Join Early Retirement Today
Reply
 
Thread Tools Display Modes
Old 08-07-2020, 05:29 PM   #61
Recycles dryer sheets
 
Join Date: Oct 2014
Posts: 117
Quote:
Originally Posted by FIREd View Post
I use 2-step ID on all of my accounts. I also check them often.
Same here, I have two factor (one-time use text message codes) for all accounts that have it. I also try to use the app if they have one, instead of logging into via laptop's browser. In any case, with two factor, I'm less concerned than before, but still check my accounts frequently.
2cheap2eat is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Ditto
Old 08-07-2020, 06:04 PM   #62
Dryer sheet wannabe
 
Join Date: Jun 2014
Location: New Orleans
Posts: 10
Ditto

Quote:
Originally Posted by atmsmshr View Post
Last year I bought a basic computer used by DW and I only for credit union and Fidelity. No other browsing allowed on this stand alone computer. Accessed from home router. Separate email account.

I get text messages for any transfer greater than $1,000 from either.
Quarterly transfers from FIDO to CU account for checking and savings.
2FA for FIDO. I should also do the FIDO lockdown between transfers.
Check the accounts on my Iphone using face ID. Probably a bad habit.
No password manager. Anyone remember Kaspersky?
I also use a dedicated laptop that only goes to my two banks. Don't check the weather, email, news or anything with this computer. With data loggers any virus can steal your password. I don't change my password as the odds of changing it after it has been stolen but before it is used is low. I don't worry about someone specifically targeting me and brute forcing my password. My password has nothing to do with me whatsoever.

There was a time when your password was key to your safety. I just don't believe thieves are targeting individuals anymore. It is big companies that lose huge amounts of data to these thieves and that is who they are targeting. So I feel very comfortable on my end but not so much from the institutions I deal with. I called up my main bank 6 years ago thinking about just doing telephone banking and ending my online account. They assured me that I am covered against fraud and pointed to some lines in my agreement. I don't think this covers me for real but I couldn't give up the convenience of online banking.
FireProoof is offline   Reply With Quote
Zander Insurance ID Theft
Old 08-07-2020, 06:07 PM   #63
Confused about dryer sheets
 
Join Date: Jun 2019
Location: SIOUX FALLS
Posts: 5
Zander Insurance ID Theft

Quote:
Originally Posted by SecondCor521 View Post
Like another poster upthread, one of the things I do is have a lot of alerts set up on all of my credit cards. I may get lots of emails, but they're cheap to receive and delete, and if anything untoward happens I'm more likely to notice.

I note with interest that nobody on this thread has mentioned identity theft protection services. (I don't use LifeLock either.) Not sure if people don't think it's worth the money, or don't think it actually provides much real protection, or some other reason. But notable by its absence regardless of the reason(s).
https://www.zanderins.com/identity-theft-protection
I use the ID Theft protection from Zander Insurance. It is the only one I've found that will actually replace stolen funds up to $1M ! and costs less than most at $6.75 month. It also does more than monitor - they provide experts to do all the legwork to restore your identity if it is stolen, which can be hundreds of hours, especially for a novice non-professional. My employer provides another ID theft coverage at no cost but I still subscribe to Zander for the $1M stolen funds protection.
SDWildflower is offline   Reply With Quote
Old 08-07-2020, 10:21 PM   #64
Recycles dryer sheets
 
Join Date: Dec 2007
Posts: 376
Quote:
Originally Posted by Sunset View Post
I think person means for non-important sites, the browser remembering is OK.
Got it. Thanks for pointing that out to me.
ut2sua is offline   Reply With Quote
Old 08-08-2020, 07:01 AM   #65
Dryer sheet aficionado
 
Join Date: Dec 2018
Location: Scotia
Posts: 25
A lot of good ideas here, and I do everything that JustCurious posted in the beginning of this post, but here are some more:
A credit freeze at all 3 is crucial.
A VPN is probably one of the most important things when accessing your financial accounts. I use expressvpn, it's insanely simple to set up and cost about a hundred bucks a year IIRC.
My son who works in the IT industry recently told me about Google authenticator, which is free and is more secure than two step authentication. I just started using it and it seems to work pretty well. BTW I used two step authentication every time I went to a financial institution , yes it's a pain, but the security is worth it.
Definitely make sure you set up alerts at all your financial institutions, I do both email and text, since the cellular signal at my home can be spotty sometimes...even though it's a little bit of a pain I would rather be notified immediately.
I use a simple rule to create passwords for my non-financial accounts and store them on my computer. But for my financial accounts the passwords are completely nonsensical, and are only stored in a secret place in my house.But bear in mind that does not protect you from malicious software with a keylogger or other scams like phishing. But if someone hacks my password list they will have a hard time figuring out my password rule, since I use hints only I would know: first three letters of my first dog plus the year that Ed was born (my great grandfather).
For PayPal, I set up a separate non-linked checking account at my bank, which only carries a low balance.
Use a credit card for payment whenever possible. Credit cards have the highest level of fraud protection, and in most cases you will pay zero.
Get those little envelopes for your credit cards that block RFID signals. My business partner had his credit card hacked while just walking through an airport a few years ago.
A separate computer that you only use for accessing financial institutions is a great idea. But if you are retiring an older computer that is going to be dedicated to this, make sure it stays up to date with all security patches.
guitarguy is offline   Reply With Quote
Old 08-08-2020, 07:29 AM   #66
Moderator
sengsational's Avatar
 
