Lexar Fingerprint USB Flash Drive For Travel?

[Vincenzo Corleone]

My wife and I enjoy international travel. While working, we take about 2-3 international trips a year and we plan to increase this once we're both retired.

We've been wondering if there'd ever be a situation where we would need to get access to our brokerage/mutual fund accounts while we're traveling should something hinder us from returning to the U.S.

So I've been thinking about getting a biometric USB flash drive (which I will secure around my neck with a lanyard) that will read a fingerprint in order to gain access to the encrypted contents of the drive. There I would store KeePass software, my KeepPass database (which will store the login credentials to the various brokerage/mutual fund accounts) and my KeePass key. Our accounts use 2FA using either YubiKey, email, or text/voice.

This is the one I'm thinking about getting:
https://www.amazon.com/Lexar-LJDF35-32GBNL-JumpDrive-Fingerprint-Silver/dp/B07GSMSP34/

Does anyone have an opinion about doing this?

 

[Freedom56]

My wife and I enjoy international travel. While working, we take about 2-3 international trips a year and we plan to increase this once we're both retired.

We've been wondering if there'd ever be a situation where we would need to get access to our brokerage/mutual fund accounts while we're traveling should something hinder us from returning to the U.S.

So I've been thinking about getting a biometric USB flash drive (which I will secure around my neck with a lanyard) that will read a fingerprint in order to gain access to the encrypted contents of the drive. There I would store KeePass software, my KeepPass database (which will store the login credentials to the various brokerage/mutual fund accounts) and my KeePass key. Our accounts use 2FA using either YubiKey, email, or text/voice.

This is the one I'm thinking about getting:
https://www.amazon.com/Lexar-LJDF35-32GBNL-JumpDrive-Fingerprint-Silver/dp/B07GSMSP34/

Does anyone have an opinion about doing this?

We check our brokerage and bank accounts regularly when on travel. We just use our laptop to login. All our banking sites detect that we are overseas and require additional credentials check. We keep all our login credentials in our head and change passwords regularly. I personally don't see the value of storing login credentials on any media.

 

[Vincenzo Corleone]

We check our brokerage and bank accounts regularly when on travel. We just use our laptop to login. All our banking sites detect that we are overseas and require additional credentials check. We keep all our login credentials in our head and change passwords regularly. I personally don't see the value of storing login credentials on any media.

Between bank accounts, brokerage accounts, mutual fund accounts, 401Ks, IRAs, etc., both held jointly and individually, we're talking around 15 different accounts, all with unique, strong, nonsensical logins/passwords. Neither of us has such a good memory.

And I'm imagining needing access to it only when/if the sh!+ really hits the fan.

 

[OldShooter]

... Does anyone have an opinion about doing this?

Since you ask, we do not have any financial apps on our phones or tablets and we never use them to make contact with the two financial institutions we deal with.

I can't imagine a situation arising where either of us needed to get access to our brokerage accounts. In that unlikely event we would call our Schwab guy and work the problem out. I can, however, imagine a situation where we have a phone or a tablet lost or stolen. Any bad guy getting one of those is going to find a financial blind hole, hopefully after wasting a lot of effort.

In fact the whole notion of accessing brokerage and bank account information from a portable device is a bit of a mystery for me. I guess if you're a trader you might want to do this, but for an investor ... why? We look at our accounts seriously about once a year, though I do reconcile them with Quicken monthly. If we're traveling and I miss doing that for a few weeks until we get home, that doesn't bother me a bit.

No way would I wear around my neck a device that held all my passwords. For that same reason, I don't use a password manager.

 

[Sojourner]

We check our brokerage and bank accounts regularly when on travel. We just use our laptop to login. All our banking sites detect that we are overseas and require additional credentials check. We keep all our login credentials in our head and change passwords regularly. I personally don't see the value of storing login credentials on any media.

