Securing my accounts, what am I missing?
Securing my accounts, what am I missing?
2020 was a wake-up year for me. I discovered that my FB account was accessed overseas. My credit card was used overseas while cards were in my possession (probably due to travel and someone stole the #).
After research (from this site), here is what I did:
1. Secured all accounts (including email, financial, social media) with 2FA (if provided). Use App instead of SMS if provided.
2. Every account has a different password
3. Financial accounts have different email (which I never use for anything else)
4. Signed up notifications/alerts
5. Locked my sim with phone company to prevent swapping and protect with password and all security they provide
6. Requested IRS pin
7. Registered social security account
8. Froze credit checking from experien, equifax and transunion
9. Only use one bank account on my phone to do payment. That account has low balance and is different from the account and bank linked to investment brokerage accounts. Everything else will be done from home computer.
Plan to do
1. Freeze chexsystems
2. Request checkbook for a checking account that has low balance. Hide the checking account that is linked to investment accounts. Stop using that checking account for check writing
3. When travelling, disable bluetooth on my phone
What else am I missing?
After research (from this site), here is what I did:
1. Secured all accounts (including email, financial, social media) with 2FA (if provided). Use App instead of SMS if provided.
2. Every account has a different password
3. Financial accounts have different email (which I never use for anything else)
4. Signed up notifications/alerts
5. Locked my sim with phone company to prevent swapping and protect with password and all security they provide
6. Requested IRS pin
7. Registered social security account
8. Froze credit checking from experien, equifax and transunion
9. Only use one bank account on my phone to do payment. That account has low balance and is different from the account and bank linked to investment brokerage accounts. Everything else will be done from home computer.
Plan to do
1. Freeze chexsystems
2. Request checkbook for a checking account that has low balance. Hide the checking account that is linked to investment accounts. Stop using that checking account for check writing
3. When travelling, disable bluetooth on my phone
What else am I missing?
- anon_investor
- Posts: 15122
- Joined: Mon Jun 03, 2019 1:43 pm
Re: Securing my accounts, what am I missing?
Here are some additional things I have done:
-Create and IRS account (unclear if you created one when obtaining the IRS ID Protection PIN)
-"Freeze" and debit cards tied to your checking accounts (my banks have this feature on their website or phone app)
-Experien, Equifax and Transunion all offer free credit monitoring (just make sure you sign up for the free one not the paid one) that also gives you free access to your credit reports. I monitor these periodically, but I do get email alerts every time there is a change in my credit report.
-Make sure certain private information is not available in my social media profiles (home town, date of birth, etc.)
-If your state has an online tax account (mine has one similar to an IRS account) create one
-Create and IRS account (unclear if you created one when obtaining the IRS ID Protection PIN)
-"Freeze" and debit cards tied to your checking accounts (my banks have this feature on their website or phone app)
-Experien, Equifax and Transunion all offer free credit monitoring (just make sure you sign up for the free one not the paid one) that also gives you free access to your credit reports. I monitor these periodically, but I do get email alerts every time there is a change in my credit report.
-Make sure certain private information is not available in my social media profiles (home town, date of birth, etc.)
-If your state has an online tax account (mine has one similar to an IRS account) create one
Re: Securing my accounts, what am I missing?
Thank you for this post and the follow ups. Many of these strategies are new to me.
Re: Securing my accounts, what am I missing?
My credit cards allow me to freeze them using my phone app. The app is locked and uses face ID. When we travel together, my spouse and I each carry two cards, one different than the other (so three cards). If one wallet is stolen/lost, we haven't lost all cards. If I travel alone, I carry at least two cards and try to leave one in a hotel safe if I think it is secure.
I don't use social media, except one twitter account that is not tied to my name or any email address I use for anything else. The twitter account is purely for alerts (e.g. I get an alert if the Chesapeake Bay Bridge is closed or under wind warnings).
I don't use social media, except one twitter account that is not tied to my name or any email address I use for anything else. The twitter account is purely for alerts (e.g. I get an alert if the Chesapeake Bay Bridge is closed or under wind warnings).
Don't trust me, look it up. https://www.irs.gov/forms-instructions-and-publications
-
- Posts: 2351
- Joined: Tue Mar 05, 2019 9:29 pm
- Location: Colorado
Re: Securing my accounts, what am I missing?
