Vanguard Privacy Nasty Gram?

[Midpack]

We've had accounts with Vanguard for over 10 years. DW would rather I handle all our transactions including her IRAs. It's not ideal, but I doubt it's that uncommon.

We have (always had) Agent Authorization Forms on file with Vanguard giving each other full transact authority of each others accounts.

I normally log in as myself, but last week I logged in as DW, frankly to update her password & alerts. While in, I had a question and sent a message to our acct rep. Got a response the next day, thought nothing of it.

Today, DW got a polite but firm letter advising her to never share her login information with a third party, even a spouse. Told her to change her login info immediately. And we should fill out Agent Authorization Forms if we want to act on each others behalf (again, they've been in place for over 10 years).

Talked to another rep, and he acknowledged my message (you're asked to type in your name) while logged in as DW triggered the letter automatically. He acknowledged we had authorizations on file, but they still don't recommend even authorized spouses using each others logins

In the end I am OK with it all even though we had everything appropriate in place, you probably can't be too careful these days. But DW was upset, thought it was a fraud alert (someone unknown accessing her accounts).

Never dreamed something as simple as sending a message on the VG internal message system while logged in as her would trigger "a letter."

FWIW...

 

[txtig]

I do this all the time with DW's accounts for Vanguard and her banking accounts. Haven't been busted yet.


Sent from my iPad using Early Retirement Forum

 

[dtbach]

I do this all the time with DW's accounts for Vanguard and her banking accounts. Haven't been busted yet.


Sent from my iPad using Early Retirement Forum

so do I since my DW is pretty clueless when it comes to investments. And when I try to do a little bit of education, her eyes become glazed in about 3 minutes.

 

[travelover]

Me three, but they will never take me alive.

 

[Midpack]

I do this all the time with DW's accounts for Vanguard and her banking accounts. Haven't been busted yet.

so do I since my DW is pretty clueless when it comes to investments. And when I try to do a little bit of education, her eyes become glazed in about 3 minutes.

Me three, but they will never take me alive.

I've done all our transactions, including her accts, without incident too.

It was only when I sent a (Vanguard internal system) message using my name (the form asks for name) while logged in as her - that it triggered a letter from Vanguard.

 

[MRG]

...snip...

Never dreamed something as simple as sending a message on the VG internal message system while logged in as her would trigger "a letter."

FWIW...

Oh yes that makes sense. Most fund companies have automated processes in place, to generate letters, or other actions. They really watch closely if anything isn't to their best pratices. IIRC their gaurentee about covering lost monies has a condition of not giving out credentials. Of couse they have no proof of who was sitting at the device when the credentials are entered. They can't actually prove DW didn't login and you took over.

 

[Cobra9777]

I have full trading authorization on DW's IRA accounts at Fidelity through my login. But I have also logged in using her credentials if needed, which isn't very often... usually for some required security-related update, like updating the password or security questions. She has two individual accounts outside Fidelity that I log into as needed as well. I even have all her accounts set up with my email address, which has my full name in it. Never had any problem with this arrangement. She knows how to log in if necessary, but I'm not sure she ever has. I keep her fully informed of everything, but as dtbach said, after a few minutes, I get that glazed look.

 

[target2019]

I believe that even when you have trading authorization you still must login as you, and perform the transactions on her accounts that you see in your view. If you can't perform a transaction, then you don't have the right access level in the account. I have to check my view and what can be done. A little unsure of what my access allows me to do.

That is the security posture that Vanguard has to maintain in order to keep their accreditation. So, when there is a violation, they must respond in some way. Everything is based on one party being able to uniquely identify you as the individual who logged in.

Given that, and what must be a lot of violations in their fan base, it gets noted, and the world keeps spinning. They probably look for multiple violations and patterns in the future, and then respond in a prescribed way.

 

[pb4uski]

Me four. In fact, DW is so disinterested she doesn't even know what her log-in info is. I'm surprised that I haven't been chastised like Midpack since our IDs are similar other than our first initial and our passwords are identical. I have to use DW's log-in to get tax info for her individual account since only my account and our joint account shows up when I log in on my account.

 

[travelover]

I suspect that Vanguard has to be careful with even married couples, as things get dicey when a marriage is falling apart and money is being shifted around.

 

[Live And Learn]

Ok, maybe I'm the odd man (woman) out but I think the automated email is a great idea. What would have happened if it WASN'T you ? I don't see the letter as a nastygram. Its a CYA for Vanguard and a potential fraud alert to the account holder.

Lesson: when logging into spouses account, make sure all references to self use spouses name.

 

[audreyh1]

Ok, maybe I'm the odd man (woman) out but I think the automated email is a great idea. What would have happened if it WASN'T you ? I don't see the letter as a nastygram. Its a CYA for Vanguard and a potential fraud alert to the account holder.

Lesson: when logging into spouses account, make sure all references to self use spouses name.

Yep - good thing to remember.

 

[Lsbcal]

This thread reminded me to update the security items on DW's account: 2 factor authentication, password length, security questions to be not easily guessable.

 

[Looking4Ward]

I've done all our transactions, including her accts, without incident too.

It was only when I sent a (Vanguard internal system) message using my name (the form asks for name) while logged in as her - that it triggered a letter from Vanguard.

Well of course - because only a hacker would use a different name than that of an account they are logged into when sending a request for customer service via Vanguard's messaging system.

Duh.

 

[Bestwifeever]

I suspect that Vanguard has to be careful with even married couples, as things get dicey when a marriage is falling apart and money is being shifted around.

