Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
Old 08-04-2020, 08:09 PM   #41
Recycles dryer sheets
jetpack's Avatar
 
Join Date: Aug 2013
Posts: 437
To me, those saying they don't have online access are the most vulnerable.

1. They don't have quick access to notifications on changes to their account.

2. Their account is basically "unclaimed" for online access.

It's much better to take control and learn about the ins and outs of your accounts.
jetpack is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 08-04-2020, 09:38 PM   #42
Recycles dryer sheets
 
Join Date: Dec 2007
Posts: 240
Quote:
Originally Posted by jetpack View Post
To me, those saying they don't have online access are the most vulnerable.

1. They don't have quick access to notifications on changes to their account.

2. Their account is basically "unclaimed" for online access.

It's much better to take control and learn about the ins and outs of your accounts.
This ^^^ is an interesting viewpoint. It actually makes sense to me.
ut2sua is offline   Reply With Quote
Old 08-04-2020, 09:46 PM   #43
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
SecondCor521's Avatar
 
Join Date: Jun 2006
Location: Boise
Posts: 5,337
Quote:
Originally Posted by ut2sua View Post
This ^^^ is an interesting viewpoint. It actually makes sense to me.
Like another poster upthread, one of the things I do is have a lot of alerts set up on all of my credit cards. I may get lots of emails, but they're cheap to receive and delete, and if anything untoward happens I'm more likely to notice.

I note with interest that nobody on this thread has mentioned identity theft protection services. (I don't use LifeLock either.) Not sure if people don't think it's worth the money, or don't think it actually provides much real protection, or some other reason. But notable by its absence regardless of the reason(s).
__________________
"At times the world can seem an unfriendly and sinister place, but believe us when we say there is much more good in it than bad. All you have to do is look hard enough, and what might seem to be a series of unfortunate events, may in fact be the first steps of a journey." Violet Baudelaire.
SecondCor521 is online now   Reply With Quote
Old 08-04-2020, 09:53 PM   #44
Thinks s/he gets paid by the post
rk911's Avatar
 
Join Date: Dec 2018
Location: DuPage County IL
Posts: 1,404
Quote:
Originally Posted by SecondCor521 View Post
Like another poster upthread, one of the things I do is have a lot of alerts set up on all of my credit cards. I may get lots of emails, but they're cheap to receive and delete, and if anything untoward happens I'm more likely to notice.

I note with interest that nobody on this thread has mentioned identity theft protection services. (I don't use LifeLock either.) Not sure if people don't think it's worth the money, or don't think it actually provides much real protection, or some other reason. But notable by its absence regardless of the reason(s).
alerts on all accounts are set for amounts greater than $1. this alert setting results in a lot of texts a d e-mail but there aren't that many transactions to begin with and the upside is i'll be alerted to any test transfers. we also are Lifelock members.
__________________
Rich
Ham Radio, Sport Pilot, RVer
FIRE: 8/11/2005, age 55y,1d
Administrator for a regional 9-1-1 call center
rk911 is offline   Reply With Quote
Old 08-05-2020, 09:54 AM   #45
Thinks s/he gets paid by the post
 
Join Date: Sep 2006
Posts: 1,359
Quote:
Originally Posted by jetpack View Post
To me, those saying they don't have online access are the most vulnerable.

1. They don't have quick access to notifications on changes to their account.

2. Their account is basically "unclaimed" for online access.

It's much better to take control and learn about the ins and outs of your accounts.
I agree.
JustCurious is offline   Reply With Quote
Old 08-05-2020, 09:56 AM   #46
Thinks s/he gets paid by the post
 
Join Date: Sep 2006
Posts: 1,359
Quote:
Originally Posted by SecondCor521 View Post
I note with interest that nobody on this thread has mentioned identity theft protection services. (I don't use LifeLock either.) Not sure if people don't think it's worth the money, or don't think it actually provides much real protection, or some other reason.
I think identity protection services like LifeLock are a waste of money and provide little protection beyond what you can do on your own. For example, you can freeze and thaw your own credit for free at each of the credit agencies. You can also set up alerts at your financial providers for free.
JustCurious is offline   Reply With Quote
Old 08-05-2020, 10:24 AM   #47
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
OldShooter's Avatar
 
Join Date: Mar 2017
Location: City
Posts: 6,547
Quote:
Originally Posted by jetpack View Post
1. They don't have quick access to notifications on changes to their account. ...
Schwab communicates via email, so I receive their messages on my mobile devices just fine. This despite the fact that I load no financial apps and do no financial business on my mobile devices.

