How do you safeguard your accounts?

[gauss]

Never log into any of the accounts that you care about (especially retirement accounts) from a work computer or other computer that you do not control.


-gauss

 

[teejayevans]

It would be nice to be able to get a text anytime someone attempt to login, whether it was successful or not. But I don’t know anyone who does this.

 

[Katsmeow]

I don’t trust password managers, seems like they could be hacked as well.

The password manager does not have your master password unless you save it which you shouldn't. That is the password that I do not save. Therefore, if someone hacks LastPass that doesn't give them my master password because they do not have it.

 

[aja8888]

operative words...so far?

the Nigerians only have to get lucky once...

I'm more worried about the government taking my savings than the scammers!

 

[vince]

I access my accounts from home only through one computer. All my transactions are through one account at BofA. I check it often. If money is transferred between bank accounts or investment accounts, it goes through BofA first. The only place money can be transferred is to or from a single account at Bank of America.
It would be pretty difficult to set up a new transfer without it being flagged as suspect.

 

[ut2sua]

All banks and broker institutions seem to have their own phone app that they encourage you to use. The advice against the use of phone apps seems to be because data is easier to be stolen. We all have heard about recorded phone conversations among other things that were done without the users being aware. Yet due to the popularity and convenience of the phone apps, I am sure large number of folks are using them. Please share your thought and/or knowledge if you happend to have insider knowledge regarding the security of using phone apps from financial institutions.
Lots of good knowledge and common sense best practices have been shared thus far. Thanks to all posters for sharing.

 

[Big_Hitter]

I told my bank, broker and 401k plan administrator that I've had my identity stolen; they will set you up with a token ring or additional verbal password.

I seriously doubt that the perp (or his associates/assigns) will strike again after last time but I'm still staying vigilant. I also subscribe to two ID monitoring services.

Note that I've done nothing extraordinary to protect my monthly qualified plan annuity deposit...… ZING!

 

[Sunset]

The major brokerages have a security guarantee and I'm familiar with their security procedures since I've worked for most of them. Of much greater concern is protection of your social security number. If you haven't locked your credit report, you should. I learned this the hard way.

I think you mean to FREEZE credit reporting at the big 3 or 4 credit bureaus.

I know one of them tempts people with locking, but that is not as restrictive and is just a weak offered service, not bound by the same legal restrictions, so they can keep selling your information.

 

[atmsmshr]

Last year I bought a basic computer used by DW and I only for credit union and Fidelity. No other browsing allowed on this stand alone computer. Accessed from home router. Separate email account.

I get text messages for any transfer greater than $1,000 from either.
Quarterly transfers from FIDO to CU account for checking and savings.
2FA for FIDO. I should also do the FIDO lockdown between transfers.
Check the accounts on my Iphone using face ID. Probably a bad habit.
No password manager. Anyone remember Kaspersky?

 

[jollystomper]

As secure as you choose to make your accounts, you also need procedures to allow the ones you want to access them when you die, or if you come down with a dementia-related disease. Especially if your survivors are not as tech-savvy as you are.

 

[The Cosmic Avenger]

As secure as you choose to make your accounts, you also need procedures to allow the ones you want to access them when you die, or if you come down with a dementia-related disease. Especially if your survivors are not as tech-savvy as you are.

Well, like most things, you need to balance ease of access against security. If you're sure your family will not be in need waiting for your accounts and you want to have them as secure as possible, you can let them go through the TOD/POD/POA legal channels, where a bank rep will usually insist on confirming their identity in person, and for POA will probably require a court finding of competence or guardianship. If you think your family may need immediate access to those funds, though, you'll want to compromise a bit on security and set up a way to give them online or ATM access as securely as possible....which, of course, means that someone else might gain access, too.

 

[JustCurious]

As secure as you choose to make your accounts, you also need procedures to allow the ones you want to access them when you die, or if you come down with a dementia-related disease. Especially if your survivors are not as tech-savvy as you are.

I agree those are important issues, but dying is different than having dementia.

If you are dead, it doesn't matter if your beneficiary is not tech savvy and can't access your accounts because it would be inappropriate and probably illegal for someone to use your credentials to access your accounts after you are dead. If someone is set up as a beneficiary on the account they should notify the account holder of your demise so your individual access can be frozen and then follow the steps of transferring the funds to their name. At that point it would not matter how securely you had your account locked down because you are now dead and your individual access is frozen never to be used again.

If you have dementia, then ideally you would have thought ahead and set up someone with power of attorney authority to manage your accounts while you are alive. You have to contact your account provider to set this up while you are still competent and use their forms and their procedures to set it up. Once that is done, the person who has the power of attorney would be able to legally access your accounts with their own credentials and in that situation it would also not matter how securely you locked down your individual access because your power of attorney designee will set up their own access.

