Online banking security

[ERObjd]

Is any browser really safe for online banking?

Some people I know pay for a VPN in hopes that it makes their online banking and investments safer.

We don't have a VPN and don't plan on paying for one.

We use Startpage as a browser for everyday internet which is supposed to be more private than firefox and Chrome .

For online banking or looking at investments on Vanguard, we use Avast and select banking mode. We never log on to bank or finance sites on public wifi at hotels, always at home only.

Just wondering what members on here use for online banking security.

 

[retire48in2018]

I have heard that using the App from the bank is much safer, for control of information, privacy, encryption, etc.

With cookies, and other information from a browser - especially if going wifi (even worse public wifi) - adds risk to information being stolen, intercepted, sold, etc.

Clark Howard recommended a separate chrome book to be used for financial bank info, and only that. (1st recommendation from him was to use the bank App).

 

[ERObjd]

I dont have a "smart phone" I use a old Trac phone " flip and it does not do apps or internet. My wife does have a T mobile pay as you go smart phone but she does not use phone apps either. I have not looked at Clark howard site for a long time. I will have to look at the CLark Howard site again soon. I never use private wifi. When travelling I can bank check balance, transfer funds pay bills etc, by calling USAA on the phone.
A few years back 2015 wife and I were staying at a Sheridan Hotel in LA for our sons wedding. I went to use one of the hotels customer PC to look up some stuff and when i went on, the banking info from the person who had used it before me populated the screen. It was Still logged on to the banking site and had not timed out yet. I closed the browser down. A crook could have gotten all the bank info had they wanted too.

 

[retire48in2018]

in that case (no phone app), I would look into a separate inexpensive chrome book to use for financial only work. Nothing else.

 

[Alan]

Just wondering what members on here use for online banking security.

1. Banking app on phone or tablet.
2. VPN when wanting to use Laptop to download statements etc. TunnelBear only costs $4.99 / month to have on as many devices as you want. ($3.33/month if you sign up for 3 years). I’m sure there are cheaper options including free out there.
3. The banks we use, including Vanguard, have 2FA so you need more than a user name and password to access it.

 

[ERObjd]

we bank with usaa and after you enter log on they send a text message with 6 digit code . They have been doing that for about 3 years now at usaa. It is an extra layer of security that is good. and yes the card has a chip now. But criminals never give up ..a constant technical cat and mouse game between criminals and security.
So far been using Avast Bank mode for banking and no issues. maybe there are better bank modes to use, but Avast bank mode is free. Some people use DuckGo for internet we use Startpage for a daily browser,but for banking we use Avast bank mode. No issues so far.

Being a retired military I know that the VA has had 2-3 data breches during the last decade where million of veterans data has been breached or stolen. Data breaches are not that uncommon these days. My wife has shopped at target a few times and we got new cards after target was braeched.

 

[foxcreek9]

I use a chromebook for banking

 

[davismills]

I use a dedicated Chromebook, VPN, and a Yubi key for financial transactions.

 

[Lsbcal]

I don't worry about using Firefox on an up to date PC with Windows 10.

A few practices I use:
Have 2FA for unrecognized computers that log into Vanguard account.
Use Lastpass to inject login/password.
Stong password unused in any other site.
Use very few add-ons in Firefox.
Always check Vanguard messages for content.
Safe email interface (gmail).
Have iPhone with strong PIN from service provider (less likely to be phone hacked)

 

[JustCurious]

I use Chrome OS (a Chromebook and a Chromebox) for everything, and that includes banking and financial accounts. I also use two factor authentication for financial accounts.

I don't claim to be an IT expert, but based on my research I think Chrome OS is much safer from viruses or hacking than Windows or Mac.

 

[GreenEggs]

The Samsung Chromebook is only $100 to $200 at Walmart. It's the same model, but the $200 one has more memory.

 

[easysurfer]

I've always thought keeping a computer updated with anti-virus, anti-malware, system updates and using a browser that has the padlock showing on the address url is safe something like banking. Am I missing something?

 

[OldShooter]

My approach:

I never access accounts from my phone or tablet, both of which are carried with me on trips and are at least theoretically vulnerable to physical theft.

I do not load financial apps on the phone or tablet either.

I use Schwab, which has 2FA, on Firefox from my home office computer and I am very careful to log out/not leave a session open when I am done.

I also rely on Schwab's promise: "Schwab will cover 100% of any losses in any of your Schwab accounts due to unauthorized activity."

I really don't understand people's need to frequently connect to financial institutions, but then I am not a trader.

 

[Aerides]

Your up-to-date desktop/browser and good password are fine. (clinging to Win7 and IE6, not so much). Dedicated device/emails, even better.