+1

I use Bitwarden to securely store all my login credentials, and it has apps and browser plugins for all my devices (laptop, phone, tablet, etc.). I also pay for the premium/family version of Bitwarden, so I can securely store documents and pictures (of my passport, driver's license, etc.) and can access those from wherever I am. Given all that, I don't think having a fingerprint-secured device is necessary or even desirable. Cloud-based password managers are very secure and, IMHO, don't require any further layers of physical security beyond the standard 2FA that everyone should be using anyway.

The only additional layer of security I would add while traveling abroad would be to use a VPN (like SurfShark, or NordVPN, etc.) whenever logging into sensitive websites, such as brokerage or bank sites.

 

[Vincenzo Corleone]

+1

I use Bitwarden to securely store all my login credentials, and it has apps and browser plugins for all my devices (laptop, phone, tablet, etc.). I also pay for the premium/family version of Bitwarden, so I can securely store documents and pictures (of my passport, driver's license, etc.) and can access those from wherever I am. Given all that, I don't think having a fingerprint-secured device is necessary or even desirable. Cloud-based password managers are very secure and, IMHO, don't require any further layers of physical security beyond the standard 2FA that everyone should be using anyway.

The only additional layer of security I would add while traveling abroad would be to use a VPN (like SurfShark, or NordVPN, etc.) whenever logging into sensitive websites, such as brokerage or bank sites.

Someone breaks into your hotel room and steals your laptop/phone/tablet. Then what?

Regarding cloud-based password managers being very secure - what do you base that on?

 

[Sojourner]

Between bank accounts, brokerage accounts, mutual fund accounts, 401Ks, IRAs, etc., both held jointly and individually, we're talking around 15 different accounts, all with unique, strong, nonsensical logins/passwords. Neither of us has such a good memory.

And I'm imagining needing access to it only when/if the sh!+ really hits the fan.

Since you're using KeePass, I think a good solution would be to store your KP files in Dropbox, so you'll have access to them from anywhere. KP uses AES-256 encryption, so it would be essentially impossible for any hacker to crack. Beyond that, I honestly don't see a need for storing your KP files on any sort of portable, secure USB drive. Seems unnecessarily complicated and cumbersome, IMHO.

 

[Sojourner]

Someone breaks into your hotel room and steals your laptop/phone/tablet. Then what?

It's unlikely that all three of those devices would be stolen simultaneously, but if they were then I'd be very sad and angry about the cost (time, money, hassle) of having to replace them all. Would I be worried that, because I use Bitwarden, all my login credentials would be compromised? Not at all. BW is open-source (like KeePass) and uses extremely advanced encryption to protect my passwords.

Regarding cloud-based password managers being very secure - what do you base that on?

I base it on having done a fair amount of reading and research prior to signing up for a Bitwarden account and transferring all my login credentials over to it. I was hesitant for a long time, but the reading I did (from multiple, independent sources) convinced me that using something like BW is very safe. It's not 100% (nothing is), but it's pretty close. I consider myself pretty savvy about these things, having worked as a software developer for several decades—including multiple projects involving encryption—and I can say I feel quite comfortable using an open-source, highly-reviewed, cloud-based password manager like Bitwarden.

 

[Vincenzo Corleone]

Would I be worried that, because I use Bitwarden, all my login credentials would be compromised? Not at all.

That wasn't the point. The point is - the sh!+ really hit the fan and you can't get home, and you need access to money above and beyond what you have in your bank account used for travel. With all of your devices stolen (as unlikely as it may be), you're sh!+ out of luck in gaining access to your info (edit: on thinking of this further, you can probably just buy a cheap laptop wherever you are - which is what I would need to do in my SHTF scenario - and gain access to your Bitwarden info online).

You describe carrying around a small USB drive and wearing it around your neck as cumbersome. Do you not find traveling with a laptop, phone and/or tablet equally as cumbersome? I have no need to travel with all those devices nor would I want to.

I don't mean to sound confrontational with all my challenges to your solutions. I just want to make sure. I'm sure you're very experienced and knowledgeable.