Use a password manager.
Your biggest risk at the moment is that you haven't taken steps to avoid phishing attacks. A password manager helps with that if you use its browser extension autofill feature. Go download 1Password today.
You should also lock down your email account. If you're using Gmail, go order a couple Yubikeys. Register both with Google and disable SMS and authenticator codes as 2FA—use only Yubikeys to access your email accounts. Keep one with your computer and put the other in a safe place.
There's no need to avoid bank or finance apps on an iPhone. Those are more secure than your computer as they can't be phished.
Your biggest risk at the moment is that you haven't taken steps to avoid phishing attacks. A password manager helps with that if you use its browser extension autofill feature. Go download 1Password today.
You should also lock down your email account. If you're using Gmail, go order a couple Yubikeys. Register both with Google and disable SMS and authenticator codes as 2FA—use only Yubikeys to access your email accounts. Keep one with your computer and put the other in a safe place.
There's no need to avoid bank or finance apps on an iPhone. Those are more secure than your computer as they can't be phished.
Re: Securing my accounts, what am I missing?
I feel this is a risk rather than a feature. if somehow, the password manager is hacked, hackers get everything. So I'm staying away.
I never click on links by email. I bookmark my financial institutions' website and directly go to them.
-
- Posts: 111
- Joined: Sun Dec 06, 2020 6:28 pm
Re: Securing my accounts, what am I missing?
If you can memorize a strong, unique password for each site you use, great. If you plan on reusing the same one or two passwords everywhere, this is a terrible idea.
-
- Posts: 2351
- Joined: Tue Mar 05, 2019 9:29 pm
- Location: Colorado
Re: Securing my accounts, what am I missing?
It's not. A password manager reduces risk by ensuring you use unique passwords and reducing the chances you get phished.
Password managers are very safe.
This is the opinion of every information security expert in the industry. Ignore their advice at your own peril.
Re: Securing my accounts, what am I missing?
I use an offline password manager (it's on the device not in the cloud). The thing about them is that you can generate pass phrases, strings you'd never be able to remember. I also use it to generate usernames on accounts, which again are unique strings of characters.HawkeyePierce wrote: ↑Sat Jan 23, 2021 8:16 pmIt's not. A password manager reduces risk by ensuring you use unique passwords and reducing the chances you get phished.
Password managers are very safe.
This is the opinion of every information security expert in the industry. Ignore their advice at your own peril.
-
- Posts: 1968
- Joined: Sun May 25, 2014 5:55 pm
Re: Securing my accounts, what am I missing?
RJ2010's original list and the suggestions of other posters are very helpful. I have done most of the suggested steps, but not all of them, so I will consider the suggestions.
I do use a password manager, for convenience and for password strength, uniqueness, and security. I use the licensed version of 1 Password. I keep all of our 1 Password data on our local computers, with no cloud storage component. However, I do use some zero knowledge cloud-based services. I am comfortable they are safe from hacking by outsiders and from access by the cloud service's own employees.
I do use a password manager, for convenience and for password strength, uniqueness, and security. I use the licensed version of 1 Password. I keep all of our 1 Password data on our local computers, with no cloud storage component. However, I do use some zero knowledge cloud-based services. I am comfortable they are safe from hacking by outsiders and from access by the cloud service's own employees.
Re: Securing my accounts, what am I missing?
You could set a low cash advance limit on the cards so that people can't withdraw too much cash using them even if they've been compromised. You could also set lower daily withdrawal limits. That's what I do, because I think it's harder to get cash refunded than to get a charge reversed.
I also have a habit of using my non-primary credit card every time I buy from a smaller retailer because it helps me to keep better track of whether there are weird things popping up on my statement.
Also simplify financial accounts so that keeping track of them isn't such a pain.
I also have a habit of using my non-primary credit card every time I buy from a smaller retailer because it helps me to keep better track of whether there are weird things popping up on my statement.
Also simplify financial accounts so that keeping track of them isn't such a pain.
Re: Securing my accounts, what am I missing?
