Bolded by me, I wonder how safe that is (?)I have a lot of passwords for various web sites like newspapers, facebook and forums. I have reformed and the all have unique passwords now but I just let the browser remember them.
Bolded by me, I wonder how safe that is (?)I have a lot of passwords for various web sites like newspapers, facebook and forums. I have reformed and the all have unique passwords now but I just let the browser remember them.
I believe that the poster means that a person has an account, but has never set up online access. If this is the case, it's much easier for some external party to gain access to your account if they know your personal information, as they can register new online access with your personal info and their new password. Then the hacker can set up alerts to go to their email or phone, and set up their own MFA; they can move $ out of the account in a few days or weeks, without you even knowing it, and can turn off paper (mail) statements. Perfect storm. I agree with others...setting up text and email alerts is the best way to go, as you'll have instant notification of anything happening with the account.I have no idea what this even means.
Bolded by me, I wonder how safe that is (?)
I did a couple of threads that talked about using separate email accounts for financial accounts and whether to use a separate financial computer.
https://www.early-retirement.org/forums/f54/how-many-email-addresses-to-use-104265.html
https://www.early-retirement.org/forums/f54/financial-chromebook-104300.html
You might find those threads helpful as they discuss many of those issues.
In addition to what is in there. One thing that I do is that I usually log into my financial accounts on any business day. If someone has logged into my account and has a transaction pending then I will see it.
On the trade offs of different levels of protection see post number 40 by me in my Financial Chromebook thread where I discuss the possible protections.
I have gone back and forth on the issue of using a separate dedicated email for financial accounts only, there are pros and cons. I even set up a separate email and started using it for my financial accounts for a while but ultimately I decided that the cons outweighed the pros, especially since my Gmail account is enrolled in the advanced protection program...it is next to impossible for anyone to get access to my email account, even if they know my password.Start from scratch with a dedicated email and chomebook. On the fence right now.
IIRC something like 90% of breeches are achieved by phishing attacks where a user is tricked into revealing his user ID and password. If one does not have an online account, then that trick is impossible. I think that phishing is probably a higher risk than the complicated sort of attack that you describe here. Nobody knows, of course.I believe that the poster means that a person has an account, but has never set up online access. If this is the case, it's much easier for some external party to gain access to your account if they know your personal information, as they can register new online access with your personal info and their new password. Then the hacker can set up alerts to go to their email or phone, and set up their own MFA; they can move $ out of the account in a few days or weeks, without you even knowing it, and can turn off paper (mail) statements. Perfect storm. I agree with others...setting up text and email alerts is the best way to go, as you'll have instant notification of anything happening with the account.
That's not true. Google's Advanced Protection Program has been proven statistically to work. Google has stated that since the program began in 2017 no user who signed up for the program has been phished, even if repeatedly targeted...The thing to remember is that none of the various tricks and levels of protection described in this thread have been proven statistically to work.
Thanks. I'll research that a bit. But it's just limited to protecting Google accounts?That's not true. Google's Advanced Protection Program has been proven statistically to work. Google has stated that since the program began in 2017 no user who signed up for the program has been phished, even if repeatedly targeted...
Yes, the Google Advanced Protection Program is limited to Google accounts. Note that when the program started in 2017 it was not available to all Google accounts, but they have sinced opened up the program to anyone with a Google account.Thanks. I'll research that a bit. But it's just limited to protecting Google accounts?
With so much identity theft going on and many hackers roaming the Internet, I am wondering how folks safeguard their retirement accounts. Do you change your passwd frequently, do you not change your passwd to avoid getting noticed (by hackers)? Do you make use of 2 step ID (using your phone and/or token ID)? Do you change your login user IDs from time to time? Anyone can move large sum of $ with a few clicks, and if your $ is not moved by you, that is a big concern. Also, what if the bank computer got wiped out overnight, do they have back up info to restore everyone account balances (the answer better be yes, but do we know for sure?).
I am not sure if this thread belongs here. Please move as appropriate. I am basically looking for best, proven practice.
I use 2-step ID on all of my accounts. I also check them often.
Last year I bought a basic computer used by DW and I only for credit union and Fidelity. No other browsing allowed on this stand alone computer. Accessed from home router. Separate email account.
I get text messages for any transfer greater than $1,000 from either.
Quarterly transfers from FIDO to CU account for checking and savings.
2FA for FIDO. I should also do the FIDO lockdown between transfers.
Check the accounts on my Iphone using face ID. Probably a bad habit.
No password manager. Anyone remember Kaspersky?
https://www.zanderins.com/identity-theft-protectionLike another poster upthread, one of the things I do is have a lot of alerts set up on all of my credit cards. I may get lots of emails, but they're cheap to receive and delete, and if anything untoward happens I'm more likely to notice.
I note with interest that nobody on this thread has mentioned identity theft protection services. (I don't use LifeLock either.) Not sure if people don't think it's worth the money, or don't think it actually provides much real protection, or some other reason. But notable by its absence regardless of the reason(s).
Got it. Thanks for pointing that out to me.I think person means for non-important sites, the browser remembering is OK.
Correct, a VPN is mainly to provide security over insecure networks, it does nothing to secure a computer. I set up a VPN through my home router that I only use when I'm on public wifi, such as a library, coffee shop, or hotel.^ If you eBank on your home network, how does a VPN help? I guess you could have a compromised system on your home network, but even then, they'd just be able to sniff the IP, but not the content. And if the bad guy was in your computer itself, the game is lost.
As mentioned, I think many of these theoretical attacks will remain theoretical because hackers have more effective ways to make illicit money.
With so much identity theft going on and many hackers roaming the Internet, I am wondering how folks safeguard their retirement accounts. Do you change your passwd frequently, do you not change your passwd to avoid getting noticed (by hackers)? Do you make use of 2 step ID (using your phone and/or token ID)? Do you change your login user IDs from time to time? Anyone can move large sum of $ with a few clicks, and if your $ is not moved by you, that is a big concern. Also, what if the bank computer got wiped out overnight, do they have back up info to restore everyone account balances (the answer better be yes, but do we know for sure?).
I am not sure if this thread belongs here. Please move as appropriate. I am basically looking for best, proven practice.
WiFi with guest access turned off and a strong password is not insecure.
There are other settings to examine in the router, of course. Like assign a strong password for the default admin access.
With so much identity theft going on and many hackers roaming the Internet, I am wondering how folks safeguard their retirement accounts. Do you change your passwd frequently, do you not change your passwd to avoid getting noticed (by hackers)? Do you make use of 2 step ID (using your phone and/or token ID)? Do you change your login user IDs from time to time? Anyone can move large sum of $ with a few clicks, and if your $ is not moved by you, that is a big concern. Also, what if the bank computer got wiped out overnight, do they have back up info to restore everyone account balances (the answer better be yes, but do we know for sure?).
I am not sure if this thread belongs here. Please move as appropriate. I am basically looking for best, proven practice.
I feel pretty safe with these practices; hope it helps.
- Use of long random passwords, 16 to 20 characters
- These are generated by password safe apps like LastPass, Keypass, and others
- You never type the password, you only copy/paste it, or the app fills it in for you
- You need to remember one strong password to get into your password safe, which should be some sort of long nonsensical phrase that you can remember, with a few non-letter characters thrown in. It's critical - never forget this password and never write it down.
- Use Two-Factor Authentication when available.
- I also use then concept of an account firewall. My large accounts “know about” my “firewall” account, but it doesn’t “know about" them. I can transfer money in and out of the big accounts only through this account. It typically only has a few grand in it at any one time, but it’s a pass-thru to other accounts as needed.