Securing my accounts, what am I missing?

Non-investing personal finance issues including insurance, credit, real estate, taxes, employment and legal issues such as trusts and wills.
Post Reply
Topic Author
RJ2010
Posts: 101
Joined: Tue Dec 15, 2020 8:32 pm

Securing my accounts, what am I missing?

Post by RJ2010 »

2020 was a wake-up year for me. I discovered that my FB account was accessed overseas. My credit card was used overseas while cards were in my possession (probably due to travel and someone stole the #).

After research (from this site), here is what I did:
1. Secured all accounts (including email, financial, social media) with 2FA (if provided). Use App instead of SMS if provided.
2. Every account has a different password
3. Financial accounts have different email (which I never use for anything else)
4. Signed up notifications/alerts
5. Locked my sim with phone company to prevent swapping and protect with password and all security they provide
6. Requested IRS pin
7. Registered social security account
8. Froze credit checking from experien, equifax and transunion
9. Only use one bank account on my phone to do payment. That account has low balance and is different from the account and bank linked to investment brokerage accounts. Everything else will be done from home computer.

Plan to do
1. Freeze chexsystems
2. Request checkbook for a checking account that has low balance. Hide the checking account that is linked to investment accounts. Stop using that checking account for check writing
3. When travelling, disable bluetooth on my phone

What else am I missing?
User avatar
Duckie
Posts: 9777
Joined: Thu Mar 08, 2007 1:55 pm

Re: Securing my accounts, what am I missing?

Post by Duckie »

RJ2010 wrote:What else am I missing?
Freeze Innovis which is another major credit reporting agency.

Freeze NCTUE which provides credit checks for cell phones, cable tv and utilities, to prevent someone opening a cell phone account in your name and running up a huge bill.
User avatar
anon_investor
Posts: 15122
Joined: Mon Jun 03, 2019 1:43 pm

Re: Securing my accounts, what am I missing?

Post by anon_investor »

Here are some additional things I have done:

-Create and IRS account (unclear if you created one when obtaining the IRS ID Protection PIN)
-"Freeze" and debit cards tied to your checking accounts (my banks have this feature on their website or phone app)
-Experien, Equifax and Transunion all offer free credit monitoring (just make sure you sign up for the free one not the paid one) that also gives you free access to your credit reports. I monitor these periodically, but I do get email alerts every time there is a change in my credit report.
-Make sure certain private information is not available in my social media profiles (home town, date of birth, etc.)
-If your state has an online tax account (mine has one similar to an IRS account) create one
intendi
Posts: 205
Joined: Sat Oct 17, 2020 10:16 am

Re: Securing my accounts, what am I missing?

Post by intendi »

Thank you for this post and the follow ups. Many of these strategies are new to me.
jebmke
Posts: 25475
Joined: Thu Apr 05, 2007 2:44 pm
Location: Delmarva Peninsula

Re: Securing my accounts, what am I missing?

Post by jebmke »

My credit cards allow me to freeze them using my phone app. The app is locked and uses face ID. When we travel together, my spouse and I each carry two cards, one different than the other (so three cards). If one wallet is stolen/lost, we haven't lost all cards. If I travel alone, I carry at least two cards and try to leave one in a hotel safe if I think it is secure.

I don't use social media, except one twitter account that is not tied to my name or any email address I use for anything else. The twitter account is purely for alerts (e.g. I get an alert if the Chesapeake Bay Bridge is closed or under wind warnings).
Don't trust me, look it up. https://www.irs.gov/forms-instructions-and-publications
HawkeyePierce
Posts: 2351
Joined: Tue Mar 05, 2019 9:29 pm
Location: Colorado

Re: Securing my accounts, what am I missing?

Post by HawkeyePierce »

Use a password manager.

Your biggest risk at the moment is that you haven't taken steps to avoid phishing attacks. A password manager helps with that if you use its browser extension autofill feature. Go download 1Password today.

You should also lock down your email account. If you're using Gmail, go order a couple Yubikeys. Register both with Google and disable SMS and authenticator codes as 2FA—use only Yubikeys to access your email accounts. Keep one with your computer and put the other in a safe place.

There's no need to avoid bank or finance apps on an iPhone. Those are more secure than your computer as they can't be phished.
Topic Author
RJ2010
Posts: 101
Joined: Tue Dec 15, 2020 8:32 pm

Re: Securing my accounts, what am I missing?

Post by RJ2010 »

HawkeyePierce wrote: Sat Jan 23, 2021 1:08 pm Use a password manager.
I feel this is a risk rather than a feature. if somehow, the password manager is hacked, hackers get everything. So I'm staying away.
I never click on links by email. I bookmark my financial institutions' website and directly go to them.
slidecreek
Posts: 111
Joined: Sun Dec 06, 2020 6:28 pm

Re: Securing my accounts, what am I missing?

Post by slidecreek »

RJ2010 wrote: Sat Jan 23, 2021 7:35 pm
HawkeyePierce wrote: Sat Jan 23, 2021 1:08 pm Use a password manager.
I feel this is a risk rather than a feature. if somehow, the password manager is hacked, hackers get everything. So I'm staying away.
I never click on links by email. I bookmark my financial institutions' website and directly go to them.
If you can memorize a strong, unique password for each site you use, great. If you plan on reusing the same one or two passwords everywhere, this is a terrible idea.
HawkeyePierce
Posts: 2351
Joined: Tue Mar 05, 2019 9:29 pm
Location: Colorado

Re: Securing my accounts, what am I missing?