I decided to give 1password a try. not every website allows it. for example BOA doesn't even allow auto fill. so you will have to manually copy the password into itHawkeyePierce wrote: ↑Sat Jan 23, 2021 8:16 pmIt's not. A password manager reduces risk by ensuring you use unique passwords and reducing the chances you get phished.
Password managers are very safe.
This is the opinion of every information security expert in the industry. Ignore their advice at your own peril.
-
- Posts: 2351
- Joined: Tue Mar 05, 2019 9:29 pm
- Location: Colorado
Re: Securing my accounts, what am I missing?
I'm able to autofill with 1Password on bankofamerica.com.RJ2010 wrote: ↑Sun Jan 24, 2021 4:08 pmI decided to give 1password a try. not every website allows it. for example BOA doesn't even allow auto fill. so you will have to manually copy the password into itHawkeyePierce wrote: ↑Sat Jan 23, 2021 8:16 pmIt's not. A password manager reduces risk by ensuring you use unique passwords and reducing the chances you get phished.
Password managers are very safe.
This is the opinion of every information security expert in the industry. Ignore their advice at your own peril.
- anon_investor
- Posts: 15122
- Joined: Mon Jun 03, 2019 1:43 pm
Re: Securing my accounts, what am I missing?
What is the difference between 1Password and the free Keychain that comes with Mac? The nice thing about Keychain is complete integration without needing any sort of browser plug in. I know 1Password is cross-platform, but I'm all Apple except for work computers, and I'm not going to be logging into any personal (especially bank) websites on my work computer.
Re: Securing my accounts, what am I missing?
I would also add make sure you turn off any sort of overdraft protection on your accounts. My understanding is that this limits your liability for stolen checks/checking account numbers to whatever is in checking. If there is no overdraft, and someone tries to steal a bunch of money they won't be able to get it from your savings accounts.
Re: Securing my accounts, what am I missing?
Only use one bank account on my phone to do payment. What are you concerned about?
Hide the checking account that is linked to investment accounts. Why not link a savings account to your investment accounts rather than the checking account?
Hide the checking account that is linked to investment accounts. Why not link a savings account to your investment accounts rather than the checking account?
Re: Securing my accounts, what am I missing?
A agree with you about Gmail. However, given that Vanguard is now not able to send SMS to GV, I am thinking of using protonmail. They have promised Yubikeys and in the meantime I can use an authenticator app. That way I avoid Google altogether.HawkeyePierce wrote: ↑Sat Jan 23, 2021 1:08 pm Use a password manager.
Your biggest risk at the moment is that you haven't taken steps to avoid phishing attacks. A password manager helps with that if you use its browser extension autofill feature. Go download 1Password today.
You should also lock down your email account. If you're using Gmail, go order a couple Yubikeys. Register both with Google and disable SMS and authenticator codes as 2FA—use only Yubikeys to access your email accounts. Keep one with your computer and put the other in a safe place.
There's no need to avoid bank or finance apps on an iPhone. Those are more secure than your computer as they can't be phished.
Also agree about no need to voice bank or finance apps on an iPhone. I'm not sure why the OP is concerned about that.
Re: Securing my accounts, what am I missing?
And how do you generate secure passwords? Please don't tell me you make them up.
Re: Securing my accounts, what am I missing?
Good ideas both. Also many people mistakenly believe that 1Password has to use the cloud. This is not the case.Tejfyy wrote: ↑Sun Jan 24, 2021 4:01 amI use an offline password manager (it's on the device not in the cloud). The thing about them is that you can generate pass phrases, strings you'd never be able to remember. I also use it to generate usernames on accounts, which again are unique strings of characters.HawkeyePierce wrote: ↑Sat Jan 23, 2021 8:16 pmIt's not. A password manager reduces risk by ensuring you use unique passwords and reducing the chances you get phished.
Password managers are very safe.
This is the opinion of every information security expert in the industry. Ignore their advice at your own peril.
Re: Securing my accounts, what am I missing?
You need to redo the 1Password entry for BoA. Something has not taken properly.RJ2010 wrote: ↑Sun Jan 24, 2021 4:08 pmI decided to give 1password a try. not every website allows it. for example BOA doesn't even allow auto fill. so you will have to manually copy the password into itHawkeyePierce wrote: ↑Sat Jan 23, 2021 8:16 pmIt's not. A password manager reduces risk by ensuring you use unique passwords and reducing the chances you get phished.