The bottom line is no matter how securely you set up your individual access to your accounts if you set things up properly it will only affect your access, not your beneficiaries and not your power of attorney designee.

 

[pb4uski]

Whatever you do, don't post you Fido account numbers on the internet!

(I added the blackouts of the account numbers, the post in the Where to park brokerage cash still has them.

 

[Big_Hitter]

Probably a bad habit.
No password manager. Anyone remember Kaspersky?

buddy of mine who owns a company got hacked - he now uses 24 character hexadecimal passwords

 

[UnrealizedPotential]

I’m not a security expert but I thought once you connected to a secure website, there are keys stored in your browser that insures you’ll next connection is to the same site. So it prevents a bogus site pretending to be the site you’re interested in. So you are less secure doing this.

BTW, if you go to your secured website and it doesn’t take your password that you know is correct. Either you already have been hacked, or someone just stole your password by getting you to go to a bogus website. Usually a result of clicking on a link in an email.

I am not sure, hmm, I will have to think about it. I see what you are saying, unfortunately it doesn't clear things up for me. You might be 100% correct. I will have to do some more research on this.

 

[jetpack]

To me, those saying they don't have online access are the most vulnerable.

1. They don't have quick access to notifications on changes to their account.

2. Their account is basically "unclaimed" for online access.

It's much better to take control and learn about the ins and outs of your accounts.

 

[ut2sua]

To me, those saying they don't have online access are the most vulnerable.

1. They don't have quick access to notifications on changes to their account.

2. Their account is basically "unclaimed" for online access.

It's much better to take control and learn about the ins and outs of your accounts.

This ^^^ is an interesting viewpoint. It actually makes sense to me.

 

[SecondCor521]

This ^^^ is an interesting viewpoint. It actually makes sense to me.

Like another poster upthread, one of the things I do is have a lot of alerts set up on all of my credit cards. I may get lots of emails, but they're cheap to receive and delete, and if anything untoward happens I'm more likely to notice.

I note with interest that nobody on this thread has mentioned identity theft protection services. (I don't use LifeLock either.) Not sure if people don't think it's worth the money, or don't think it actually provides much real protection, or some other reason. But notable by its absence regardless of the reason(s).

 

[rk911]

Like another poster upthread, one of the things I do is have a lot of alerts set up on all of my credit cards. I may get lots of emails, but they're cheap to receive and delete, and if anything untoward happens I'm more likely to notice.

I note with interest that nobody on this thread has mentioned identity theft protection services. (I don't use LifeLock either.) Not sure if people don't think it's worth the money, or don't think it actually provides much real protection, or some other reason. But notable by its absence regardless of the reason(s).

alerts on all accounts are set for amounts greater than $1. this alert setting results in a lot of texts a d e-mail but there aren't that many transactions to begin with and the upside is i'll be alerted to any test transfers. we also are Lifelock members.

 

[JustCurious]

To me, those saying they don't have online access are the most vulnerable.

1. They don't have quick access to notifications on changes to their account.

2. Their account is basically "unclaimed" for online access.

It's much better to take control and learn about the ins and outs of your accounts.

I agree.

 

[JustCurious]

I note with interest that nobody on this thread has mentioned identity theft protection services. (I don't use LifeLock either.) Not sure if people don't think it's worth the money, or don't think it actually provides much real protection, or some other reason.

I think identity protection services like LifeLock are a waste of money and provide little protection beyond what you can do on your own. For example, you can freeze and thaw your own credit for free at each of the credit agencies. You can also set up alerts at your financial providers for free.

 

[OldShooter]

1. They don't have quick access to notifications on changes to their account. ...

Schwab communicates via email, so I receive their messages on my mobile devices just fine. This despite the fact that I load no financial apps and do no financial business on my mobile devices.

2. Their account is basically "unclaimed" for online access. ...

I have no idea what this even means.

 

[Sunset]

I think identity protection services like LifeLock are a waste of money and provide little protection beyond what you can do on your own. For example, you can freeze your own credit for free or at very low cost.

It's FREE to freeze credit, since Congress passed the law.

Free to freeze , and free to thaw credit reports (needed when getting new CC)

 

[aja8888]

I think identity protection services like LifeLock are a waste of money and provide little protection beyond what you can do on your own. For example, you can freeze your own credit for free or at very low cost.

LifeLock will notify you after your account is hacked....maybe.

 

[RetMD21]

I don't think changing passwords often is going to do a bit of good, as long as you never re-use a password. And you should certainly never, ever, not ever, reuse a password.

That's what I have thought too. I have long 20+ character passwords for banking and investment web sites with 2 FA.

I have a lot of passwords for various web sites like newspapers, facebook and forums. I have reformed and the all have unique passwords now but I just let the browser remember them.

I am thinking that I might do the same with credit card accounts. Is that a bad idea. They seem less critical than investments/banking