Financial Chromebook?

[JustVisitingThisPlanet]

Even though the DH retired from Google, I am not a fan of Chromebooks in general. If you don't have an internet connection (which happens to us frequently when we travel) it becomes just an expensive paperweight.

Not internet dependent anymore. ChromeOS runs offline Android and Linux apps now, including Linux LibreOffice and some very good content creation tools. There are also PWA apps that while installed via browser, can run offline.

Some security experts also consider ChromeOS the most secure of major OSs, though browser extensions can still be a problem as with any browser/OS. Be careful with extensions that can read your browsing history or convert your data like PDF converters. The details of extensions explain permissions. Might avoid any extensions if you have a dedicated financial laptop (of any OS).

I personally prefer full Linux but also use ChromeOS/Mac/Windows and ChromeOS is my second choice. Windows used only virtually if needed. I also use relatively more private Brave browser (based on Chrome with Googly things stripped out) or even more secure but slower Tor Browser (based on Firefox). The Linux versions can be used on Chromebooks.

 

[meierlde]

Jim,
If OP were to dual boot new computer (Windows 10 / Linux) how difficult to set up a shared folder on that computer where Linux could save data accessible by Windows (if he needs to add in older financial PDFs, etc.? Last evening I was thinking that would be a simpler solution. It would also be more secure than Chromebook (with gmail profile) + Windows 10.

I agree with you that Linux is more secure. Which browser would you use with Linux to maximize security when on financial site(s)?

Interesting challenge for OP.

Linux can now read nfts disks and you can mount them. However an easier way to accomplish this without going to dual boot, would be to load virtualox on your machine and run linux on it. Files can be shared a couple of ways between the virtual machine and its host

 

[RetMD21]

Hello MD21, as far as keyloggers (or any "malicious code") I believe they only work if they are local on your computer, that is, you either installed it yourself (how I've done it in the past) or they get in through some other vector. The obvious way is that you click on an attachment to an email and it installs itself. All OS's have at their core, a framework of code through which the OS does all the things it does. On windows, that framework is .NET. In .NET there are so-called event handlers that you can program to do something when they're triggered. Keyloggers target events associated with a keystroke. Click a key, and you can program the code to send that key through the web to an outside computer. I only know about Windows, not sure of others but I imagine they all have these kinds of event handlers. Of course, the intent of OS's is to limit outbound information flow. But with how complex OSs have gotten, not to mention how many apps they need to manage, I'm not optimistic that all leaks can be found. The best you can do is NEVER click on attachments, NEVER visit anything other than legitimate websites, NEVER do anything risky while connected to the internet. If you limit your web browsing, delete or ignore and unsolicited requests "for you to follow a link", limit "social" apps, change your password frequently with STRONG passwords, and always opt-in for 2-factor authentication, then I think you're doing the best you can. Crooks always go after the easier target, at least I hope they do. Wish someone would write a good book on the subject for those of us who aren't programmers.

My Chromebook won't even open things I want. I doubt that it would run programs. I don't necessarily trust apps and extensions.

 

[2cheap2eat]

I’m less concerned now as I have two-factor authentication (text message one time codes). Also, as others have pointed out, use strong passwords, scan for viruses regularly, and be weary when clicking on attachments & downloads (always scan).

 

[mountainsoft]

I don't see the point of having a second computer (Chromebook or otherwise) to access financial accounts. It's just another machine to maintain, another computer that can be infected, another computer that can be stolen, and another point of vulnerability. Unless you're just "looking", at some point you'll have to move files from your second computer to your main computer, which is another chance for viruses and/or hacking.

In my opinion, it's better to have one system you lock down as much as possible, and scan for viruses and malware regularly. Use a password manager and use a different long password for every site you visit. Create an encrypted drive on your hard drive and save your financial records in the encrypted drive. Then unmount the encrypted drive when you're done accessing it.

NEVER click on an email link, even if it looks legit and trustworthy. If you get an email from your bank, log on to the bank site directly in your browser. DO NOT click on the email link. As long as you follow this simple rule, I don't see the point in having a dedicated email address. Emails are not secure anyway.

Remember the financial institution is a bigger target than you are. Even if you have the most secure computer and login on the planet, your financial institution can still be hacked.

Backup, Backup, Backup!!! Multiple copies, on multiple media.

 

[Chuckanut]

In my opinion, it's better to have one system you lock down as much as possible, and scan for viruses and malware regularly.

I think the point of the Chromebook is that you can do the above very easily and at little additional cost. I had a old Chromebook I used for financial transactions. Every few weeks I would 'Power Wash' it with one command. After that the entire machine was like new, never used.

One thing about Chromebooks is to remember that, like Windows and Apple machines, they reach a point where they are no longer are updated. I believe that Google has said they will update Chromebook's OS for 5 years. After that no security or other updates will be done. Keep that in mind, especially if you buy a used Chromebook. You could find that in a year or two the OS is no longer updated and security holes are not being patched.

My understanding is that an iPad running the apps created by the financial institutions is also very secure. Everything is encrypted and the opportunities for bad guys to infect an iPad are minimal. The apps have their own security built into them. So I am told. I don't know if this applies to the various Android or Windows based tablets.

 

[ERD50]

I’m less concerned now as I have two-factor authentication (text message one time codes). Also, as others have pointed out, use strong passwords, scan for viruses regularly, and be weary when clicking on attachments & downloads (always scan).

...
NEVER click on an email link, even if it looks legit and trustworthy. If you get an email from your bank, log on to the bank site directly in your browser. DO NOT click on the email link. As long as you follow this simple rule, I don't see the point in having a dedicated email address. Emails are not secure anyway.

Remember the financial institution is a bigger target than you are. Even if you have the most secure computer and login on the planet, your financial institution can still be hacked.

Backup, Backup, Backup!!! Multiple copies, on multiple media.

I'm with mountainsoft, I will say "NEVER" in this case. There's just no reason to take this risk.

-ERD50

 

[Katsmeow]

My understanding is that an iPad running the apps created by the financial institutions is also very secure. Everything is encrypted and the opportunities for bad guys to infect an iPad are minimal. The apps have their own security built into them. So I am told.

That is an interesting idea. I do have an iPad. Of course, I use it for a variety of things. I could use it to access the financial institutions though.

So far, I haven't gotten a Chromebook. I do a lot of stuff already to keep stuff safe and am going to add a few more. No, I don't click on links willy nilly. I am careful where I go. My system is scanned on a daily basis. I use 2FA. I am thinking about getting a yubikey (or similar device). I have long random passwords on financial sites generated using my password manager.
I have a separate financial email address. I think if I do all that I am pretty safe just using my regular computer and am taking way more safety precautions than most people.