Password managers are very safe.
This is the opinion of every information security expert in the industry. Ignore their advice at your own peril.
Re: Securing my accounts, what am I missing?
Do you have a reference for liability limitation with no overdraft?DocInColo wrote: ↑Sun Jan 24, 2021 4:37 pmI would also add make sure you turn off any sort of overdraft protection on your accounts. My understanding is that this limits your liability for stolen checks/checking account numbers to whatever is in checking. If there is no overdraft, and someone tries to steal a bunch of money they won't be able to get it from your savings accounts.
Re: Securing my accounts, what am I missing?
Yes, per my bank, if someone stole my debit card or tried to write a check on my checking account, they would only have access to that and no other accounts (savings, money market, etc) because overdraft is disabled.palanzo wrote: ↑Sun Jan 24, 2021 4:52 pmDo you have a reference for liability limitation with no overdraft?DocInColo wrote: ↑Sun Jan 24, 2021 4:37 pmI would also add make sure you turn off any sort of overdraft protection on your accounts. My understanding is that this limits your liability for stolen checks/checking account numbers to whatever is in checking. If there is no overdraft, and someone tries to steal a bunch of money they won't be able to get it from your savings accounts.
Re: Securing my accounts, what am I missing?
A version of Google that you might consider is a Google Fi plan. It is not free ($20/mo), but it is supposed to be as secure as your Google account and resistant to SIM hijacking. This gives you a cell number that works with Vanguard. You can add a Google Voice number to the Google account, and you can use that for phone call delivery of 2-factor codes (but not text from places like Vanguard).
For secure and separate e-mail, we use Fastmail, which has strong security. We use this only for financial institutions.
For secure and separate e-mail, we use Fastmail, which has strong security. We use this only for financial institutions.
"Archean - an early geologic eon before index funds"
Re: Securing my accounts, what am I missing?
Do you have a reference that this reduces your liability?DocInColo wrote: ↑Sun Jan 24, 2021 5:04 pmYes, per my bank, if someone stole my debit card or tried to write a check on my checking account, they would only have access to that and no other accounts (savings, money market, etc) because overdraft is disabled.palanzo wrote: ↑Sun Jan 24, 2021 4:52 pmDo you have a reference for liability limitation with no overdraft?DocInColo wrote: ↑Sun Jan 24, 2021 4:37 pmI would also add make sure you turn off any sort of overdraft protection on your accounts. My understanding is that this limits your liability for stolen checks/checking account numbers to whatever is in checking. If there is no overdraft, and someone tries to steal a bunch of money they won't be able to get it from your savings accounts.
Re: Securing my accounts, what am I missing?
Google Fi on an iPhone, for example, is no more secure than the security of the SIM on your iPhone.Archean wrote: ↑Sun Jan 24, 2021 5:13 pm A version of Google that you might consider is a Google Fi plan. It is not free ($20/mo), but it is supposed to be as secure as your Google account and resistant to SIM hijacking. This gives you a cell number that works with Vanguard. You can add a Google Voice number to the Google account, and you can use that for phone call delivery of 2-factor codes (but not text from places like Vanguard).
For secure and separate e-mail, we use Fastmail, which has strong security. We use this only for financial institutions.
Re: Securing my accounts, what am I missing?
I don't believe that is true. I have tried to swap the Google Fi SIM card and had to go through my Google account security to allow it. This seems to be confirmed by talking with Google.
"Archean - an early geologic eon before index funds"
Re: Securing my accounts, what am I missing?