I got called out a few years ago too when DH asked me to call Vanguard to set up a FA phone appointment about DH's IRA. The real person was very worried that I was even able to make the call about it. I definitely got the impression that spouses on the outs are a big thing they are worried about in terms of being able to change beneficiaries (from myself to myself?) and where distributions are sent, etc. DH then got an email (because DH wanted it set up that my email was his email, the email came to me), two letters, and a big package of forms for the different levels of access DH could give me to the account. DH is so disinterested that he told me to fill out the forms and wanted to know why Vanguard didn't do it in the first place back in 2008 when he rolled his 401(k) over to them, as he thought we had (Vanguard said they didn't do this back then when less of its customers were online).

I actually was glad that Vanguard reacted like that in spite of my automatic Catholic guilt at being spanked. They probably do run into exspouse situations, and I feel like couples like DH and me where everything financial is joint and one person makes all the financial decisions are less and less common, so they are suspicious right off the bat.

 

[Texas Proud]

so do I since my DW is pretty clueless when it comes to investments. And when I try to do a little bit of education, her eyes become glazed in about 3 minutes.

Heck, my DW will not last 3 seconds.... have told son that he will need to learn so he can take care of mom whenever I go.... He sees me taking care of my mom, so he kinda knows what I mean...

 

[Live Free]

Personally, I think Vanguard did the right thing here.

Also, on a related note, I read with interest in a recent Consumer Reports that if your IRA with Vanguard (or any other firm) is hacked and the money taken, they are not required to reimburse your account. Though many firms do have a voluntary program to do so.

Hackers are becoming more sophisticated, and I have a lot of money in my IRA and 401K accounts. Yikes.

How Do I Keep My IRA Safe From Cybertheft - Consumer Reports

 

[Chuckanut]

Personally, I am very glad that Vanguard is being careful. If it causes me a bit of annoyance, so what? It's a lot less annoying than finding out somebody has tapped into my life's savings.

 

[JoeWras]

As for spousal beneficiary... Many I think Erisa, states and firms require a paper form signed by spouse when changing the beneficiary away from the spouse. It should not be a trivial operation.

As for acting like someone else. Well, you aren't supposed to do it. But I was helping my dad Joe, and just told them my name when asked. Since we had the same name it worked out.

 

[youbet]

but they still don't recommend even authorized spouses using each others logins

.

Sounds like Vanguard has their act together in this regard. Schwab does the same thing and I suspect all brokerage houses do.

If your brokerage does not officially take the position that each individual should have their own unshared password to access their own, non-joint account, they would assume some liability if the person you share your password with did something out of line with your wishes. When they are officially "on the record" as informing you to NOT share your password, they can then assume the person manipulating the account on line is you.

When you access DW's account via your own (linked due to an Agent Authorization form on file) then the brokerage house has their butt covered if you do something DW disagrees with. They have her signature authorizing you to do so on file!

 

[Major Tom]

Also, on a related note, I read with interest in a recent Consumer Reports that if your IRA with Vanguard (or any other firm) is hacked and the money taken, they are not required to reimburse your account. Though many firms do have a voluntary program to do so.

Hackers are becoming more sophisticated, and I have a lot of money in my IRA and 401K accounts. Yikes.

How Do I Keep My IRA Safe From Cybertheft - Consumer Reports

Thanks for posting this, Live Free - and also to Midpack for the original post. I think it's time for me to get on board with Vanguard's 2-factor authentication. I have held off in the past, as I don't have a cellphone. However, I think my phone company will actually translate texts received on my land-line into synthesized speech. Even if they don't, this alone would be reason enough to cave in and get a cheap cell. I'd hate to have my Vanguard account hacked, only to realize that 2-factor authentication could have saved me.

 

[Midpack]

Ok, maybe I'm the odd man (woman) out but I think the automated email is a great idea. What would have happened if it WASN'T you ? I don't see the letter as a nastygram. Its a CYA for Vanguard and a potential fraud alert to the account holder.

Lesson: when logging into spouses account, make sure all references to self use spouses name.

It was an actual snail mail letter, so more effort than an auto email on VG's part.

And your lesson is exactly what I learned. I've handled her accounts for more than 10 years, usually logged in as self but sometimes as her, without issue. It was only when I used my name in an message while using DW's login, it triggered a stern letter to DW - nasty gram was probably too strong, though DW was upset when she ready before I got to her. And I was a little surprised when they found out it was just me, they still politely but strongly recommended DW have her own login unbeknownst to me.

Again, I am OK with it as stated in the OP, I was just surprised more than anything. And I thought it might help someone else who manages a spouses accounts avoid the innocent mistake I made...

 

[Midpack]

I think it's time for me to get on board with Vanguard's 2-factor authentication. I'd hate to have my Vanguard account hacked, only to realize that 2-factor authentication could have saved me.

+1. I have 2/3-factor authentication (username, text verification code, password - and sometimes a security question) on several of our accounts now, and I welcome it. You can't be too careful with privacy these days IMO.

 

[audreyh1]

Yeah - we are going to set up Fidelity's extra authentication. I delegated that to DH.

 

[Alan]

Thanks for the original OP. We also have Agent Authorizations set up, but it is I who manage both accounts. The other week she received a physical check for 25c as a dividend from her Money Market account so I sent a personal message asking why it didn't get re-invested as it was a waste of VG's money to issue paper checks for 25c.

I did however write the message as if I was her, and she got the email telling her that she had a secure message waiting. I did wonder what would happen if I asked as myself rather than pretending to be her - now I know.

PS
If you empty out a MM account then a residual dividend from the previous month will be paid by physical check, even when you have the fund set up for ACH bank transfers and/or re-investing dividends, so now I will be sure and leave $1 in that account.