How do you safeguard your accounts?

U

ut2sua

Recycles dryer sheets
Joined
Dec 6, 2007
Messages
380
With so much identity theft going on and many hackers roaming the Internet, I am wondering how folks safeguard their retirement accounts. Do you change your passwd frequently, do you not change your passwd to avoid getting noticed (by hackers)? Do you make use of 2 step ID (using your phone and/or token ID)? Do you change your login user IDs from time to time? Anyone can move large sum of $ with a few clicks, and if your $ is not moved by you, that is a big concern. Also, what if the bank computer got wiped out overnight, do they have back up info to restore everyone account balances (the answer better be yes, but do we know for sure?).
I am not sure if this thread belongs here. Please move as appropriate. I am basically looking for best, proven practice.
 
I don't do nothing. I can't even get my own dough online, got to talk to the broker and they transfer or send me a check.

I also get paper statements every month which I replace as they come in a 3 ring binder.

So I will have the info in chase of golden eye EMP attack.
 
ut2sua said:
....Anyone can move large sum of $ with a few clicks, and if your $ is not moved by you, that is a big concern. ...
Click to expand...

For my accounts, I can only move money to a linked account. And in order to link an account they do trial deposits and I get a notification that the account is being linked.

I guess it is possible that a perp who accessed my account could change the email address but I would get a notification of that too.

I also use 2FA where it is available.
 
pb4uski said:
For my accounts, I can only move money to a linked account. And in order to link an account they do trial deposits and I get a notification that the account is being linked.

I guess it is possible that a perp who accessed my account could change the email address but I would get a notification of that too.

I also use 2FA where it is available.
Click to expand...
I tried to move some $ between banks thru using ACH and I noticed:
1- If I move the $ to my other bank account (same account holder name), then the transfer will be allowed (got linked email as you mentioned).
2- If I move the $ to DW (different name), then 2 small amounts of $ will be sent. DW needs to verify the amounts etc. and the $ transfer will be allowed once (email notices were also sent IIRC).
But if I am out in the woods camping etc. and I don't have internet access, bad things could be done...
 
ut2sua said:
... I am basically looking for best, proven practice.
Click to expand...
Well the truth is you can't get that here. All you can get here is anecdotes about things that have happened and unsupported opinions to the effect that the poster's practices are adequate. Nothing of any statistical value that could support "proven."

I suggest that you consult your banks and brokerage houses to see what they recommend and to get answers to your questions. Also make sure to read and understand any fraud protection guarantees that they offer. If the guarantees do not satisfy you, take your business elsewhere.

Personally, I take reasonable care with passwords, 2FA, etc. but I ultimately rely on Schwab's anti-fraud procedures for transferring money and on their blanket promise to reimburse me for any losses due to fraudulent activity. I also do not do any financial business on my phone or tablet computers. I do not even contact the financial institutions that I do business with. The phone and the tablets contain no clues to my financial affairs. This includes my phone's contact list, which is a severely limited subset of the main list on my computer at home.
 
I use a password manager to generate very secure passwords, change them often, and have 2 factor authentication. Seems to work.
 
I would talk to each bank, broker, etc where I have accounts and ask them how to safeguard the account I have with them.
 
Here are my suggested best practices for keeping your financial accounts secure:

1) Select a username that is not very obvious, if your name is Jane Smith don't use JaneSmith1. Using a semi-random username effectively gives you two passwords for your account.
2) Use a strong and unique password at each financial site. Do not reuse passwords, especially for financial sites. And don't share your passwords with anyone you do not trust with your life.
3) Set up two factor authentication whenever possible, and if possible, do not use SMS texting as your second factor. If you want to be really, really secure and you don't mind performing an additional step when you log in, require two factor authentication every time.
4) Set up alerts for any unusual activity and check your email regularly.
5) If possible set up your voice as an identifier with your provider (Schwab calls this Voice ID) and set up a verbal password that is required when you call in (Schwab offers this feature).
6) Secure the email address that you use for your financial accounts with a strong and unique password and two factor authentication. (Keeping your email secure is one of the most important things you can do and if you use Gmail, you get extra credit and the highest level of security by signing up for the Advanced Protection Program).
7) Monitor your financial accounts on a regular basis.
8) Keep your computer OS up to date and practice good computer hygiene, i.e., avoid downloading viruses or clicking unknown links.
9) Do not access your financial accounts from public networks like the wifi at a coffee shop or hotel.