It's simple. If I have $2,000 in my checking account and overdraft protection is OFF, the most they are going to get out of my bank is... $2,000. If I have overdraft protection ON, they can get that $2,000, and if they keep writing checks/making debit card purchases, the bank will continue transferring money from my savings accounts to cover those checks/debits until it is caught and stopped, therefore my liability is greater. Sure, you will probably ultimately get the money back that was fraudulently taken out of the account regardless of whether you have overdraft protection on or off, but you can reduce your exposure to only what's in your checking account by not opting for overdraft protection. Without overdraft protection the bank is not going to transfer money from savings to checking to cover debits against the account.palanzo wrote: ↑Sun Jan 24, 2021 5:32 pmDo you have a reference that this reduces your liability?DocInColo wrote: ↑Sun Jan 24, 2021 5:04 pmYes, per my bank, if someone stole my debit card or tried to write a check on my checking account, they would only have access to that and no other accounts (savings, money market, etc) because overdraft is disabled.palanzo wrote: ↑Sun Jan 24, 2021 4:52 pmDo you have a reference for liability limitation with no overdraft?DocInColo wrote: ↑Sun Jan 24, 2021 4:37 pmI would also add make sure you turn off any sort of overdraft protection on your accounts. My understanding is that this limits your liability for stolen checks/checking account numbers to whatever is in checking. If there is no overdraft, and someone tries to steal a bunch of money they won't be able to get it from your savings accounts.
Re: Securing my accounts, what am I missing?
Yes, I understand the concept.DocInColo wrote: ↑Sun Jan 24, 2021 5:48 pmIt's simple. If I have $2,000 in my checking account and overdraft protection is OFF, the most they are going to get out of my bank is... $2,000. If I have overdraft protection ON, they can get that $2,000, and if they keep writing checks/making debit card purchases, the bank will continue transferring money from my savings accounts to cover those checks/debits until it is caught and stopped, therefore my liability is greater. Sure, you will probably ultimately get the money back that was fraudulently taken out of the account regardless of whether you have overdraft protection on or off, but you can reduce your exposure to only what's in your checking account by not opting for overdraft protection. Without overdraft protection the bank is not going to transfer money from savings to checking to cover debits against the account.palanzo wrote: ↑Sun Jan 24, 2021 5:32 pmDo you have a reference that this reduces your liability?DocInColo wrote: ↑Sun Jan 24, 2021 5:04 pmYes, per my bank, if someone stole my debit card or tried to write a check on my checking account, they would only have access to that and no other accounts (savings, money market, etc) because overdraft is disabled.palanzo wrote: ↑Sun Jan 24, 2021 4:52 pmDo you have a reference for liability limitation with no overdraft?DocInColo wrote: ↑Sun Jan 24, 2021 4:37 pm
I would also add make sure you turn off any sort of overdraft protection on your accounts. My understanding is that this limits your liability for stolen checks/checking account numbers to whatever is in checking. If there is no overdraft, and someone tries to steal a bunch of money they won't be able to get it from your savings accounts.
If you have no checks on your account and lock you debit card, how are you thinking the fraud has been perpetrated?
Also, for Ally Bank you have this:
Ally Bank (Member FDIC) guarantees that you will not be liable for any unauthorized Online or Mobile Banking transaction as long as you report the unauthorized transaction by calling us at 1-877-247-2559 within 60 days from when your statement is made available.
If you make sure you have activity notifications on then you would be aware of the first fraudulent transaction as it happened. One telephone call later Ally has locked you account.
Re: Securing my accounts, what am I missing?
I probably shouldn't have used "liability" because that has multiple meanings. I think its less of an issue for people who are vigilant, but there are still lots of ways your account can be compromised. Fraudulent wire transfers and check fraud come to mind. Even if you've never ordered checks, anyone can print them or order them online as long as they have your routing and account number.palanzo wrote: ↑Sun Jan 24, 2021 5:56 pmYes, I understand the concept.DocInColo wrote: ↑Sun Jan 24, 2021 5:48 pmIt's simple. If I have $2,000 in my checking account and overdraft protection is OFF, the most they are going to get out of my bank is... $2,000. If I have overdraft protection ON, they can get that $2,000, and if they keep writing checks/making debit card purchases, the bank will continue transferring money from my savings accounts to cover those checks/debits until it is caught and stopped, therefore my liability is greater. Sure, you will probably ultimately get the money back that was fraudulently taken out of the account regardless of whether you have overdraft protection on or off, but you can reduce your exposure to only what's in your checking account by not opting for overdraft protection. Without overdraft protection the bank is not going to transfer money from savings to checking to cover debits against the account.palanzo wrote: ↑Sun Jan 24, 2021 5:32 pmDo you have a reference that this reduces your liability?