Post by HawkeyePierce »

RJ2010 wrote: Sat Jan 23, 2021 7:35 pm
HawkeyePierce wrote: Sat Jan 23, 2021 1:08 pm Use a password manager.
I feel this is a risk rather than a feature. if somehow, the password manager is hacked, hackers get everything. So I'm staying away.
I never click on links by email. I bookmark my financial institutions' website and directly go to them.
It's not. A password manager reduces risk by ensuring you use unique passwords and reducing the chances you get phished.

Password managers are very safe.

This is the opinion of every information security expert in the industry. Ignore their advice at your own peril.
User avatar
Tejfyy
Posts: 224
Joined: Mon Aug 26, 2019 9:18 pm

Re: Securing my accounts, what am I missing?

Post by Tejfyy »

HawkeyePierce wrote: Sat Jan 23, 2021 8:16 pm
RJ2010 wrote: Sat Jan 23, 2021 7:35 pm
HawkeyePierce wrote: Sat Jan 23, 2021 1:08 pm Use a password manager.
I feel this is a risk rather than a feature. if somehow, the password manager is hacked, hackers get everything. So I'm staying away.
I never click on links by email. I bookmark my financial institutions' website and directly go to them.
It's not. A password manager reduces risk by ensuring you use unique passwords and reducing the chances you get phished.

Password managers are very safe.

This is the opinion of every information security expert in the industry. Ignore their advice at your own peril.
I use an offline password manager (it's on the device not in the cloud). The thing about them is that you can generate pass phrases, strings you'd never be able to remember. I also use it to generate usernames on accounts, which again are unique strings of characters.
fourwheelcycle
Posts: 1968
Joined: Sun May 25, 2014 5:55 pm

Re: Securing my accounts, what am I missing?

Post by fourwheelcycle »

RJ2010's original list and the suggestions of other posters are very helpful. I have done most of the suggested steps, but not all of them, so I will consider the suggestions.

I do use a password manager, for convenience and for password strength, uniqueness, and security. I use the licensed version of 1 Password. I keep all of our 1 Password data on our local computers, with no cloud storage component. However, I do use some zero knowledge cloud-based services. I am comfortable they are safe from hacking by outsiders and from access by the cloud service's own employees.
Caduceus
Posts: 3527
Joined: Mon Sep 17, 2012 1:47 am

Re: Securing my accounts, what am I missing?

Post by Caduceus »

You could set a low cash advance limit on the cards so that people can't withdraw too much cash using them even if they've been compromised. You could also set lower daily withdrawal limits. That's what I do, because I think it's harder to get cash refunded than to get a charge reversed.

I also have a habit of using my non-primary credit card every time I buy from a smaller retailer because it helps me to keep better track of whether there are weird things popping up on my statement.

Also simplify financial accounts so that keeping track of them isn't such a pain.
Topic Author
RJ2010
Posts: 101
Joined: Tue Dec 15, 2020 8:32 pm

Re: Securing my accounts, what am I missing?

Post by RJ2010 »

HawkeyePierce wrote: Sat Jan 23, 2021 8:16 pm
RJ2010 wrote: Sat Jan 23, 2021 7:35 pm
HawkeyePierce wrote: Sat Jan 23, 2021 1:08 pm Use a password manager.
I feel this is a risk rather than a feature. if somehow, the password manager is hacked, hackers get everything. So I'm staying away.
I never click on links by email. I bookmark my financial institutions' website and directly go to them.
It's not. A password manager reduces risk by ensuring you use unique passwords and reducing the chances you get phished.

Password managers are very safe.

This is the opinion of every information security expert in the industry. Ignore their advice at your own peril.
I decided to give 1password a try. not every website allows it. for example BOA doesn't even allow auto fill. so you will have to manually copy the password into it
HawkeyePierce
Posts: 2351
Joined: Tue Mar 05, 2019 9:29 pm
Location: Colorado

Re: Securing my accounts, what am I missing?

Post by HawkeyePierce »

RJ2010 wrote: Sun Jan 24, 2021 4:08 pm
HawkeyePierce wrote: Sat Jan 23, 2021 8:16 pm
RJ2010 wrote: Sat Jan 23, 2021 7:35 pm
HawkeyePierce wrote: Sat Jan 23, 2021 1:08 pm Use a password manager.
I feel this is a risk rather than a feature. if somehow, the password manager is hacked, hackers get everything. So I'm staying away.
I never click on links by email. I bookmark my financial institutions' website and directly go to them.
It's not. A password manager reduces risk by ensuring you use unique passwords and reducing the chances you get phished.

Password managers are very safe.

This is the opinion of every information security expert in the industry. Ignore their advice at your own peril.
I decided to give 1password a try. not every website allows it. for example BOA doesn't even allow auto fill. so you will have to manually copy the password into it
I'm able to autofill with 1Password on bankofamerica.com.
User avatar
anon_investor
Posts: 15122
Joined: Mon Jun 03, 2019 1:43 pm

Re: Securing my accounts, what am I missing?

Post by anon_investor »

Caduceus wrote: Sun Jan 24, 2021 11:15 am Also simplify financial accounts so that keeping track of them isn't such a pain.
This is a good one. I did this a couple of years ago.
DocInColo
Posts: 98
Joined: Tue Aug 11, 2020 9:20 pm

Re: Securing my accounts, what am I missing?

Post by DocInColo »

What is the difference between 1Password and the free Keychain that comes with Mac? The nice thing about Keychain is complete integration without needing any sort of browser plug in. I know 1Password is cross-platform, but I'm all Apple except for work computers, and I'm not going to be logging into any personal (especially bank) websites on my work computer.
DocInColo
Posts: 98
Joined: Tue Aug 11, 2020 9:20 pm

Re: Securing my accounts, what am I missing?