Bonus points:
10) Do not save your financial usernames and password in your browser's password manager. I know it's convenient, and I used to do it myself, but it is a security risk because anyone who gets access to your computer will have all of your usernames and passwords that will be conveniently auto filled when they go to your financial sites. Instead, use a dedicated password manager to keep your usernames and passwords secure that requires a separate login and use two factor for the password manager and choose a password manager that supports physical U2F security keys (the most common brand is Yubikey) as the second factor.

Extra bonus points
11) Access your financial accounts from a Chromebook or a Chromebox only (i.e. using Chrome OS).

If you follow those steps you will be very, very safe and you will avoid virtually all of the risks that you can control. Beyond that, there is little you can do.
 
Last edited:
I did a couple of threads that talked about using separate email accounts for financial accounts and whether to use a separate financial computer.

https://www.early-retirement.org/forums/f54/how-many-email-addresses-to-use-104265.html

https://www.early-retirement.org/forums/f54/financial-chromebook-104300.html

You might find those threads helpful as they discuss many of those issues.

In addition to what is in there. One thing that I do is that I usually log into my financial accounts on any business day. If someone has logged into my account and has a transaction pending then I will see it.

On the trade offs of different levels of protection see post number 40 by me in my Financial Chromebook thread where I discuss the possible protections.
 
aja8888 said:
I use a password manager to generate very secure passwords, change them often, and have 2 factor authentication. Seems to work.
Click to expand...

operative words...so far? :D

the Nigerians only have to get lucky once...
 
aja8888 said:
I use a password manager to generate very secure passwords, change them often, and have 2 factor authentication. Seems to work.
Click to expand...

I don’t trust password managers, seems like they could be hacked as well.
 
I use 2-step ID on all of my accounts. I also check them often.
 
aja8888 said:
I use a password manager to generate very secure passwords, change them often, and have 2 factor authentication. Seems to work.
Click to expand...
It does work.
On one side we have millions of international criminals aggregating a billion pieces of data at least to successfully hack accounts. The reason they succeed is because users take chances with easy passwords, no 2FA, reuse passwords, etc. A top password manager will discourage these practices.
Large companies in data and IT are known to require users to have company approved password manager.
 
teejayevans said:
I don’t trust password managers, seems like they could be hacked as well.
Click to expand...
Yes, but so could your bank. Chances are your computer setup is the weak spot, as it is not as secure as your bank, or the more popular password managers, which is why I trust LastPass. The password generation and storing gets me to use a randomized 30-character password on every site that allows it, and prompts me to change them every 90 days, which is more secure than what I would be able to keep track of on my own.

Also, as someone who has worked with cybersecurity on major Federal IT projects and had a shredder before most people knew what "identity theft" was, I heartily second all of the following list. I follow the first 10 scrupulously (but rely on my security hygiene to keep my computers safe, which is why not #11).
JustCurious said:
Here are my suggested best practices for keeping your financial accounts secure:

1) Select a username that is not very obvious, if your name is Jane Smith don't use JaneSmith1. Using a semi-random username effectively gives you two passwords for your account.
2) Use a strong and unique password at each financial site. Do not reuse passwords, especially for financial sites. And don't share your passwords with anyone you do not trust with your life.
3) Set up two factor authentication whenever possible, and if possible, do not use SMS texting as your second factor. If you want to be really, really secure and you don't mind performing an additional step when you log in, require two factor authentication every time.
4) Set up alerts for any unusual activity and check your email regularly.
5) If possible set up your voice as an identifier with your provider (Schwab calls this Voice ID) and set up a verbal password that is required when you call in (Schwab offers this feature).
6) Secure the email address that you use for your financial accounts with a strong and unique password and two factor authentication. (Keeping your email secure is one of the most important things you can do and if you use Gmail, you get extra credit and the highest level of security by signing up for the Advanced Protection Program).
7) Monitor your financial accounts on a regular basis.
8) Keep your computer OS up to date and practice good computer hygiene, i.e., avoid downloading viruses or clicking unknown links.
9) Do not access your financial accounts from public networks like the wifi at a coffee shop or hotel.

Bonus points:
10) Do not save your financial usernames and password in your browser's password manager. I know it's convenient, and I used to do it myself, but it is a security risk because anyone who gets access to your computer will have all of your usernames and passwords that will be conveniently auto filled when they go to your financial sites. Instead, use a dedicated password manager to keep your usernames and passwords secure that requires a separate login and use two factor for the password manager and choose a password manager that supports physical U2F security keys (the most common brand is Yubikey) as the second factor.