Join Date: Oct 2010
Posts: 10,653
^ If you eBank on your home network, how does a VPN help? I guess you could have a compromised system on your home network, but even then, they'd just be able to sniff the IP, but not the content. And if the bad guy was in your computer itself, the game is lost.

As mentioned, I think many of these theoretical attacks will remain theoretical because hackers have more effective ways to make illicit money.
sengsational is offline   Reply With Quote
Old 08-08-2020, 07:47 AM   #67
Thinks s/he gets paid by the post
The Cosmic Avenger's Avatar
 
Join Date: May 2016
Location: Mid-Atlantic
Posts: 2,654
Quote:
Originally Posted by sengsational View Post
^ If you eBank on your home network, how does a VPN help? I guess you could have a compromised system on your home network, but even then, they'd just be able to sniff the IP, but not the content. And if the bad guy was in your computer itself, the game is lost.

As mentioned, I think many of these theoretical attacks will remain theoretical because hackers have more effective ways to make illicit money.
Correct, a VPN is mainly to provide security over insecure networks, it does nothing to secure a computer. I set up a VPN through my home router that I only use when I'm on public wifi, such as a library, coffee shop, or hotel.

Not that I go any of those places now....
__________________
-Looking to FIRE in the mid-2020s, which would be our mid-50s.
The Cosmic Avenger is online now   Reply With Quote
Old 08-08-2020, 08:21 AM   #68
Dryer sheet aficionado
 
Join Date: Dec 2018
Location: Scotia
Posts: 25
Well, all home networks, especially if you use wifi, are essentially "insecure networks". Public networks and cellular netowrks too. So a VPN won't "secure" your computer itself or protect you from downloading malware. So if you download software that has a virus embedded, a VPN won't protect you.

But if you're logging on to your bank, it's another layer of security...essentially an encrypted connection between a secure server (like your bank) and your computer/network. It's like a private tunnel over the internet, and makes it much harder for hackers to get your data. Nothing is foolproof, heck even the US Government gets hacked, but it's another layer, and a very important one.
Google it!
guitarguy is offline   Reply With Quote
Old 08-08-2020, 08:29 AM   #69
Recycles dryer sheets
 
Join Date: May 2016
Posts: 313
Of course, never click on links in emails and be real cautious when opening any attachment to an email. Further, download this Ghostpress free software that prevents a keystroke logger:
https://www.komando.com/security-pri...trokes/742219/
CDRE is offline   Reply With Quote
Old 08-08-2020, 09:41 AM   #70
Full time employment: Posting here.
 
Join Date: Dec 2018
Posts: 966
Quote:
Originally Posted by ut2sua View Post
With so much identity theft going on and many hackers roaming the Internet, I am wondering how folks safeguard their retirement accounts. Do you change your passwd frequently, do you not change your passwd to avoid getting noticed (by hackers)? Do you make use of 2 step ID (using your phone and/or token ID)? Do you change your login user IDs from time to time? Anyone can move large sum of $ with a few clicks, and if your $ is not moved by you, that is a big concern. Also, what if the bank computer got wiped out overnight, do they have back up info to restore everyone account balances (the answer better be yes, but do we know for sure?).
I am not sure if this thread belongs here. Please move as appropriate. I am basically looking for best, proven practice.

I like to test the security of my accounts by pretending to be a hacker. I visit Hawaii every year to go surfing so I bring my notebook and try to access my accounts in Hawaii.

Most financial institutions will recognize that someone is trying to access my accounts using a computer that their server does not recognize. They would send a authentication code to my cell phone. Just about all my banks (Wells Fargo, Chase, Bank of America, etc) and my retirement investments (Vanguard, E*trade, etc) has this protection. Your cell phone is a security protection layer. If you lose your cell phone, then you have a security issue so you would need to contact all your financial institutions.

I did found out that two credit card companies did not have this protection so I cancel those two accounts as being less secure. The two credit card companies actually allowed access in Hawaii without sending me a authentication code to my cell phone. i suggest people should find which financial institutions that they have...that do not send you the authentication code the next time when you are on vacation.