Post by DocInColo »

intendi wrote: Sat Jan 23, 2021 12:39 pm Thank you for this post and the follow ups. Many of these strategies are new to me.
I would also add make sure you turn off any sort of overdraft protection on your accounts. My understanding is that this limits your liability for stolen checks/checking account numbers to whatever is in checking. If there is no overdraft, and someone tries to steal a bunch of money they won't be able to get it from your savings accounts.
palanzo
Posts: 2146
Joined: Thu Oct 10, 2019 4:28 pm

Re: Securing my accounts, what am I missing?

Post by palanzo »

Only use one bank account on my phone to do payment. What are you concerned about?

Hide the checking account that is linked to investment accounts. Why not link a savings account to your investment accounts rather than the checking account?
palanzo
Posts: 2146
Joined: Thu Oct 10, 2019 4:28 pm

Re: Securing my accounts, what am I missing?

Post by palanzo »

HawkeyePierce wrote: Sat Jan 23, 2021 1:08 pm Use a password manager.

Your biggest risk at the moment is that you haven't taken steps to avoid phishing attacks. A password manager helps with that if you use its browser extension autofill feature. Go download 1Password today.

You should also lock down your email account. If you're using Gmail, go order a couple Yubikeys. Register both with Google and disable SMS and authenticator codes as 2FA—use only Yubikeys to access your email accounts. Keep one with your computer and put the other in a safe place.

There's no need to avoid bank or finance apps on an iPhone. Those are more secure than your computer as they can't be phished.
A agree with you about Gmail. However, given that Vanguard is now not able to send SMS to GV, I am thinking of using protonmail. They have promised Yubikeys and in the meantime I can use an authenticator app. That way I avoid Google altogether.

Also agree about no need to voice bank or finance apps on an iPhone. I'm not sure why the OP is concerned about that.
palanzo
Posts: 2146
Joined: Thu Oct 10, 2019 4:28 pm

Re: Securing my accounts, what am I missing?

Post by palanzo »

RJ2010 wrote: Sat Jan 23, 2021 7:35 pm
HawkeyePierce wrote: Sat Jan 23, 2021 1:08 pm Use a password manager.
I feel this is a risk rather than a feature. if somehow, the password manager is hacked, hackers get everything. So I'm staying away.
I never click on links by email. I bookmark my financial institutions' website and directly go to them.
And how do you generate secure passwords? Please don't tell me you make them up.
palanzo
Posts: 2146
Joined: Thu Oct 10, 2019 4:28 pm

Re: Securing my accounts, what am I missing?

Post by palanzo »

Tejfyy wrote: Sun Jan 24, 2021 4:01 am
HawkeyePierce wrote: Sat Jan 23, 2021 8:16 pm
RJ2010 wrote: Sat Jan 23, 2021 7:35 pm
HawkeyePierce wrote: Sat Jan 23, 2021 1:08 pm Use a password manager.
I feel this is a risk rather than a feature. if somehow, the password manager is hacked, hackers get everything. So I'm staying away.
I never click on links by email. I bookmark my financial institutions' website and directly go to them.
It's not. A password manager reduces risk by ensuring you use unique passwords and reducing the chances you get phished.

Password managers are very safe.

This is the opinion of every information security expert in the industry. Ignore their advice at your own peril.
I use an offline password manager (it's on the device not in the cloud). The thing about them is that you can generate pass phrases, strings you'd never be able to remember. I also use it to generate usernames on accounts, which again are unique strings of characters.
Good ideas both. Also many people mistakenly believe that 1Password has to use the cloud. This is not the case.
palanzo
Posts: 2146
Joined: Thu Oct 10, 2019 4:28 pm

Re: Securing my accounts, what am I missing?

Post by palanzo »

RJ2010 wrote: Sun Jan 24, 2021 4:08 pm
HawkeyePierce wrote: Sat Jan 23, 2021 8:16 pm
RJ2010 wrote: Sat Jan 23, 2021 7:35 pm
HawkeyePierce wrote: Sat Jan 23, 2021 1:08 pm Use a password manager.
I feel this is a risk rather than a feature. if somehow, the password manager is hacked, hackers get everything. So I'm staying away.
I never click on links by email. I bookmark my financial institutions' website and directly go to them.
It's not. A password manager reduces risk by ensuring you use unique passwords and reducing the chances you get phished.

Password managers are very safe.

This is the opinion of every information security expert in the industry. Ignore their advice at your own peril.
I decided to give 1password a try. not every website allows it. for example BOA doesn't even allow auto fill. so you will have to manually copy the password into it
You need to redo the 1Password entry for BoA. Something has not taken properly.
palanzo
Posts: 2146
Joined: Thu Oct 10, 2019 4:28 pm

Re: Securing my accounts, what am I missing?

Post by palanzo »

DocInColo wrote: Sun Jan 24, 2021 4:37 pm
intendi wrote: Sat Jan 23, 2021 12:39 pm Thank you for this post and the follow ups. Many of these strategies are new to me.
I would also add make sure you turn off any sort of overdraft protection on your accounts. My understanding is that this limits your liability for stolen checks/checking account numbers to whatever is in checking. If there is no overdraft, and someone tries to steal a bunch of money they won't be able to get it from your savings accounts.
Do you have a reference for liability limitation with no overdraft?
DocInColo
Posts: 98
Joined: Tue Aug 11, 2020 9:20 pm

Re: Securing my accounts, what am I missing?