If you have no checks on your account and lock you debit card, how are you thinking the fraud has been perpetrated?
Also, for Ally Bank you have this:
Ally Bank (Member FDIC) guarantees that you will not be liable for any unauthorized Online or Mobile Banking transaction as long as you report the unauthorized transaction by calling us at 1-877-247-2559 within 60 days from when your statement is made available.
If you make sure you have activity notifications on then you would be aware of the first fraudulent transaction as it happened. One telephone call later Ally has locked you account.
EDIT: and even if you get the money back in the end, most banks don't do it instantaneously so you are potentially tying up a lot of your cash while it gets sorted out.
- JamalJones
- Posts: 247
- Joined: Sat May 28, 2016 12:53 pm
- Location: Virgo Super Cluster
Re: Securing my accounts, what am I missing?
Get a privacy.com account and download the app for your phone.
They’re used as debit cards (not credit cards). So what you do, is create a new virtual card for each account you have (they don’t actually give you physical cards). For example, you could have one just for online shopping, another for Uber/Lyft, another one for streaming services, etc. You can use those with whatever vendor you choose. Then probably when (not if) they get hacked and those numbers possibly get out, they won’t be able to use it any other place. Because it’s locked to that vendor. You can also set up a spending limit for each card and delete them or pause them as well. Both of which will not allow the card to be used.
I had a situation where I used a privacy.com card for the purchase some water filters from this company. Well somehow that card information got out and someone tried, like seven times, to charge that particular card and they were all declined. They sent you an email notification. I didn’t need to do anything, no phone calls, no “pausing”... it’s a pretty nice service!
And you can create as many cards as you’d like, and it’s completely free to use! Privacy.com makes money via the ACH transfers.
Check it out!
TSP + Vanguard + Fidelity CMA: 80% equities / 20% bonds | "I don't shine shoes, I don’t tape ankles, I don't cut checks - straight cash homie!!" --R. Moss | Winner 2021 Hedge Fund Contest
-
- Posts: 2351
- Joined: Tue Mar 05, 2019 9:29 pm
- Location: Colorado
Re: Securing my accounts, what am I missing?
Your biggest risk with your email account is account takeover. I put far more faith in a locked-down Google account than any other provider.palanzo wrote: ↑Sun Jan 24, 2021 4:46 pmA agree with you about Gmail. However, given that Vanguard is now not able to send SMS to GV, I am thinking of using protonmail. They have promised Yubikeys and in the meantime I can use an authenticator app. That way I avoid Google altogether.HawkeyePierce wrote: ↑Sat Jan 23, 2021 1:08 pm Use a password manager.
Your biggest risk at the moment is that you haven't taken steps to avoid phishing attacks. A password manager helps with that if you use its browser extension autofill feature. Go download 1Password today.
You should also lock down your email account. If you're using Gmail, go order a couple Yubikeys. Register both with Google and disable SMS and authenticator codes as 2FA—use only Yubikeys to access your email accounts. Keep one with your computer and put the other in a safe place.
There's no need to avoid bank or finance apps on an iPhone. Those are more secure than your computer as they can't be phished.
Also agree about no need to voice bank or finance apps on an iPhone. I'm not sure why the OP is concerned about that.
-
- Posts: 2351
- Joined: Tue Mar 05, 2019 9:29 pm
- Location: Colorado
Re: Securing my accounts, what am I missing?
Much easier to just use a credit card instead of jumping through all those hoops.JamalJones wrote: ↑Sun Jan 24, 2021 6:23 pmGet a privacy.com account and download the app for your phone.
They’re used as debit cards (not credit cards). So what you do, is create a new virtual card for each account you have (they don’t actually give you physical cards). For example, you could have one just for online shopping, another for Uber/Lyft, another one for streaming services, etc. You can use those with whatever vendor you choose. Then probably when (not if) they get hacked and those numbers possibly get out, they won’t be able to use it any other place. Because it’s locked to that vendor. You can also set up a spending limit for each card and delete them or pause them as well. Both of which will not allow the card to be used.
I had a situation where I used a privacy.com card for the purchase some water filters from this company. Well somehow that card information got out and someone tried, like seven times, to charge that particular card and they were all declined. They sent you an email notification. I didn’t need to do anything, no phone calls, no “pausing”... it’s a pretty nice service!