Edit: I just don't trust online storage solutions - Cloud-based or not. Which I suppose is why there are some people - including me - who refuse to use Mint. So if I don't trust online storage solutions the only solution I can think of is to have the login credentials on my person at all times when I travel.

 

[Bryan Barnfellow]

I don't put any financial or medical apps (banks, brokerages, health insurance, credit cards) on portable devices. When I travel I take the iPad and iPhone, which are backed up, and don't worry too much beyond the inconvenience of their being stolen. It's just too easy to lose these things. I've left a 'phone in a cab in London and once forgot my phone at a security checkpoint. Remembered and got it back in the second case in time to still make my flight.

-BB

 

[Sojourner]

That wasn't the point. The point is - the sh!+ really hit the fan and you can't get home, and you need access to money above and beyond what you have in your bank account used for travel. With all of your devices stolen (as unlikely as it may be), you're sh!+ out of luck in gaining access to your info.

Ohh, OK, now I understand the fundamental concern. In the (very) unlikely event I was overseas and needed to move money into my bank account from a brokerage account in order to get home, and I did not have access to a personal device like my phone, laptop, or tablet, then I would call Vanguard's international help number to have them initiate a funds transfer. I don't think carrying around and keeping track of a secure USB thumb drive would be any easier (or more secure) than that.

But I do have to say, honestly, how likely is it that I would need emergency access to funds in my brokerage or bank account while traveling overseas (or anywhere)? I would simply use a credit card to purchase whatever was needed to get me home in that situation. And I cannot imagine that all my personal devices and all my credit cards would get lost/stolen simultaneously, so the odds of this scenario are pretty close to zero, IMHO.

You describe carrying around a small USB drive and wearing it around your neck as cumbersome. Do you not find traveling with a laptop, phone and/or tablet equally as cumbersome? I have no need to travel with all those devices nor would I want to.

I typically do travel with my phone (always), my tablet (sometimes), and my laptop (sometimes). On most overseas trips, it would just be the phone and the tablet. On long domestic trips, probably all three. It's a little cumbersome, but I'm very used to it at this point.

I guess my question would be, if you ever did have a need to use your thumb drive, how would you use it? If all your personal devices were lost/stolen, you'd have to find a 3rd party device to plug your drive into. How is that more secure than calling your brokerage directly?

I don't mean to sound confrontational with all my challenges to your solutions. I just want to make sure. I'm sure you're very experienced and knowledgeable.

No worries, just trying to understand your concern(s) and give helpful, relevant replies. It's actually quite interesting to think through some of these scenarios.

 

[Vincenzo Corleone]

You're right. I'm probably making this more complicated than it needs to be.

 

[braumeister]

For one thing, I've never needed a laptop or tablet to do anything financial while traveling; my phone is quite adequate. I use 1Password for all my logins and I have complete confidence in it.

For another, on the rare occasions when I needed to actually do something the app wasn't capable of, a phone call back to the bank or brokerage was both the simplest and the quickest means of getting it resolved.

 

[OldShooter]

Re password managers, can you think of an app that would be more attractive to black hat hackers? I might use a password manager for the non-critical sites I visit, but I would never put critical financial passwords into that kind of hacker honey pot.

Did you see this: "Malicious software from China passed Microsoft’s certification process" https://www.livemint.com/news/malicious-software-from-china-passed-microsoft-s-certification-process-11624869422374.html Don't you think a hacker would love to embed a back door in software being shipped by ittybittypasswordmanagercompany.com?

 

[savory]

My wife and I enjoy international travel. While working, we take about 2-3 international trips a year and we plan to increase this once we're both retired.

We've been wondering if there'd ever be a situation where we would need to get access to our brokerage/mutual fund accounts while we're traveling should something hinder us from returning to the U.S.

So I've been thinking about getting a biometric USB flash drive (which I will secure around my neck with a lanyard) that will read a fingerprint in order to gain access to the encrypted contents of the drive. There I would store KeePass software, my KeepPass database (which will store the login credentials to the various brokerage/mutual fund accounts) and my KeePass key. Our accounts use 2FA using either YubiKey, email, or text/voice.