Post by DocInColo »

palanzo wrote: Sun Jan 24, 2021 4:52 pm
DocInColo wrote: Sun Jan 24, 2021 4:37 pm
intendi wrote: Sat Jan 23, 2021 12:39 pm Thank you for this post and the follow ups. Many of these strategies are new to me.
I would also add make sure you turn off any sort of overdraft protection on your accounts. My understanding is that this limits your liability for stolen checks/checking account numbers to whatever is in checking. If there is no overdraft, and someone tries to steal a bunch of money they won't be able to get it from your savings accounts.
Do you have a reference for liability limitation with no overdraft?
Yes, per my bank, if someone stole my debit card or tried to write a check on my checking account, they would only have access to that and no other accounts (savings, money market, etc) because overdraft is disabled.
User avatar
Archean
Posts: 58
Joined: Wed Mar 25, 2020 12:20 pm

Re: Securing my accounts, what am I missing?

Post by Archean »

A version of Google that you might consider is a Google Fi plan. It is not free ($20/mo), but it is supposed to be as secure as your Google account and resistant to SIM hijacking. This gives you a cell number that works with Vanguard. You can add a Google Voice number to the Google account, and you can use that for phone call delivery of 2-factor codes (but not text from places like Vanguard).

For secure and separate e-mail, we use Fastmail, which has strong security. We use this only for financial institutions.
"Archean - an early geologic eon before index funds"
palanzo
Posts: 2146
Joined: Thu Oct 10, 2019 4:28 pm

Re: Securing my accounts, what am I missing?

Post by palanzo »

DocInColo wrote: Sun Jan 24, 2021 5:04 pm
palanzo wrote: Sun Jan 24, 2021 4:52 pm
DocInColo wrote: Sun Jan 24, 2021 4:37 pm
intendi wrote: Sat Jan 23, 2021 12:39 pm Thank you for this post and the follow ups. Many of these strategies are new to me.
I would also add make sure you turn off any sort of overdraft protection on your accounts. My understanding is that this limits your liability for stolen checks/checking account numbers to whatever is in checking. If there is no overdraft, and someone tries to steal a bunch of money they won't be able to get it from your savings accounts.
Do you have a reference for liability limitation with no overdraft?
Yes, per my bank, if someone stole my debit card or tried to write a check on my checking account, they would only have access to that and no other accounts (savings, money market, etc) because overdraft is disabled.
Do you have a reference that this reduces your liability?
palanzo
Posts: 2146
Joined: Thu Oct 10, 2019 4:28 pm

Re: Securing my accounts, what am I missing?

Post by palanzo »

Archean wrote: Sun Jan 24, 2021 5:13 pm A version of Google that you might consider is a Google Fi plan. It is not free ($20/mo), but it is supposed to be as secure as your Google account and resistant to SIM hijacking. This gives you a cell number that works with Vanguard. You can add a Google Voice number to the Google account, and you can use that for phone call delivery of 2-factor codes (but not text from places like Vanguard).

For secure and separate e-mail, we use Fastmail, which has strong security. We use this only for financial institutions.
Google Fi on an iPhone, for example, is no more secure than the security of the SIM on your iPhone.
User avatar
Archean
Posts: 58
Joined: Wed Mar 25, 2020 12:20 pm

Re: Securing my accounts, what am I missing?

Post by Archean »

I don't believe that is true. I have tried to swap the Google Fi SIM card and had to go through my Google account security to allow it. This seems to be confirmed by talking with Google.
"Archean - an early geologic eon before index funds"
DocInColo
Posts: 98
Joined: Tue Aug 11, 2020 9:20 pm

Re: Securing my accounts, what am I missing?

Post by DocInColo »

palanzo wrote: Sun Jan 24, 2021 5:32 pm
DocInColo wrote: Sun Jan 24, 2021 5:04 pm
palanzo wrote: Sun Jan 24, 2021 4:52 pm
DocInColo wrote: Sun Jan 24, 2021 4:37 pm
intendi wrote: Sat Jan 23, 2021 12:39 pm Thank you for this post and the follow ups. Many of these strategies are new to me.
I would also add make sure you turn off any sort of overdraft protection on your accounts. My understanding is that this limits your liability for stolen checks/checking account numbers to whatever is in checking. If there is no overdraft, and someone tries to steal a bunch of money they won't be able to get it from your savings accounts.
Do you have a reference for liability limitation with no overdraft?
Yes, per my bank, if someone stole my debit card or tried to write a check on my checking account, they would only have access to that and no other accounts (savings, money market, etc) because overdraft is disabled.
Do you have a reference that this reduces your liability?
It's simple. If I have $2,000 in my checking account and overdraft protection is OFF, the most they are going to get out of my bank is... $2,000. If I have overdraft protection ON, they can get that $2,000, and if they keep writing checks/making debit card purchases, the bank will continue transferring money from my savings accounts to cover those checks/debits until it is caught and stopped, therefore my liability is greater. Sure, you will probably ultimately get the money back that was fraudulently taken out of the account regardless of whether you have overdraft protection on or off, but you can reduce your exposure to only what's in your checking account by not opting for overdraft protection. Without overdraft protection the bank is not going to transfer money from savings to checking to cover debits against the account.
palanzo
Posts: 2146
Joined: Thu Oct 10, 2019 4:28 pm

Re: Securing my accounts, what am I missing?