I also have unique username and unique passwords for each account to make each account different from the other. I had to write the user names and passwords down in a college text book near my desk (never on my PC) but this inconvenience is necessary for my additional protection. I also NEVER using part of my email address as a user name. Hackers uses email address as a person's username. All of my user name on my accounts are all unique and not related to anything else.

Most bank computers have backup systems but my extra protection is my monthly paper statements in the mail. For my additional protection, I prefer paper statements and not electonic statements.
2177V is offline   Reply With Quote
Old 08-08-2020, 09:43 AM   #71
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
target2019's Avatar
 
Join Date: Dec 2008
Location: On a hill in the Pine Barrens
Posts: 9,682
WiFi with guest access turned off and a strong password is not insecure.
There are other settings to examine in the router, of course. Like assign a strong password for the default admin access.
target2019 is offline   Reply With Quote
Old 08-08-2020, 10:18 AM   #72
Full time employment: Posting here.
 
Join Date: Aug 2017
Location: claremont
Posts: 586
2FA with text is too easy to intercept and redirect. I recommend using an app like Authy or Symantec. They generate onetime 30 second codes that must be entered.

In order to hack, thieves would have to authenticate into both the physical gadget, the app, and know basic login and pw.

Unique tokens and dongles are the older way of doing this.
indiajust is offline   Reply With Quote
Old 08-08-2020, 11:17 AM   #73
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Sunset's Avatar
 
Join Date: Jul 2014
Location: Spending the Kids Inheritance and living in Chicago
Posts: 17,008
Quote:
Originally Posted by target2019 View Post
WiFi with guest access turned off and a strong password is not insecure.
There are other settings to examine in the router, of course. Like assign a strong password for the default admin access.
+1
Even guest access on my router can be as secure as the regular access, as long as I use a long random password for network access.

I do use a VPN on my computer and phone when away from home to access email, bank (rare), etc..

The cost of a good VPN can be very little if you don't use it a lot, I only use my for travel.
__________________
Fortune favors the prepared mind. ... Louis Pasteur
Sunset is offline   Reply With Quote
Old 08-08-2020, 01:02 PM   #74
Recycles dryer sheets
RockLife's Avatar
 
Join Date: Feb 2017
Posts: 93
Quote:
Originally Posted by ut2sua View Post
With so much identity theft going on and many hackers roaming the Internet, I am wondering how folks safeguard their retirement accounts. Do you change your passwd frequently, do you not change your passwd to avoid getting noticed (by hackers)? Do you make use of 2 step ID (using your phone and/or token ID)? Do you change your login user IDs from time to time? Anyone can move large sum of $ with a few clicks, and if your $ is not moved by you, that is a big concern. Also, what if the bank computer got wiped out overnight, do they have back up info to restore everyone account balances (the answer better be yes, but do we know for sure?).
I am not sure if this thread belongs here. Please move as appropriate. I am basically looking for best, proven practice.
  • Use of long random passwords, 16 to 20 characters
  • These are generated by password safe apps like LastPass, Keypass, and others
  • You never type the password, you only copy/paste it, or the app fills it in for you
  • You need to remember one strong password to get into your password safe, which should be some sort of long nonsensical phrase that you can remember, with a few non-letter characters thrown in. It's critical - never forget this password and never write it down.
  • Use Two-Factor Authentication when available.
  • I also use then concept of an account firewall. My large accounts “know about” my “firewall” account, but it doesn’t “know about" them. I can transfer money in and out of the big accounts only through this account. It typically only has a few grand in it at any one time, but it’s a pass-thru to other accounts as needed.
I feel pretty safe with these practices; hope it helps.
__________________
I traded it in for a whole 'nother world
A pirate flag and an island girl
RockLife is offline   Reply With Quote
Old 08-08-2020, 05:56 PM   #75
Thinks s/he gets paid by the post
CaliKid's Avatar
 
Join Date: Apr 2016
Location: Ex-Cali
Posts: 1,231
Quote:
Originally Posted by RockLife View Post
  • Use of long random passwords, 16 to 20 characters
  • These are generated by password safe apps like LastPass, Keypass, and others
  • You never type the password, you only copy/paste it, or the app fills it in for you
  • You need to remember one strong password to get into your password safe, which should be some sort of long nonsensical phrase that you can remember, with a few non-letter characters thrown in. It's critical - never forget this password and never write it down.
  • Use Two-Factor Authentication when available.
  • I also use then concept of an account firewall. My large accounts “know about” my “firewall” account, but it doesn’t “know about" them. I can transfer money in and out of the big accounts only through this account. It typically only has a few grand in it at any one time, but it’s a pass-thru to other accounts as needed.
I feel pretty safe with these practices; hope it helps.
I am probably dense but not understanding the firewall account idea. Can you explain that in more detail? It sounds like a novel idea so I want to understand it.
__________________
______________________
The plan was September 1, 2022 and I am 95% there. Still working a few hours a week at the real job.
CaliKid is offline   Reply With Quote
Old 08-08-2020, 05:58 PM   #76
Thinks s/he gets paid by the post
CaliKid's Avatar
 
Join Date: Apr 2016
Location: Ex-Cali
Posts: 1,231
Quote:
Originally Posted by vchan2177 View Post
....

