Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
How do you safeguard your accounts?
Old 08-02-2020, 03:40 PM   #1
Recycles dryer sheets
 
Join Date: Dec 2007
Posts: 166
How do you safeguard your accounts?

With so much identity theft going on and many hackers roaming the Internet, I am wondering how folks safeguard their retirement accounts. Do you change your passwd frequently, do you not change your passwd to avoid getting noticed (by hackers)? Do you make use of 2 step ID (using your phone and/or token ID)? Do you change your login user IDs from time to time? Anyone can move large sum of $ with a few clicks, and if your $ is not moved by you, that is a big concern. Also, what if the bank computer got wiped out overnight, do they have back up info to restore everyone account balances (the answer better be yes, but do we know for sure?).
I am not sure if this thread belongs here. Please move as appropriate. I am basically looking for best, proven practice.
ut2sua is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 08-02-2020, 03:53 PM   #2
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
RobbieB's Avatar
 
Join Date: Mar 2016
Location: Central CA
Posts: 5,573
I don't do nothing. I can't even get my own dough online, got to talk to the broker and they transfer or send me a check.

I also get paper statements every month which I replace as they come in a 3 ring binder.

So I will have the info in chase of golden eye EMP attack.
__________________
Retired at 59 in 2014. Should have done it sooner but I worried too much.
RobbieB is offline   Reply With Quote
Old 08-02-2020, 03:58 PM   #3
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
pb4uski's Avatar
 
Join Date: Nov 2010
Location: Vermont & Sarasota, FL
Posts: 26,957
Quote:
Originally Posted by ut2sua View Post
....Anyone can move large sum of $ with a few clicks, and if your $ is not moved by you, that is a big concern. ...
For my accounts, I can only move money to a linked account. And in order to link an account they do trial deposits and I get a notification that the account is being linked.

I guess it is possible that a perp who accessed my account could change the email address but I would get a notification of that too.

I also use 2FA where it is available.
__________________
If something cannot endure laughter.... it cannot endure.
Patience is the art of concealing your impatience.
Slow and steady wins the race.

Retired Jan 2012 at age 56...target 65/35/0 AA TBD
pb4uski is offline   Reply With Quote
Old 08-02-2020, 04:27 PM   #4
Recycles dryer sheets
 
Join Date: Dec 2007
Posts: 166
Quote:
Originally Posted by pb4uski View Post
For my accounts, I can only move money to a linked account. And in order to link an account they do trial deposits and I get a notification that the account is being linked.

I guess it is possible that a perp who accessed my account could change the email address but I would get a notification of that too.

I also use 2FA where it is available.
I tried to move some $ between banks thru using ACH and I noticed:
1- If I move the $ to my other bank account (same account holder name), then the transfer will be allowed (got linked email as you mentioned).
2- If I move the $ to DW (different name), then 2 small amounts of $ will be sent. DW needs to verify the amounts etc. and the $ transfer will be allowed once (email notices were also sent IIRC).
But if I am out in the woods camping etc. and I don't have internet access, bad things could be done...
ut2sua is offline   Reply With Quote
Old 08-02-2020, 04:51 PM   #5
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
OldShooter's Avatar
 
Join Date: Mar 2017
Location: City
Posts: 5,355
Quote:
Originally Posted by ut2sua View Post
... I am basically looking for best, proven practice.
Well the truth is you can't get that here. All you can get here is anecdotes about things that have happened and unsupported opinions to the effect that the poster's practices are adequate. Nothing of any statistical value that could support "proven."

I suggest that you consult your banks and brokerage houses to see what they recommend and to get answers to your questions. Also make sure to read and understand any fraud protection guarantees that they offer. If the guarantees do not satisfy you, take your business elsewhere.