Quote:
Originally Posted by jetpack View Post
2. Their account is basically "unclaimed" for online access. ...
I have no idea what this even means.
OldShooter is offline   Reply With Quote
Old 08-05-2020, 11:02 AM   #48
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Sunset's Avatar
 
Join Date: Jul 2014
Location: Spending the Kids Inheritance and living in Chicago
Posts: 11,321
Quote:
Originally Posted by JustCurious View Post
I think identity protection services like LifeLock are a waste of money and provide little protection beyond what you can do on your own. For example, you can freeze your own credit for free or at very low cost.
It's FREE to freeze credit, since Congress passed the law.

Free to freeze , and free to thaw credit reports (needed when getting new CC)
__________________
Fortune favors the prepared mind. ... Louis Pasteur
Sunset is offline   Reply With Quote
Old 08-05-2020, 12:07 PM   #49
Moderator Emeritus
aja8888's Avatar
 
Join Date: Apr 2011
Location: The Woodlands, TX
Posts: 12,430
Quote:
Originally Posted by JustCurious View Post
I think identity protection services like LifeLock are a waste of money and provide little protection beyond what you can do on your own. For example, you can freeze your own credit for free or at very low cost.
LifeLock will notify you after your account is hacked....maybe.
__________________
Everyone has a plan until they get punched in the mouth...philosopher Mike Tyson
aja8888 is offline   Reply With Quote
Old 08-05-2020, 04:57 PM   #50
Recycles dryer sheets
 
Join Date: Dec 2017
Posts: 389
Quote:
Originally Posted by sengsational View Post
I don't think changing passwords often is going to do a bit of good, as long as you never re-use a password. And you should certainly never, ever, not ever, reuse a password.
That's what I have thought too. I have long 20+ character passwords for banking and investment web sites with 2 FA.

I have a lot of passwords for various web sites like newspapers, facebook and forums. I have reformed and the all have unique passwords now but I just let the browser remember them.

I am thinking that I might do the same with credit card accounts. Is that a bad idea. They seem less critical than investments/banking
RetMD21 is offline   Reply With Quote
Old 08-05-2020, 05:56 PM   #51
Recycles dryer sheets
 
Join Date: Dec 2007
Posts: 240
Quote:
Originally Posted by RetMD21 View Post
I have a lot of passwords for various web sites like newspapers, facebook and forums. I have reformed and the all have unique passwords now but I just let the browser remember them.
Bolded by me, I wonder how safe that is (?)
ut2sua is offline   Reply With Quote
Old 08-05-2020, 06:21 PM   #52
Thinks s/he gets paid by the post
HI Bill's Avatar
 
Join Date: Dec 2017
Posts: 2,177
Quote:
Originally Posted by OldShooter View Post
I have no idea what this even means.
I believe that the poster means that a person has an account, but has never set up online access. If this is the case, it's much easier for some external party to gain access to your account if they know your personal information, as they can register new online access with your personal info and their new password. Then the hacker can set up alerts to go to their email or phone, and set up their own MFA; they can move $ out of the account in a few days or weeks, without you even knowing it, and can turn off paper (mail) statements. Perfect storm. I agree with others...setting up text and email alerts is the best way to go, as you'll have instant notification of anything happening with the account.
__________________
Balance in everything.
HI Bill is offline   Reply With Quote
Old 08-05-2020, 10:51 PM   #53
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Sunset's Avatar
 
Join Date: Jul 2014
Location: Spending the Kids Inheritance and living in Chicago
Posts: 11,321
Quote:
Originally Posted by ut2sua View Post
Bolded by me, I wonder how safe that is (?)
I think person means for non-important sites, the browser remembering is OK.
__________________
Fortune favors the prepared mind. ... Louis Pasteur
Sunset is offline   Reply With Quote
Old 08-06-2020, 07:09 AM   #54
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
ivinsfan's Avatar
 
Join Date: Feb 2007
Posts: 6,951
Quote:
Originally Posted by Katsmeow View Post
I did a couple of threads that talked about using separate email accounts for financial accounts and whether to use a separate financial computer.

https://www.early-retirement.org/for...se-104265.html

https://www.early-retirement.org/for...ok-104300.html

You might find those threads helpful as they discuss many of those issues.