Post by palanzo »

DocInColo wrote: Sun Jan 24, 2021 5:48 pm
palanzo wrote: Sun Jan 24, 2021 5:32 pm
DocInColo wrote: Sun Jan 24, 2021 5:04 pm
palanzo wrote: Sun Jan 24, 2021 4:52 pm
DocInColo wrote: Sun Jan 24, 2021 4:37 pm

I would also add make sure you turn off any sort of overdraft protection on your accounts. My understanding is that this limits your liability for stolen checks/checking account numbers to whatever is in checking. If there is no overdraft, and someone tries to steal a bunch of money they won't be able to get it from your savings accounts.
Do you have a reference for liability limitation with no overdraft?
Yes, per my bank, if someone stole my debit card or tried to write a check on my checking account, they would only have access to that and no other accounts (savings, money market, etc) because overdraft is disabled.
Do you have a reference that this reduces your liability?
It's simple. If I have $2,000 in my checking account and overdraft protection is OFF, the most they are going to get out of my bank is... $2,000. If I have overdraft protection ON, they can get that $2,000, and if they keep writing checks/making debit card purchases, the bank will continue transferring money from my savings accounts to cover those checks/debits until it is caught and stopped, therefore my liability is greater. Sure, you will probably ultimately get the money back that was fraudulently taken out of the account regardless of whether you have overdraft protection on or off, but you can reduce your exposure to only what's in your checking account by not opting for overdraft protection. Without overdraft protection the bank is not going to transfer money from savings to checking to cover debits against the account.
Yes, I understand the concept.

If you have no checks on your account and lock you debit card, how are you thinking the fraud has been perpetrated?

Also, for Ally Bank you have this:

Ally Bank (Member FDIC) guarantees that you will not be liable for any unauthorized Online or Mobile Banking transaction as long as you report the unauthorized transaction by calling us at 1-877-247-2559 within 60 days from when your statement is made available.

If you make sure you have activity notifications on then you would be aware of the first fraudulent transaction as it happened. One telephone call later Ally has locked you account.
DocInColo
Posts: 98
Joined: Tue Aug 11, 2020 9:20 pm

Re: Securing my accounts, what am I missing?

Post by DocInColo »

palanzo wrote: Sun Jan 24, 2021 5:56 pm
DocInColo wrote: Sun Jan 24, 2021 5:48 pm
palanzo wrote: Sun Jan 24, 2021 5:32 pm
DocInColo wrote: Sun Jan 24, 2021 5:04 pm
palanzo wrote: Sun Jan 24, 2021 4:52 pm

Do you have a reference for liability limitation with no overdraft?
Yes, per my bank, if someone stole my debit card or tried to write a check on my checking account, they would only have access to that and no other accounts (savings, money market, etc) because overdraft is disabled.
Do you have a reference that this reduces your liability?
It's simple. If I have $2,000 in my checking account and overdraft protection is OFF, the most they are going to get out of my bank is... $2,000. If I have overdraft protection ON, they can get that $2,000, and if they keep writing checks/making debit card purchases, the bank will continue transferring money from my savings accounts to cover those checks/debits until it is caught and stopped, therefore my liability is greater. Sure, you will probably ultimately get the money back that was fraudulently taken out of the account regardless of whether you have overdraft protection on or off, but you can reduce your exposure to only what's in your checking account by not opting for overdraft protection. Without overdraft protection the bank is not going to transfer money from savings to checking to cover debits against the account.
Yes, I understand the concept.

If you have no checks on your account and lock you debit card, how are you thinking the fraud has been perpetrated?

Also, for Ally Bank you have this:

Ally Bank (Member FDIC) guarantees that you will not be liable for any unauthorized Online or Mobile Banking transaction as long as you report the unauthorized transaction by calling us at 1-877-247-2559 within 60 days from when your statement is made available.

If you make sure you have activity notifications on then you would be aware of the first fraudulent transaction as it happened. One telephone call later Ally has locked you account.
I probably shouldn't have used "liability" because that has multiple meanings. :D I think its less of an issue for people who are vigilant, but there are still lots of ways your account can be compromised. Fraudulent wire transfers and check fraud come to mind. Even if you've never ordered checks, anyone can print them or order them online as long as they have your routing and account number.

EDIT: and even if you get the money back in the end, most banks don't do it instantaneously so you are potentially tying up a lot of your cash while it gets sorted out.
User avatar
JamalJones
Posts: 247
Joined: Sat May 28, 2016 12:53 pm
Location: Virgo Super Cluster

Re: Securing my accounts, what am I missing?

Post by JamalJones »

RJ2010 wrote: Fri Jan 22, 2021 7:51 pm My credit card was used overseas while cards were in my possession (probably due to travel and someone stole the #).

What else am I missing?
Get a privacy.com account and download the app for your phone.

They’re used as debit cards (not credit cards). So what you do, is create a new virtual card for each account you have (they don’t actually give you physical cards). For example, you could have one just for online shopping, another for Uber/Lyft, another one for streaming services, etc. You can use those with whatever vendor you choose. Then probably when (not if) they get hacked and those numbers possibly get out, they won’t be able to use it any other place. Because it’s locked to that vendor. You can also set up a spending limit for each card and delete them or pause them as well. Both of which will not allow the card to be used.

I had a situation where I used a privacy.com card for the purchase some water filters from this company. Well somehow that card information got out and someone tried, like seven times, to charge that particular card and they were all declined. They sent you an email notification. I didn’t need to do anything, no phone calls, no “pausing”... it’s a pretty nice service!

And you can create as many cards as you’d like, and it’s completely free to use! Privacy.com makes money via the ACH transfers.

Check it out!
TSP + Vanguard + Fidelity CMA: 80% equities / 20% bonds | "I don't shine shoes, I don’t tape ankles, I don't cut checks - straight cash homie!!" --R. Moss | Winner 2021 Hedge Fund Contest
HawkeyePierce
Posts: 2351
Joined: Tue Mar 05, 2019 9:29 pm
Location: Colorado

Re: Securing my accounts, what am I missing?

Post by HawkeyePierce »

palanzo wrote: Sun Jan 24, 2021 4:46 pm
HawkeyePierce wrote: Sat Jan 23, 2021 1:08 pm Use a password manager.