This is the one I'm thinking about getting:
https://www.amazon.com/Lexar-LJDF35-32GBNL-JumpDrive-Fingerprint-Silver/dp/B07GSMSP34/

Does anyone have an opinion about doing this?

I follow a similar approach. It happens that I use Keepass without the cloud. I do think the cloud opens the door a crack but I am not that knowledgeable. I did get the cloud warning from a person I trust that is knowledgeable. But, I know there are varying opinions.

I like the fingerprint approach for logging into your Keepass account and your 2FA.

The fingerprint thumb drive is where we differ a bit. My thumb drive is the low end Kingston Data Traveler Locker (low end but still expensive) I have selected that since it limits the number of login attempts. I think after 8 tries the saved data is deleted. I keep a backup on a second DTL in case I make a mistake or lose it. That is at home in a fireproof safe.

In this approach, I remember one sophisticated password to get to my PW. My PWs are selected by Keepass and I change them fairly regularly. I have no idea what my PW is for my accounts.

I also use this approach so when the time comes, our children will have the passwords. They have the main login PW to my thumb drive but not the ones to the accounts.

If I was using my finger, I would be a little concerned my finger might not be available. But, your second drive could be something like a Data traveler that would solve that problem. I have been getting worried about the age of my Data Locker. I will investigate the fingerprint feature.

The other thing that worries me as much is the security of the wireless link. Again, I am not an expert but it would seem in hotels and other places your VPN would be extremely important.

Having my stuff stolen would end up being more of a nuisance and cost. My SS is already on the Black Web as it seems is other data. You can't be too careful but even when you are, s**t happens.

 

[RetMD21]

We've been wondering if there'd ever be a situation where we would need to get access to our brokerage/mutual fund accounts while we're traveling should something hinder us from returning to the U.S.

So I've been thinking about getting a biometric USB flash drive (which I will secure around my neck with a lanyard) that will read a fingerprint in order to gain access to the encrypted contents of the drive.
Does anyone have an opinion about doing this?

I keep a copy of my Keepass file on my phone and use Keepass2Android Offline to open it on occasion. Although I could keep in in Dropbox I like keeping the data file off line.

 

[jim584672]

Seems like overkill to go Biometric. Just use a good long random password (24 char min) and use it on an encrypted cloud file or Veracrypt container on a drive

 

[ERD50]

W ... We keep all our login credentials in our head and change passwords regularly. I personally don't see the value of storing login credentials on any media.

Agreed, and it's been a while, so I'll repeat a system that has worked well for me for over a decade. It is simple, secure, and you don't need to rely on a failing memory.

A) Create a complex password "key" made up of only alpha-numeric. I suggest keeping the upper-lower case in easy to type segments. An example: "RACoonSNOT409".

B) Now, write down "RACoonSNOT409", but not on the same paper as your passwords.

C) On a separate paper, write down a hint to the web page, and a unique password suffix with any required special characters. An example for fidelity: fido ---FIDO#%1zX. The "---" reminds you to add your password "key".

Repeat step "C" for every secure web site you want to access.

D) For fido, you go to fidelity's web site (assuming you can remember it, if not, just write it down), enter your password key plus the unique password suffix for that site: "RACoonSNOT409FIDO#%1zX".

So it is very secure to have all the password suffixes written down. No one could get in w/o also knowing your password "key". And you can write down your password key in some inconspicuous place, but if you choose wisely, and with practice, muscle memory kicks in and it's almost automatic.

I guess it's a little like those old Cold War movies where it took two or more keys to start a nuclear attack. A bad actor who got a hold of your cheat sheet would only have one key.

I trust this system more than I do some cloud server. You may feel differently, that's OK too.

-ERD50

 

[ERD50]

...

If I was using my finger, I would be a little concerned my finger might not be available. ...