I did found out that two credit card companies did not have this protection so I cancel those two accounts as being less secure. The two credit card companies actually allowed access in Hawaii without sending me a authentication code to my cell phone. i suggest people should find which financial institutions that they have...that do not send you the authentication code the next time when you are on vacation.
....
Why would you care if the credit card company has lax security? That's their problem not yours, no?
__________________
______________________
The plan was September 1, 2022 and I am 95% there. Still working a few hours a week at the real job.
CaliKid is offline   Reply With Quote
Old 08-08-2020, 06:14 PM   #77
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Mar 2016
Posts: 8,968
Yup, no problem for me. They just cancel the charges and send me a new card. As long as you have at least 2 cards, no problem.
RobbieB is offline   Reply With Quote
Old 08-08-2020, 06:26 PM   #78
Recycles dryer sheets
RockLife's Avatar
 
Join Date: Feb 2017
Posts: 93
Quote:
Originally Posted by CaliKid View Post
I am probably dense but not understanding the firewall account idea. Can you explain that in more detail? It sounds like a novel idea so I want to understand it.
Does this picture help? Everything on the right side of the line is pretty secure. The left side of the line is out in the world, less safe. Every account has its own long, complex password.

(Key: D=Deposit, W=Withdraw, X=Doesn't know about the other end, Lastpass is the password manager, with complex passwords for everything)
Attached Images
File Type: jpg BankingFirewallPublic.jpg (173.1 KB, 26 views)
__________________
I traded it in for a whole 'nother world
A pirate flag and an island girl
RockLife is offline   Reply With Quote
Old 08-09-2020, 05:05 AM   #79
Full time employment: Posting here.
atmsmshr's Avatar
 
Join Date: Mar 2016
Location: An island off the coast of Florida. (Ok - if you really need to know it's Vero Beach)
Posts: 633
So after my original post to this thread, DW gets a letter in the mail asking us to confirm the opening of a new line of credit for a furniture company. Both the furniture company and bank are legit. Called right away and shut down this pending line of credit. Bank said it looked like someone applied online, but did not know DW's SS number.

It took me 5 minutes of logging onto Equifax's website and putting a one year Alert on my credit, and less time for DW to Alert her credit account. Equifax notifies the other two credit agencies. An Alert is free, good for one year, and requires any agency to call us prior to opening a line of credit.
__________________
DW and I are 62/62. 100% equities 31 years. FIRE'd August 2019. Non-cola pension cashed out Dec 2022 before segmentation rates reduced balance - rolled to MM fund, max SS for DH and DW at FRA. Mega retiree health available. IRA rollover from 401k Jan 2020 for NUA treatment. LTCG for 3 years. Next few years will be IRA cash withdrawals or until Stock Market recovers. AA 33% stocks, 67% MM and T-Bills. Rising equity glidepath.
atmsmshr is offline   Reply With Quote
Old 08-09-2020, 07:23 AM   #80
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Oct 2017
Location: Chapel Hill, NC
Posts: 5,296
Quote:
Originally Posted by atmsmshr View Post
So after my original post to this thread, DW gets a letter in the mail asking us to confirm the opening of a new line of credit for a furniture company. Both the furniture company and bank are legit. Called right away and shut down this pending line of credit. Bank said it looked like someone applied online, but did not know DW's SS number.

It took me 5 minutes of logging onto Equifax's website and putting a one year Alert on my credit, and less time for DW to Alert her credit account. Equifax notifies the other two credit agencies. An Alert is free, good for one year, and requires any agency to call us prior to opening a line of credit.
You need to freeze your credit at all the credit agencies ASAP. Freezing credit is much better than an alert. Clark Howard has a good article on how to freeze.
harllee is online now   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
conservator accounts? hiding accounts from the ward Spock Other topics 22 03-26-2020 12:07 PM
Do you auto-pay your CC accounts? Cobra9777 FIRE and Money 108 02-08-2019 07:05 AM
How have you set up accounts for wife if you die first?? blenhardt FIRE and Money 88 06-14-2016 03:52 PM
Your accounts will pass to your account beneficiaries regardless of your will JustCurious FIRE and Money 21 03-22-2008 03:35 AM
Vanguard ... Ever Lost Track of Your Accounts? Craig FIRE and Money 3 01-02-2006 03:38 PM

» Quick Links

 
All times are GMT -6. The time now is 07:35 AM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2024, vBulletin Solutions, Inc.