Extra bonus points
11) Access your financial accounts from a Chromebook or a Chromebox only (i.e. using Chrome OS).

If you follow those steps you will be very, very safe and you will avoid virtually all of the risks that you can control. Beyond that, there is little you can do.
Click to expand...
 
ut2sua said:
I tried to move some $ between banks thru using ACH and I noticed:
1- If I move the $ to my other bank account (same account holder name), then the transfer will be allowed (got linked email as you mentioned).
2- If I move the $ to DW (different name), then 2 small amounts of $ will be sent. DW needs to verify the amounts etc. and the $ transfer will be allowed once (email notices were also sent IIRC).
Click to expand...

A thief created an account at https://coinlist.co (a cryptocurrency trading platform) and immediately obtained the ability to do ACH transfers up to $20k. The thief somehow got hold of the bank account info for my family's corporation and transferred $20k out of the account. Fortunately, the transfer was flagged by the bookkeeper and we had the $20k returned after an not-insignificant amount of hassle.

This experience validates my long-standing practice of not writing checks from bank accounts with large balances. I write checks from a working bank account with a modest average balance and don't write checks from an associated bank account that might occasionally have a large balance. :popcorn:
 
A few steps I also take after using a secured online website for my account is make sure I click out of the website completely. Then I clear my browsing data immediately after using the site from my computer . These two steps make me feel better and adds a little more comfort knowing there isn't any information hanging around on the internet after I am done, at least I hope not.
 
UnrealizedPotential said:
A few steps I also take after using a secured online website for my account is make sure I click out of the website completely. Then I clear my browsing data immediately after using the site from my computer . These two steps make me feel better and adds a little more comfort knowing there isn't any information hanging around on the internet after I am done, at least I hope not.
Click to expand...
I’m not a security expert but I thought once you connected to a secure website, there are keys stored in your browser that insures you’ll next connection is to the same site. So it prevents a bogus site pretending to be the site you’re interested in. So you are less secure doing this.

BTW, if you go to your secured website and it doesn’t take your password that you know is correct. Either you already have been hacked, or someone just stole your password by getting you to go to a bogus website. Usually a result of clicking on a link in an email.
 
The major brokerages have a security guarantee and I'm familiar with their security procedures since I've worked for most of them. Of much greater concern is protection of your social security number. If you haven't locked your credit report, you should. I learned this the hard way.
 
I use different userid and password at each of the financial accounts, change password after 2-3 months, use 2FA to the phone, and Fido has an option to lockdown accounts for transfers. To unlock requires another token to the phone and I get an email with any change to lockdown, password or userid. Wells doesn't have a lockdown but I use unique ID and change password. Same with credit unions.
 
Different passwords, 2FA, and as many alert notifications as I can--for online transfers, phone/mobile transfers and payments, debits, etc., set at $100 or lower. Yes, I get alerts frequently, but I don't mind it.
I have this for all financial accounts, including credit cards.
 
I don't think changing passwords often is going to do a bit of good, as long as you never re-use a password. And you should certainly never, ever, not ever, reuse a password.

Turn on 2 factor authentication if you can.

If you are super paranoid, you can configure your bank and broker to completely disallow web initiated transfers, but convenience suffers greatly.

Again, on the super paranoid side, but fairly cheap and convenient is to buy a Chromebook and only do banking/brokerage on that device.

One can not worry about procedures at the bank or brokerage. You've got to just trust that the data bits they hold won't get lost. What you can do, though, is put your eggs in multiple baskets. Clark Howard recommends getting paper statements to prove what was what on a specific date, but I think a downloaded PDF is almost as good, and takes less space.
 
You must log in or register to reply here.

Similar threads

Janet H
Forum Update - We're back! Ask your questions here.
2 3
Replies
57
Views
501
aja8888
aja8888
S
Managing Withdrawals beyond writing a check
Replies
7
Views
717
steady saver
S
L
How do you plan for possibility of early death of a spouse in FIRE
2 3 4
Replies
87
Views
9K
1242Vintage
1
PaunchyPirate
Helping an elderly parent stay on top of their financial accounts
Replies
24
Views
935
1242Vintage
1
F
Do you guys use an accountant?
2 3 4
Replies
94
Views
6K
socca
S

Latest posts

Back
Top Bottom