Personally, I take reasonable care with passwords, 2FA, etc. but I ultimately rely on Schwab's anti-fraud procedures for transferring money and on their blanket promise to reimburse me for any losses due to fraudulent activity. I also do not do any financial business on my phone or tablet computers. I do not even contact the financial institutions that I do business with. The phone and the tablets contain no clues to my financial affairs. This includes my phone's contact list, which is a severely limited subset of the main list on my computer at home.
OldShooter is offline   Reply With Quote
Old 08-02-2020, 05:09 PM   #6
gone traveling
 
Join Date: Jul 2020
Posts: 100
With Physical Hardware Tokens. 2FA

https://thefinancebuff.com/security-...ab-etrade.html
TechLead is offline   Reply With Quote
Old 08-02-2020, 06:04 PM   #7
Moderator Emeritus
aja8888's Avatar
 
Join Date: Apr 2011
Location: The Woodlands, TX
Posts: 11,897
I use a password manager to generate very secure passwords, change them often, and have 2 factor authentication. Seems to work.
__________________
Everyone has a plan until they get punched in the mouth...philosopher Mike Tyson
aja8888 is offline   Reply With Quote
Old 08-02-2020, 06:20 PM   #8
Thinks s/he gets paid by the post
 
Join Date: Oct 2017
Location: Chapel Hill, NC
Posts: 2,137
I would talk to each bank, broker, etc where I have accounts and ask them how to safeguard the account I have with them.
harllee is offline   Reply With Quote
Old 08-02-2020, 06:38 PM   #9
Full time employment: Posting here.
rk911's Avatar
 
Join Date: Dec 2018
Location: DuPage County IL
Posts: 991
frequent PW changes and 2-step verificarion.
__________________
Rich
Ham Radio, Sport Pilot, RVer
FIRE: 8/11/2005, age 55y,1d
Administrator for a regional 9-1-1 call center
rk911 is offline   Reply With Quote
Old 08-02-2020, 07:45 PM   #10
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
target2019's Avatar
 
Join Date: Dec 2008
Location: Stuck in the mud somewhere in the swamps of Jersey
Posts: 6,479
Quote:
Originally Posted by aja8888 View Post
I use a password manager to generate very secure passwords, change them often, and have 2 factor authentication. Seems to work.
Ditto.
target2019 is online now   Reply With Quote
Old 08-02-2020, 08:03 PM   #11
Thinks s/he gets paid by the post
 
Join Date: Sep 2006
Posts: 1,259
Here are my suggested best practices for keeping your financial accounts secure:

1) Select a username that is not very obvious, if your name is Jane Smith don't use JaneSmith1. Using a semi-random username effectively gives you two passwords for your account.
2) Use a strong and unique password at each financial site. Do not reuse passwords, especially for financial sites. And don't share your passwords with anyone you do not trust with your life.
3) Set up two factor authentication whenever possible, and if possible, do not use SMS texting as your second factor. If you want to be really, really secure and you don't mind performing an additional step when you log in, require two factor authentication every time.
4) Set up alerts for any unusual activity and check your email regularly.
5) If possible set up your voice as an identifier with your provider (Schwab calls this Voice ID) and set up a verbal password that is required when you call in (Schwab offers this feature).
6) Secure the email address that you use for your financial accounts with a strong and unique password and two factor authentication. (Keeping your email secure is one of the most important things you can do and if you use Gmail, you get extra credit and the highest level of security by signing up for the Advanced Protection Program).
7) Monitor your financial accounts on a regular basis.
8) Keep your computer OS up to date and practice good computer hygiene, i.e., avoid downloading viruses or clicking unknown links.
9) Do not access your financial accounts from public networks like the wifi at a coffee shop or hotel.

Bonus points:
10) Do not save your financial usernames and password in your browser's password manager. I know it's convenient, and I used to do it myself, but it is a security risk because anyone who gets access to your computer will have all of your usernames and passwords that will be conveniently auto filled when they go to your financial sites. Instead, use a dedicated password manager to keep your usernames and passwords secure that requires a separate login and use two factor for the password manager and choose a password manager that supports physical U2F security keys (the most common brand is Yubikey) as the second factor.

Extra bonus points
11) Access your financial accounts from a Chromebook or a Chromebox only (i.e. using Chrome OS).

If you follow those steps you will be very, very safe and you will avoid virtually all of the risks that you can control. Beyond that, there is little you can do.
JustCurious is online now   Reply With Quote
Old 08-02-2020, 11:53 PM   #12
Thinks s/he gets paid by the post
Katsmeow's Avatar
 
Join Date: Jul 2009
Location: NE Tarrant County
Posts: 4,475
I did a couple of threads that talked about using separate email accounts for financial accounts and whether to use a separate financial computer.

https://www.early-retirement.org/for...se-104265.html

https://www.early-retirement.org/for...ok-104300.html

You might find those threads helpful as they discuss many of those issues.

