are away from home for a period of time, i.e. on vacation, you may miss important notifications while you are away and it's possible your account could be compromised without your knowledge. Yes, I am aware that you can forward the secondary email to your primary email, or with Gmail you can set up your secondary email to be accessed by your primary email, but ultimately that defeats almost all of the purpose behind maintaining a separate email in the first place because anyone with access to your primary email will see all of the emails sent to your secondary "private" email.
2) You will have to keep track of another email account and remember another password, including maintaining various account and security settings for multiple accounts. I find that to be a pain.
If you are concerned about account security and you also want the convenience of one email address, I recommend getting a Gmail account and enroll it in the Advanced Protection Program and use that email as your email for everything. Your email will have the highest level of security from hacking that is available to consumers today. Just remember that security and convenience are mortal enemies and you will lose some convenience in the name of security.
|
|
|
08-06-2020, 09:18 AM
|
#56
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Mar 2017
Location: City
Posts: 10,337
|
Quote:
Originally Posted by HNL Bill
I believe that the poster means that a person has an account, but has never set up online access. If this is the case, it's much easier for some external party to gain access to your account if they know your personal information, as they can register new online access with your personal info and their new password. Then the hacker can set up alerts to go to their email or phone, and set up their own MFA; they can move $ out of the account in a few days or weeks, without you even knowing it, and can turn off paper (mail) statements. Perfect storm. I agree with others...setting up text and email alerts is the best way to go, as you'll have instant notification of anything happening with the account.
|
IIRC something like 90% of breeches are achieved by phishing attacks where a user is tricked into revealing his user ID and password. If one does not have an online account, then that trick is impossible. I think that phishing is probably a higher risk than the complicated sort of attack that you describe here. Nobody knows, of course.
The thing to remember is that none of the various tricks and levels of protection described in this thread have been proven statistically to work. No one knows whether they have been attacked a statistically significant number of times and the attacks have failed. That would be a vailid test. All most of us can say is that with whatever scheme we are using, we have never been hacked. Someone who chose to carry a rabbit's foot and used his mother's maiden name for all passwords might well be able to say the same thing.
|
|
|
08-06-2020, 09:36 AM
|
#57
|
Thinks s/he gets paid by the post
Join Date: Sep 2006
Posts: 1,396
|
Quote:
Originally Posted by OldShooter
The thing to remember is that none of the various tricks and levels of protection described in this thread have been proven statistically to work.
|
That's not true. Google's Advanced Protection Program has been proven statistically to work. Google has stated that since the program began in 2017 no user who signed up for the program has been phished, even if repeatedly targeted...
Over the past three years, this enhanced security feature has prevented hackers from gaining access to any APP-protected Google accounts.
This has made APP a must-enable feature for Google users who are regularly the targets of advanced phishing attempts, like those carried out by state-sponsored hackers.
In a blog post today detailing Google's actions against state-sponsored operations, Toni Gidwani, a Security Engineering Manager for Google's elite hacker-hunting unit -- the Threat Analysis Group (TAG) -- said the APP has been extremely successful at stopping these advanced phishing attempts and the subsequent account compromises.
https://www.zdnet.com/article/google...ished-to-date/
https://blog.google/threat-analysis-...isinformation/
Also, the effectiveness of basic account hygiene has been studied and some practices have been shown to be effective against account hijacking.
https://security.googleblog.com/2019...-is-basic.html
|
|
|
08-06-2020, 01:25 PM
|
#58
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Mar 2017
Location: City
Posts: 10,337
|
Quote:
Originally Posted by JustCurious
That's not true. Google's Advanced Protection Program has been proven statistically to work. Google has stated that since the program began in 2017 no user who signed up for the program has been phished, even if repeatedly targeted...
|
Thanks. I'll research that a bit. But it's just limited to protecting Google accounts?
|
|
|
08-06-2020, 02:12 PM
|
#59
|
Thinks s/he gets paid by the post
Join Date: Sep 2006
Posts: 1,396
|
Quote:
Originally Posted by OldShooter
Thanks. I'll research that a bit. But it's just limited to protecting Google accounts?
|
Yes, the Google Advanced Protection Program is limited to Google accounts. Note that when the program started in 2017 it was not available to all Google accounts, but they have sinced opened up the program to anyone with a Google account.
|
|
|
08-07-2020, 05:06 PM
|
#60
|
Recycles dryer sheets
Join Date: Dec 2009
Location: Ft Lauderdale
Posts: 165
|
Quote:
Originally Posted by ut2sua
With so much identity theft going on and many hackers roaming the Internet, I am wondering how folks safeguard their retirement accounts. Do you change your passwd frequently, do you not change your passwd to avoid getting noticed (by hackers)? Do you make use of 2 step ID (using your phone and/or token ID)? Do you change your login user IDs from time to time? Anyone can move large sum of $ with a few clicks, and if your $ is not moved by you, that is a big concern. Also, what if the bank computer got wiped out overnight, do they have back up info to restore everyone account balances (the answer better be yes, but do we know for sure?).
I am not sure if this thread belongs here. Please move as appropriate. I am basically looking for best, proven practice.
|
Fidelity Money Transfer Lockdown.
While activated, even I can't get to my money while logged into my account. Can only unlock with 2FA with text alerts and emails sent immediately every time it's done.
If you have a managed account they also offer complimentary enrollment in IDnotify, Experian's identity protection service including $2M to $5M of identity theft insurance, depending on the value of your account. They will notify you of any unauthorized access to your bank accounts, credit cards, phone numbers, email addresses, SS #, drivers license, passport, etc.
|
|
|
|
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
|
|
Thread Tools |
|
Display Modes |
Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
» Recent Threads
|
|
|
|
|
|
|
|
|
|
|
|
|
» Quick Links
|
|
|