In addition to what is in there. One thing that I do is that I usually log into my financial accounts on any business day. If someone has logged into my account and has a transaction pending then I will see it.

On the trade offs of different levels of protection see post number 40 by me in my Financial Chromebook thread where I discuss the possible protections.
Kats did you actually buy the chrome book? As of 7/11 you had not gotten one. I'm thinking about canceling my landline and will lose my 25 YO email address and might as well think about account security now. Start from scratch with a dedicated email and chomebook. On the fence right now.
ivinsfan is offline   Reply With Quote
Old 08-06-2020, 08:09 AM   #55
Thinks s/he gets paid by the post
 
Join Date: Sep 2006
Posts: 1,359
Quote:
Originally Posted by ivinsfan View Post
Start from scratch with a dedicated email and chomebook. On the fence right now.
I have gone back and forth on the issue of using a separate dedicated email for financial accounts only, there are pros and cons. I even set up a separate email and started using it for my financial accounts for a while but ultimately I decided that the cons outweighed the pros, especially since my Gmail account is enrolled in the advanced protection program...it is next to impossible for anyone to get access to my email account, even if they know my password.

Here are the disadvantages that caused me to stop using a separate email:

1) You may not check the private email as often as you check your primary email so there may be a delay in receiving important notifications regarding your financial accounts. For example, if you only check the private email at home, and you are away from home for a period of time, i.e. on vacation, you may miss important notifications while you are away and it's possible your account could be compromised without your knowledge. Yes, I am aware that you can forward the secondary email to your primary email, or with Gmail you can set up your secondary email to be accessed by your primary email, but ultimately that defeats almost all of the purpose behind maintaining a separate email in the first place because anyone with access to your primary email will see all of the emails sent to your secondary "private" email.

2) You will have to keep track of another email account and remember another password, including maintaining various account and security settings for multiple accounts. I find that to be a pain.

If you are concerned about account security and you also want the convenience of one email address, I recommend getting a Gmail account and enroll it in the Advanced Protection Program and use that email as your email for everything. Your email will have the highest level of security from hacking that is available to consumers today. Just remember that security and convenience are mortal enemies and you will lose some convenience in the name of security.
JustCurious is offline   Reply With Quote
Old 08-06-2020, 09:18 AM   #56
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
OldShooter's Avatar
 
Join Date: Mar 2017
Location: City
Posts: 6,547
Quote:
Originally Posted by HNL Bill View Post
I believe that the poster means that a person has an account, but has never set up online access. If this is the case, it's much easier for some external party to gain access to your account if they know your personal information, as they can register new online access with your personal info and their new password. Then the hacker can set up alerts to go to their email or phone, and set up their own MFA; they can move $ out of the account in a few days or weeks, without you even knowing it, and can turn off paper (mail) statements. Perfect storm. I agree with others...setting up text and email alerts is the best way to go, as you'll have instant notification of anything happening with the account.
IIRC something like 90% of breeches are achieved by phishing attacks where a user is tricked into revealing his user ID and password. If one does not have an online account, then that trick is impossible. I think that phishing is probably a higher risk than the complicated sort of attack that you describe here. Nobody knows, of course.

The thing to remember is that none of the various tricks and levels of protection described in this thread have been proven statistically to work. No one knows whether they have been attacked a statistically significant number of times and the attacks have failed. That would be a vailid test. All most of us can say is that with whatever scheme we are using, we have never been hacked. Someone who chose to carry a rabbit's foot and used his mother's maiden name for all passwords might well be able to say the same thing.
OldShooter is offline   Reply With Quote
Old 08-06-2020, 09:36 AM   #57
Thinks s/he gets paid by the post
 
Join Date: Sep 2006
Posts: 1,359
Quote:
Originally Posted by OldShooter View Post
The thing to remember is that none of the various tricks and levels of protection described in this thread have been proven statistically to work.
That's not true. Google's Advanced Protection Program has been proven statistically to work. Google has stated that since the program began in 2017 no user who signed up for the program has been phished, even if repeatedly targeted...