Your tablet or mobile device on your home network, assuming you have a decent secure setup - fine.

I would not connect to an important financial site when mobile: not from your hotel/starbucks/airport/mall wifi, etc.

 

[Chuckanut]

Proton has a free VPN that is limited in speed, sites and the number of connections on can have.

Surfshark has a two year deal is about $2.50 a month.

Be careful with Chromebooks. After 5 years Google no longer updates them for security or anything else. That's not necessarily bad, unless you buy one that's already been used for 3-4 years. Then there is not much time left.

 

[gauss]

Is this much worry about an online bank account worth it?

If I am mistaken, the banking institution is responsible for the system security and I believe they will be required to make you whole if there is a loss. This assumes no fraud on your part.

Here is an article that discusses this further.

Note that my comment is specific to banks. Brokerage accounts I believe are not legally protected to the same degree as banks.

Note also that I do maintain multiple accounts at different financial institutions. If one were to be compromised, I would still have access to funds at the other ones while the issue is being resolved.

Note also that I have my credit files frozen at all 3 credit bureaus.

All of this helps me sleep better at night.

-gauss

 

[pb4uski]

I don't worry about it too much. I typically log into financial websites from my secured home wi-fi network using Chrome on my laptop or tablet, or via bank apps on my phone.

When traveling I try to avoid loging onto any financial websites, but if I need to I'll use my cellphone data plan. Never with any device connected to the internet via a public wi-fi or even hotel wi-fi.

 

[jim584672]

You don't have to go crazy, as long as you have an up to date browser the security will work. Usually the bank or broker will put a cookie on your machine the first time and send you a text or email. That sets up the connection. Just make sure you are connecting to the actual address and not some fake variant like www. barclays-supports . com when it should be https://www.banking.barclaysus.com/.

 

[WestUniversity]

I’ve been to many conferences regarding online security and cyber threats. One of the the most important things you can do is keep your software up to date. When a new version of whatever is released hackers will compare the new version to the previous version side by side looking at the differences and looking for any opportunities to exploit the coding. If nothing else at least keep the software, apps, OS, whatever up to date...

 

[ERObjd]

That is why I like Avast free antivirus, it updates software to new versions automatically and updates the bankmode as well. I also do a scan with microsoft malware scanner when they push out a new version 1st Tue of every month.

 

[stepford]

Until 2020 all of my online financial transactions took place in a separate LINUX machine I run just for that purpose - no casual browsing, only access to the 10 or so brokerage/banking/insurance sites I use. A Virtual Box version of Win10 within that LINUX system is where Turbotax, and nothing else, lives. I've convinced myself this is reasonably secure.

Then COVID rolled around and I stopped doing any banking in person. DW and I still receive paper checks at times. So in order to deposit them we broke down and got the phone app from our local bank. It uses the phone's fingerprint scanner for log in, but I'm not sure how secure that really makes things. I only ever keep a few $K in the bank, though, so even in the event of a hack I suppose the actual financial risk is small.

 

[jollystomper]

We do our banking on our computers, with all the security Windows security, third party software, and home network/router can provide. We also use 2FA and have different IDs and passwords for each institution.

We never do any banking away from home unless it is an emergency, and have only had to access our CC accounts, which I figure have the least issue if compromised.

I'm more wary of using apps on my phone or tablet. Not that I think that the app is a problem, but I'd be concerned about misplacing my phone with the apps giving access to the accounts. That's just me, I know OMMV.

 

[Hermit]

I don't worry about using Firefox on an up to date PC with Windows 10.

A few practices I use:
Have 2FA for unrecognized computers that log into Vanguard account.
Use Lastpass to inject login/password.
Stong password unused in any other site.
Use very few add-ons in Firefox.
Always check Vanguard messages for content.
Safe email interface (gmail).
Have iPhone with strong PIN from service provider (less likely to be phone hacked)

Vanguard 2FA requires a text message. I am out of cell phone range while at home so they set my accounts up to not use 2FA. Hopefully, this is temporary. My cell company keeps saying they will have phone over internet any day now.

 

[Alan]

Vanguard 2FA requires a text message. I am out of cell phone range while at home so they set my accounts up to not use 2FA. Hopefully, this is temporary. My cell company keeps saying they will have phone over internet any day now.

They also have an option to provide a physical security key that plugs into a USB port on your PC or laptop

https://investor.vanguard.com/security-center

 

[Hermit]

They also have an option to provide a physical security key that plugs into a USB port on your PC or laptop

https://investor.vanguard.com/security-center

Thanks. I don't recall them saying anything about a security key and this whole 2FA thing just was put in place on my account in December.