My concern is that my finger might be available to some bad guys, w/o my permission!

edit/add:

-ERD50

 

[Sunset]

I carry a thumbdrive with me for long trips as sometimes we've been gone 3 months.

I use a veracrypt container, and within it is my keepass info.

My keepass password is a bit like ERD50 , in that it's super long and partly written down and part from memory.

I make a special keepass dictionary (a travel version, by copying it and deleting out anything I don't want to take) This limited version, means I'm not "risking" the entire kingdom.

I have to wonder, if I phone my bank/brokerage from overseas, since I cannot remember any of the random security questions, how can they tell it's me and not a scammer. Seems to me scammers phone them everyday with a name and address, claim computer/phone is stolen and need $4,000 to fly home.

 

[OldShooter]

... I have to wonder, if I phone my bank/brokerage from overseas, since I cannot remember any of the random security questions, how can they tell it's me and not a scammer. Seems to me scammers phone them everyday with a name and address, claim computer/phone is stolen and need $4,000 to fly home.

I think you're right in cases where you don't have a relationship with a particular individual. In my case I've been with my Schwab guy for years and his young twin sons are playing with a pair of Charlie and Warren rubber ducks that I gave him. https://www.orientaltrading.com/ber...n-and-charlie-rubber-duckies-a2-13951097.fltr No security questions necessary.

 

[tulak]

I don’t travel with a laptop, only a phone/tablet. I’ll access financial sites occasionally, but always through a vpn that connects to my home internet. I use 1Password on all my devices.

It seems to me if you’re traveling and need money, then having back-up debit/credit cards is what you want. Make sure to store them in separate places, so if you lose one or stuff is stolen, not everything is lost.

 

[OldShooter]

... It seems to me if you’re traveling and need money, then having back-up debit/credit cards is what you want. Make sure to store them in separate places, so if you lose one or stuff is stolen, not everything is lost.

Yes. DW and I each carry a debit card, 2 different banks, for ATMs and we each carry a Visa or Master card, two different providers. No Discover or Amex as they are routinely refused due to high costs. Sometimes we leave the country with thousands in $100 bills to pay a travel provider (makes for nice discounts if you offer this) but we try to get rid of that as quickly as possible after we land.

 

[MrsHaloFIRE]

Just bring a couple fat credit cards with no foreign trAnsaction fees. You will be able to get back home. A password protected lanyard around your neck in case you need to get access feels very nuclear football or drug dealer money launderer to me. Unless you routinely daytrade or something like that. How much would you need ballpark? Good faith deposit on a medical air ambulance? Border bribes? Both? Someone back home that knows youre good for it could help pay off ambulance deposit or something.

 

[Sojourner]

Re password managers, can you think of an app that would be more attractive to black hat hackers? I might use a password manager for the non-critical sites I visit, but I would never put critical financial passwords into that kind of hacker honey pot.

Did you see this: "Malicious software from China passed Microsoft’s certification process" https://www.livemint.com/news/malicious-software-from-china-passed-microsoft-s-certification-process-11624869422374.html Don't you think a hacker would love to embed a back door in software being shipped by ittybittypasswordmanagercompany.com?

If you are willing to trust the extensive security measures a brokerage or bank website uses, then you should be even more willing to trust the very extensive security measures being used by companies like Bitwarden and KeePass.

I recently read through much of the Bitwarden FAQs regarding their encryption, storage, and security measures, and I'm convinced their open-source, extensively audited password manager app is essentially unhackable. Once you really understand the methodologies they're using, like "zero knowledge", salted and hashed passwords, etc., then you should be convinced that no hacker realistically could steal your data. This is probably also true for your brokerage/bank site data, but IMHO it's less clear for those sites because they are not open-source (i.e., their code is proprietary and private) and their security methodologies are not as transparent. The fact that you continue to use them, log into them, and have accounts with them implies a very high degree of trust, presumably based on their reputations and their "say so", whereas companies like Bitwarden and KeePass have gone well beyond that to openly demonstrate their rock-solid security measures.