Over the past three years, this enhanced security feature has prevented hackers from gaining access to any APP-protected Google accounts.

This has made APP a must-enable feature for Google users who are regularly the targets of advanced phishing attempts, like those carried out by state-sponsored hackers.

In a blog post today detailing Google's actions against state-sponsored operations, Toni Gidwani, a Security Engineering Manager for Google's elite hacker-hunting unit -- the Threat Analysis Group (TAG) -- said the APP has been extremely successful at stopping these advanced phishing attempts and the subsequent account compromises.


https://www.zdnet.com/article/google...ished-to-date/

https://blog.google/threat-analysis-...isinformation/

Also, the effectiveness of basic account hygiene has been studied and some practices have been shown to be effective against account hijacking.

https://security.googleblog.com/2019...-is-basic.html
JustCurious is offline   Reply With Quote
Old 08-06-2020, 01:25 PM   #58
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
OldShooter's Avatar
 
Join Date: Mar 2017
Location: City
Posts: 6,547
Quote:
Originally Posted by JustCurious View Post
That's not true. Google's Advanced Protection Program has been proven statistically to work. Google has stated that since the program began in 2017 no user who signed up for the program has been phished, even if repeatedly targeted...
Thanks. I'll research that a bit. But it's just limited to protecting Google accounts?
OldShooter is offline   Reply With Quote
Old 08-06-2020, 02:12 PM   #59
Thinks s/he gets paid by the post
 
Join Date: Sep 2006
Posts: 1,359
Quote:
Originally Posted by OldShooter View Post
Thanks. I'll research that a bit. But it's just limited to protecting Google accounts?
Yes, the Google Advanced Protection Program is limited to Google accounts. Note that when the program started in 2017 it was not available to all Google accounts, but they have sinced opened up the program to anyone with a Google account.
JustCurious is offline   Reply With Quote
Old 08-07-2020, 05:06 PM   #60
Recycles dryer sheets
 
Join Date: Dec 2009
Location: Ft Lauderdale
Posts: 66
Quote:
Originally Posted by ut2sua View Post
With so much identity theft going on and many hackers roaming the Internet, I am wondering how folks safeguard their retirement accounts. Do you change your passwd frequently, do you not change your passwd to avoid getting noticed (by hackers)? Do you make use of 2 step ID (using your phone and/or token ID)? Do you change your login user IDs from time to time? Anyone can move large sum of $ with a few clicks, and if your $ is not moved by you, that is a big concern. Also, what if the bank computer got wiped out overnight, do they have back up info to restore everyone account balances (the answer better be yes, but do we know for sure?).
I am not sure if this thread belongs here. Please move as appropriate. I am basically looking for best, proven practice.
Fidelity Money Transfer Lockdown.
While activated, even I can't get to my money while logged into my account. Can only unlock with 2FA with text alerts and emails sent immediately every time it's done.

If you have a managed account they also offer complimentary enrollment in IDnotify, Experian's identity protection service including $2M to $5M of identity theft insurance, depending on the value of your account. They will notify you of any unauthorized access to your bank accounts, credit cards, phone numbers, email addresses, SS #, drivers license, passport, etc.
Tracer is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
conservator accounts? hiding accounts from the ward Spock Other topics 22 03-26-2020 12:07 PM
Do you auto-pay your CC accounts? Cobra9777 FIRE and Money 108 02-08-2019 08:05 AM
How have you set up accounts for wife if you die first?? blenhardt FIRE and Money 88 06-14-2016 03:52 PM
Your accounts will pass to your account beneficiaries regardless of your will JustCurious FIRE and Money 21 03-22-2008 03:35 AM
Vanguard ... Ever Lost Track of Your Accounts? Craig FIRE and Money 3 01-02-2006 04:38 PM

» Quick Links

 
All times are GMT -6. The time now is 06:47 PM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2021, vBulletin Solutions, Inc.