Your biggest risk at the moment is that you haven't taken steps to avoid phishing attacks. A password manager helps with that if you use its browser extension autofill feature. Go download 1Password today.

You should also lock down your email account. If you're using Gmail, go order a couple Yubikeys. Register both with Google and disable SMS and authenticator codes as 2FA—use only Yubikeys to access your email accounts. Keep one with your computer and put the other in a safe place.

There's no need to avoid bank or finance apps on an iPhone. Those are more secure than your computer as they can't be phished.
A agree with you about Gmail. However, given that Vanguard is now not able to send SMS to GV, I am thinking of using protonmail. They have promised Yubikeys and in the meantime I can use an authenticator app. That way I avoid Google altogether.

Also agree about no need to voice bank or finance apps on an iPhone. I'm not sure why the OP is concerned about that.
Your biggest risk with your email account is account takeover. I put far more faith in a locked-down Google account than any other provider.
HawkeyePierce
Posts: 2351
Joined: Tue Mar 05, 2019 9:29 pm
Location: Colorado

Re: Securing my accounts, what am I missing?

Post by HawkeyePierce »

JamalJones wrote: Sun Jan 24, 2021 6:23 pm
RJ2010 wrote: Fri Jan 22, 2021 7:51 pm My credit card was used overseas while cards were in my possession (probably due to travel and someone stole the #).

What else am I missing?
Get a privacy.com account and download the app for your phone.

They’re used as debit cards (not credit cards). So what you do, is create a new virtual card for each account you have (they don’t actually give you physical cards). For example, you could have one just for online shopping, another for Uber/Lyft, another one for streaming services, etc. You can use those with whatever vendor you choose. Then probably when (not if) they get hacked and those numbers possibly get out, they won’t be able to use it any other place. Because it’s locked to that vendor. You can also set up a spending limit for each card and delete them or pause them as well. Both of which will not allow the card to be used.

I had a situation where I used a privacy.com card for the purchase some water filters from this company. Well somehow that card information got out and someone tried, like seven times, to charge that particular card and they were all declined. They sent you an email notification. I didn’t need to do anything, no phone calls, no “pausing”... it’s a pretty nice service!

And you can create as many cards as you’d like, and it’s completely free to use! Privacy.com makes money via the ACH transfers.

Check it out!
Much easier to just use a credit card instead of jumping through all those hoops.
User avatar
JamalJones
Posts: 247
Joined: Sat May 28, 2016 12:53 pm
Location: Virgo Super Cluster

Re: Securing my accounts, what am I missing?

Post by JamalJones »

HawkeyePierce wrote: Sun Jan 24, 2021 7:13 pm
JamalJones wrote: Sun Jan 24, 2021 6:23 pm
RJ2010 wrote: Fri Jan 22, 2021 7:51 pm My credit card was used overseas while cards were in my possession (probably due to travel and someone stole the #).

What else am I missing?
Get a privacy.com account and download the app for your phone.

They’re used as debit cards (not credit cards). So what you do, is create a new virtual card for each account you have (they don’t actually give you physical cards). For example, you could have one just for online shopping, another for Uber/Lyft, another one for streaming services, etc. You can use those with whatever vendor you choose. Then probably when (not if) they get hacked and those numbers possibly get out, they won’t be able to use it any other place. Because it’s locked to that vendor. You can also set up a spending limit for each card and delete them or pause them as well. Both of which will not allow the card to be used.

I had a situation where I used a privacy.com card for the purchase some water filters from this company. Well somehow that card information got out and someone tried, like seven times, to charge that particular card and they were all declined. They sent you an email notification. I didn’t need to do anything, no phone calls, no “pausing”... it’s a pretty nice service!

And you can create as many cards as you’d like, and it’s completely free to use! Privacy.com makes money via the ACH transfers.

Check it out!
Much easier to just use a credit card instead of jumping through all those hoops.
What “hoops” are you referring to, sport?
TSP + Vanguard + Fidelity CMA: 80% equities / 20% bonds | "I don't shine shoes, I don’t tape ankles, I don't cut checks - straight cash homie!!" --R. Moss | Winner 2021 Hedge Fund Contest
palanzo
Posts: 2146
Joined: Thu Oct 10, 2019 4:28 pm

Re: Securing my accounts, what am I missing?

Post by palanzo »

JamalJones wrote: Sun Jan 24, 2021 6:23 pm
RJ2010 wrote: Fri Jan 22, 2021 7:51 pm My credit card was used overseas while cards were in my possession (probably due to travel and someone stole the #).

What else am I missing?
Get a privacy.com account and download the app for your phone.

They’re used as debit cards (not credit cards). So what you do, is create a new virtual card for each account you have (they don’t actually give you physical cards). For example, you could have one just for online shopping, another for Uber/Lyft, another one for streaming services, etc. You can use those with whatever vendor you choose. Then probably when (not if) they get hacked and those numbers possibly get out, they won’t be able to use it any other place. Because it’s locked to that vendor. You can also set up a spending limit for each card and delete them or pause them as well. Both of which will not allow the card to be used.

I had a situation where I used a privacy.com card for the purchase some water filters from this company. Well somehow that card information got out and someone tried, like seven times, to charge that particular card and they were all declined. They sent you an email notification. I didn’t need to do anything, no phone calls, no “pausing”... it’s a pretty nice service!

And you can create as many cards as you’d like, and it’s completely free to use! Privacy.com makes money via the ACH transfers.

Check it out!
Just use Apple Pay and/or Apple Card.
User avatar
JamalJones
Posts: 247
Joined: Sat May 28, 2016 12:53 pm
Location: Virgo Super Cluster

Re: Securing my accounts, what am I missing?