In addition to what is in there. One thing that I do is that I usually log into my financial accounts on any business day. If someone has logged into my account and has a transaction pending then I will see it.

On the trade offs of different levels of protection see post number 40 by me in my Financial Chromebook thread where I discuss the possible protections.
Katsmeow is offline   Reply With Quote
Old 08-03-2020, 12:17 AM   #13
Thinks s/he gets paid by the post
Scrapr's Avatar
 
Join Date: May 2005
Location: Bend
Posts: 1,341
Quote:
Originally Posted by aja8888 View Post
I use a password manager to generate very secure passwords, change them often, and have 2 factor authentication. Seems to work.
operative words...so far?

the Nigerians only have to get lucky once...
Scrapr is offline   Reply With Quote
Old 08-03-2020, 01:55 AM   #14
Thinks s/he gets paid by the post
teejayevans's Avatar
 
Join Date: Sep 2006
Posts: 1,482
Quote:
Originally Posted by aja8888 View Post
I use a password manager to generate very secure passwords, change them often, and have 2 factor authentication. Seems to work.
I donít trust password managers, seems like they could be hacked as well.
teejayevans is online now   Reply With Quote
Old 08-03-2020, 05:17 AM   #15
Full time employment: Posting here.
iloveyoga's Avatar
 
Join Date: Jan 2017
Location: Des Moines
Posts: 734
I check them frequently.
__________________
Retired in 2013 and we are living the dream!
iloveyoga is offline   Reply With Quote
Old 08-03-2020, 05:31 AM   #16
Moderator
 
Join Date: May 2007
Posts: 12,516
I use 2-step ID on all of my accounts. I also check them often.
__________________
46 years old, single, no kids. Exited the job market in 2010 (age 36). Have lived solely off my investments since 2015 (age 41). No pensions.
Current AA: real estate 65% / equities 10% / cash 25%; Current WR: 1.6%
FIREd is offline   Reply With Quote
Old 08-03-2020, 05:33 AM   #17
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
target2019's Avatar
 
Join Date: Dec 2008
Location: Stuck in the mud somewhere in the swamps of Jersey
Posts: 6,479
Quote:
Originally Posted by aja8888 View Post
I use a password manager to generate very secure passwords, change them often, and have 2 factor authentication. Seems to work.
It does work.
On one side we have millions of international criminals aggregating a billion pieces of data at least to successfully hack accounts. The reason they succeed is because users take chances with easy passwords, no 2FA, reuse passwords, etc. A top password manager will discourage these practices.
Large companies in data and IT are known to require users to have company approved password manager.
target2019 is online now   Reply With Quote
Old 08-03-2020, 05:42 AM   #18
Thinks s/he gets paid by the post
The Cosmic Avenger's Avatar
 
Join Date: May 2016
Location: Mid-Atlantic
Posts: 1,505
Quote:
Originally Posted by teejayevans View Post
I donít trust password managers, seems like they could be hacked as well.
Yes, but so could your bank. Chances are your computer setup is the weak spot, as it is not as secure as your bank, or the more popular password managers, which is why I trust LastPass. The password generation and storing gets me to use a randomized 30-character password on every site that allows it, and prompts me to change them every 90 days, which is more secure than what I would be able to keep track of on my own.

Also, as someone who has worked with cybersecurity on major Federal IT projects and had a shredder before most people knew what "identity theft" was, I heartily second all of the following list. I follow the first 10 scrupulously (but rely on my security hygiene to keep my computers safe, which is why not #11).
Quote:
Originally Posted by JustCurious View Post
Here are my suggested best practices for keeping your financial accounts secure:

1) Select a username that is not very obvious, if your name is Jane Smith don't use JaneSmith1. Using a semi-random username effectively gives you two passwords for your account.
2) Use a strong and unique password at each financial site. Do not reuse passwords, especially for financial sites. And don't share your passwords with anyone you do not trust with your life.
3) Set up two factor authentication whenever possible, and if possible, do not use SMS texting as your second factor. If you want to be really, really secure and you don't mind performing an additional step when you log in, require two factor authentication every time.
4) Set up alerts for any unusual activity and check your email regularly.
5) If possible set up your voice as an identifier with your provider (Schwab calls this Voice ID) and set up a verbal password that is required when you call in (Schwab offers this feature).
6) Secure the email address that you use for your financial accounts with a strong and unique password and two factor authentication. (Keeping your email secure is one of the most important things you can do and if you use Gmail, you get extra credit and the highest level of security by signing up for the Advanced Protection Program).
7) Monitor your financial accounts on a regular basis.
8) Keep your computer OS up to date and practice good computer hygiene, i.e., avoid downloading viruses or clicking unknown links.
9) Do not access your financial accounts from public networks like the wifi at a coffee shop or hotel.

Bonus points:
10) Do not save your financial usernames and password in your browser's password manager. I know it's convenient, and I used to do it myself, but it is a security risk because anyone who gets access to your computer will have all of your usernames and passwords that will be conveniently auto filled when they go to your financial sites. Instead, use a dedicated password manager to keep your usernames and passwords secure that requires a separate login and use two factor for the password manager and choose a password manager that supports physical U2F security keys (the most common brand is Yubikey) as the second factor.

Extra bonus points
11) Access your financial accounts from a Chromebook or a Chromebox only (i.e. using Chrome OS).

If you follow those steps you will be very, very safe and you will avoid virtually all of the risks that you can control. Beyond that, there is little you can do.
__________________
-Looking to FIRE in the mid-2020s, which would be our mid-50s.
The Cosmic Avenger is online now   Reply With Quote
Old 08-03-2020, 05:50 AM   #19
Thinks s/he gets paid by the post
 
Join Date: Nov 2005
Posts: 1,278
Quote:
Originally Posted by ut2sua View Post
I tried to move some $ between banks thru using ACH and I noticed:
1- If I move the $ to my other bank account (same account holder name), then the transfer will be allowed (got linked email as you mentioned).
2- If I move the $ to DW (different name), then 2 small amounts of $ will be sent. DW needs to verify the amounts etc. and the $ transfer will be allowed once (email notices were also sent IIRC).
A thief created an account at https://coinlist.co (a cryptocurrency trading platform) and immediately obtained the ability to do ACH transfers up to $20k. The thief somehow got hold of the bank account info for my family's corporation and transferred $20k out of the account. Fortunately, the transfer was flagged by the bookkeeper and we had the $20k returned after an not-insignificant amount of hassle.

This experience validates my long-standing practice of not writing checks from bank accounts with large balances. I write checks from a working bank account with a modest average balance and don't write checks from an associated bank account that might occasionally have a large balance.
socca is offline   Reply With Quote
Old 08-03-2020, 07:05 AM   #20
Thinks s/he gets paid by the post
UnrealizedPotential's Avatar
 
Join Date: May 2014
Posts: 1,157
A few steps I also take after using a secured online website for my account is make sure I click out of the website completely. Then I clear my browsing data immediately after using the site from my computer . These two steps make me feel better and adds a little more comfort knowing there isn't any information hanging around on the internet after I am done, at least I hope not.
__________________
Understanding both the power of compound interest and the difficulty of getting it is the heart and soul of understanding a lot of things. Charlie Munger

The first rule of compounding: Never interupt it unnecessarily. Charlie Munger
UnrealizedPotential is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
conservator accounts? hiding accounts from the ward Spock Other topics 22 03-26-2020 12:07 PM
Do you auto-pay your CC accounts? Cobra9777 FIRE and Money 108 02-08-2019 08:05 AM
How have you set up accounts for wife if you die first?? blenhardt FIRE and Money 88 06-14-2016 03:52 PM
Your accounts will pass to your account beneficiaries regardless of your will JustCurious FIRE and Money 21 03-22-2008 03:35 AM
Vanguard ... Ever Lost Track of Your Accounts? Craig FIRE and Money 3 01-02-2006 04:38 PM

» Quick Links

 
All times are GMT -6. The time now is 10:11 AM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2020, vBulletin Solutions, Inc.