Post by JamalJones »

palanzo wrote: Sun Jan 24, 2021 7:47 pm
JamalJones wrote: Sun Jan 24, 2021 6:23 pm
RJ2010 wrote: Fri Jan 22, 2021 7:51 pm My credit card was used overseas while cards were in my possession (probably due to travel and someone stole the #).

What else am I missing?
Get a privacy.com account and download the app for your phone.

They’re used as debit cards (not credit cards). So what you do, is create a new virtual card for each account you have (they don’t actually give you physical cards). For example, you could have one just for online shopping, another for Uber/Lyft, another one for streaming services, etc. You can use those with whatever vendor you choose. Then probably when (not if) they get hacked and those numbers possibly get out, they won’t be able to use it any other place. Because it’s locked to that vendor. You can also set up a spending limit for each card and delete them or pause them as well. Both of which will not allow the card to be used.

I had a situation where I used a privacy.com card for the purchase some water filters from this company. Well somehow that card information got out and someone tried, like seven times, to charge that particular card and they were all declined. They sent you an email notification. I didn’t need to do anything, no phone calls, no “pausing”... it’s a pretty nice service!

And you can create as many cards as you’d like, and it’s completely free to use! Privacy.com makes money via the ACH transfers.

Check it out!
Just use Apple Pay and/or Apple Card.
I use that too.
TSP + Vanguard + Fidelity CMA: 80% equities / 20% bonds | "I don't shine shoes, I don’t tape ankles, I don't cut checks - straight cash homie!!" --R. Moss | Winner 2021 Hedge Fund Contest
Topic Author
RJ2010
Posts: 101
Joined: Tue Dec 15, 2020 8:32 pm

Re: Securing my accounts, what am I missing?

Post by RJ2010 »

after suggestions of 1password, I signed up.
one problem is that 1password generate 20 chars. I can't find a way to customize.
many sites dont' take 20 chars. what's worse is that some site silently takes it and then when you sign in, the password will be incorrect.
anyone knows how to customize length of generated password?
mptfan
Posts: 7217
Joined: Mon Mar 05, 2007 8:58 am

Re: Securing my accounts, what am I missing?

Post by mptfan »

RJ2010 wrote: Sat Jan 23, 2021 7:35 pm I feel this is a risk rather than a feature. if somehow, the password manager is hacked, hackers get everything. So I'm staying away.
I used to think that too. I was wrong.

If you want the ultimate in secure email, use Gmail and sign up for the Advanced Protection Program.
User avatar
JaneyLH
Posts: 632
Joined: Wed Oct 16, 2013 7:16 pm

Re: Securing my accounts, what am I missing?

Post by JaneyLH »

palanzo wrote: Sun Jan 24, 2021 4:49 pm
Tejfyy wrote: Sun Jan 24, 2021 4:01 am
HawkeyePierce wrote: Sat Jan 23, 2021 8:16 pm
RJ2010 wrote: Sat Jan 23, 2021 7:35 pm
HawkeyePierce wrote: Sat Jan 23, 2021 1:08 pm Use a password manager.
I feel this is a risk rather than a feature. if somehow, the password manager is hacked, hackers get everything. So I'm staying away.
I never click on links by email. I bookmark my financial institutions' website and directly go to them.
It's not. A password manager reduces risk by ensuring you use unique passwords and reducing the chances you get phished.

Password managers are very safe.

This is the opinion of every information security expert in the industry. Ignore their advice at your own peril.
I use an offline password manager (it's on the device not in the cloud). The thing about them is that you can generate pass phrases, strings you'd never be able to remember. I also use it to generate usernames on accounts, which again are unique strings of characters.
Good ideas both. Also many people mistakenly believe that 1Password has to use the cloud. This is not the case.
I use Dashlane to store over 600 randomly generated 10-character passwords. This is their answer to the "what if they get hacked" question: "Dashlane does not store your Master Password anywhere on our servers, and it is never transmitted over the internet. That means the key to your castle cannot be taken from you and your encrypted data stored on our servers is useless to hackers." Of course this means you must NEVER forget your master password, because you and you alone know it. Although it would only mean that you would have to say you lost your password for each site you access and have them send you a reset link. An inconvenience, not as bad as forgetting your bitcoin password!
palanzo
Posts: 2146
Joined: Thu Oct 10, 2019 4:28 pm

Re: Securing my accounts, what am I missing?

Post by palanzo »

RJ2010 wrote: Mon Jan 25, 2021 5:54 pm after suggestions of 1password, I signed up.
one problem is that 1password generate 20 chars. I can't find a way to customize.
many sites dont' take 20 chars. what's worse is that some site silently takes it and then when you sign in, the password will be incorrect.
anyone knows how to customize length of generated password?
It's right there on the screen when you say generate password. Are you sure you are using 1Password?
palanzo
Posts: 2146
Joined: Thu Oct 10, 2019 4:28 pm

Re: Securing my accounts, what am I missing?

Post by palanzo »

JaneyLH wrote: Mon Jan 25, 2021 6:43 pm
palanzo wrote: Sun Jan 24, 2021 4:49 pm
Tejfyy wrote: Sun Jan 24, 2021 4:01 am
HawkeyePierce wrote: Sat Jan 23, 2021 8:16 pm
RJ2010 wrote: Sat Jan 23, 2021 7:35 pm

I feel this is a risk rather than a feature. if somehow, the password manager is hacked, hackers get everything. So I'm staying away.
I never click on links by email. I bookmark my financial institutions' website and directly go to them.
It's not. A password manager reduces risk by ensuring you use unique passwords and reducing the chances you get phished.

Password managers are very safe.

This is the opinion of every information security expert in the industry. Ignore their advice at your own peril.
I use an offline password manager (it's on the device not in the cloud). The thing about them is that you can generate pass phrases, strings you'd never be able to remember. I also use it to generate usernames on accounts, which again are unique strings of characters.
Good ideas both. Also many people mistakenly believe that 1Password has to use the cloud. This is not the case.
I use Dashlane to store over 600 randomly generated 10-character passwords. This is their answer to the "what if they get hacked" question: "Dashlane does not store your Master Password anywhere on our servers, and it is never transmitted over the internet. That means the key to your castle cannot be taken from you and your encrypted data stored on our servers is useless to hackers." Of course this means you must NEVER forget your master password, because you and you alone know it. Although it would only mean that you would have to say you lost your password for each site you access and have them send you a reset link. An inconvenience, not as bad as forgetting your bitcoin password!
Sure. You can do that with 1Password too. All depends on how strong your master password is. You can do a lot with a GPU.
Topic Author
RJ2010
Posts: 101
Joined: Tue Dec 15, 2020 8:32 pm

Re: Securing my accounts, what am I missing?

Post by RJ2010 »

palanzo wrote: Mon Jan 25, 2021 7:24 pm
RJ2010 wrote: Mon Jan 25, 2021 5:54 pm after suggestions of 1password, I signed up.
one problem is that 1password generate 20 chars. I can't find a way to customize.
many sites dont' take 20 chars. what's worse is that some site silently takes it and then when you sign in, the password will be incorrect.
anyone knows how to customize length of generated password?
It's right there on the screen when you say generate password. Are you sure you are using 1Password?
I'm using Edge (which is based on Chrome) browser extension. When offering to generate password, it defaults 20 chars. you can't customize it. Apparently, there is a web version that you have to manually use and generate. https://1password.com/password-generator/ allows you to specify if you want symbols and how long. it even allows you to use whole words
palanzo
Posts: 2146
Joined: Thu Oct 10, 2019 4:28 pm

Re: Securing my accounts, what am I missing?

Post by palanzo »

RJ2010 wrote: Mon Jan 25, 2021 10:34 pm
palanzo wrote: Mon Jan 25, 2021 7:24 pm
RJ2010 wrote: Mon Jan 25, 2021 5:54 pm after suggestions of 1password, I signed up.
one problem is that 1password generate 20 chars. I can't find a way to customize.
many sites dont' take 20 chars. what's worse is that some site silently takes it and then when you sign in, the password will be incorrect.
anyone knows how to customize length of generated password?
It's right there on the screen when you say generate password. Are you sure you are using 1Password?
I'm using Edge (which is based on Chrome) browser extension. When offering to generate password, it defaults 20 chars. you can't customize it. Apparently, there is a web version that you have to manually use and generate. https://1password.com/password-generator/ allows you to specify if you want symbols and how long. it even allows you to use whole words
Are you on a PC or a Mac? On the Mac you can customize it to your heart's content. No web version required.
Topic Author
RJ2010
Posts: 101
Joined: Tue Dec 15, 2020 8:32 pm

Re: Securing my accounts, what am I missing?

Post by RJ2010 »

palanzo wrote: Tue Jan 26, 2021 12:40 am
RJ2010 wrote: Mon Jan 25, 2021 10:34 pm
palanzo wrote: Mon Jan 25, 2021 7:24 pm
RJ2010 wrote: Mon Jan 25, 2021 5:54 pm after suggestions of 1password, I signed up.
one problem is that 1password generate 20 chars. I can't find a way to customize.
many sites dont' take 20 chars. what's worse is that some site silently takes it and then when you sign in, the password will be incorrect.
anyone knows how to customize length of generated password?
It's right there on the screen when you say generate password. Are you sure you are using 1Password?
I'm using Edge (which is based on Chrome) browser extension. When offering to generate password, it defaults 20 chars. you can't customize it. Apparently, there is a web version that you have to manually use and generate. https://1password.com/password-generator/ allows you to specify if you want symbols and how long. it even allows you to use whole words
Are you on a PC or a Mac? On the Mac you can customize it to your heart's content. No web version required.
I'm on PC. OK, figured it out. You have to click on the + sign to get it to customize. Thank you for your persistence of pointing this out
palanzo
Posts: 2146
Joined: Thu Oct 10, 2019 4:28 pm

Re: Securing my accounts, what am I missing?

Post by palanzo »

RJ2010 wrote: Tue Jan 26, 2021 10:57 am
palanzo wrote: Tue Jan 26, 2021 12:40 am
RJ2010 wrote: Mon Jan 25, 2021 10:34 pm
palanzo wrote: Mon Jan 25, 2021 7:24 pm
RJ2010 wrote: Mon Jan 25, 2021 5:54 pm after suggestions of 1password, I signed up.
one problem is that 1password generate 20 chars. I can't find a way to customize.
many sites dont' take 20 chars. what's worse is that some site silently takes it and then when you sign in, the password will be incorrect.
anyone knows how to customize length of generated password?
It's right there on the screen when you say generate password. Are you sure you are using 1Password?
I'm using Edge (which is based on Chrome) browser extension. When offering to generate password, it defaults 20 chars. you can't customize it. Apparently, there is a web version that you have to manually use and generate. https://1password.com/password-generator/ allows you to specify if you want symbols and how long. it even allows you to use whole words
Are you on a PC or a Mac? On the Mac you can customize it to your heart's content. No web version required.
I'm on PC. OK, figured it out. You have to click on the + sign to get it to customize. Thank you for your persistence of pointing this out
You're welcome. :sharebeer
Post Reply