And you can create as many cards as you’d like, and it’s completely free to use! Privacy.com makes money via the ACH transfers.
Check it out!
- JamalJones
- Posts: 247
- Joined: Sat May 28, 2016 12:53 pm
- Location: Virgo Super Cluster
Re: Securing my accounts, what am I missing?
What “hoops” are you referring to, sport?HawkeyePierce wrote: ↑Sun Jan 24, 2021 7:13 pmMuch easier to just use a credit card instead of jumping through all those hoops.JamalJones wrote: ↑Sun Jan 24, 2021 6:23 pmGet a privacy.com account and download the app for your phone.
They’re used as debit cards (not credit cards). So what you do, is create a new virtual card for each account you have (they don’t actually give you physical cards). For example, you could have one just for online shopping, another for Uber/Lyft, another one for streaming services, etc. You can use those with whatever vendor you choose. Then probably when (not if) they get hacked and those numbers possibly get out, they won’t be able to use it any other place. Because it’s locked to that vendor. You can also set up a spending limit for each card and delete them or pause them as well. Both of which will not allow the card to be used.
I had a situation where I used a privacy.com card for the purchase some water filters from this company. Well somehow that card information got out and someone tried, like seven times, to charge that particular card and they were all declined. They sent you an email notification. I didn’t need to do anything, no phone calls, no “pausing”... it’s a pretty nice service!
And you can create as many cards as you’d like, and it’s completely free to use! Privacy.com makes money via the ACH transfers.
Check it out!
TSP + Vanguard + Fidelity CMA: 80% equities / 20% bonds | "I don't shine shoes, I don’t tape ankles, I don't cut checks - straight cash homie!!" --R. Moss | Winner 2021 Hedge Fund Contest
Re: Securing my accounts, what am I missing?
Just use Apple Pay and/or Apple Card.JamalJones wrote: ↑Sun Jan 24, 2021 6:23 pmGet a privacy.com account and download the app for your phone.
They’re used as debit cards (not credit cards). So what you do, is create a new virtual card for each account you have (they don’t actually give you physical cards). For example, you could have one just for online shopping, another for Uber/Lyft, another one for streaming services, etc. You can use those with whatever vendor you choose. Then probably when (not if) they get hacked and those numbers possibly get out, they won’t be able to use it any other place. Because it’s locked to that vendor. You can also set up a spending limit for each card and delete them or pause them as well. Both of which will not allow the card to be used.
I had a situation where I used a privacy.com card for the purchase some water filters from this company. Well somehow that card information got out and someone tried, like seven times, to charge that particular card and they were all declined. They sent you an email notification. I didn’t need to do anything, no phone calls, no “pausing”... it’s a pretty nice service!
And you can create as many cards as you’d like, and it’s completely free to use! Privacy.com makes money via the ACH transfers.
Check it out!
- JamalJones
- Posts: 247
- Joined: Sat May 28, 2016 12:53 pm
- Location: Virgo Super Cluster
Re: Securing my accounts, what am I missing?
I use that too.palanzo wrote: ↑Sun Jan 24, 2021 7:47 pmJust use Apple Pay and/or Apple Card.JamalJones wrote: ↑Sun Jan 24, 2021 6:23 pmGet a privacy.com account and download the app for your phone.
They’re used as debit cards (not credit cards). So what you do, is create a new virtual card for each account you have (they don’t actually give you physical cards). For example, you could have one just for online shopping, another for Uber/Lyft, another one for streaming services, etc. You can use those with whatever vendor you choose. Then probably when (not if) they get hacked and those numbers possibly get out, they won’t be able to use it any other place. Because it’s locked to that vendor. You can also set up a spending limit for each card and delete them or pause them as well. Both of which will not allow the card to be used.
I had a situation where I used a privacy.com card for the purchase some water filters from this company. Well somehow that card information got out and someone tried, like seven times, to charge that particular card and they were all declined. They sent you an email notification. I didn’t need to do anything, no phone calls, no “pausing”... it’s a pretty nice service!
And you can create as many cards as you’d like, and it’s completely free to use! Privacy.com makes money via the ACH transfers.
Check it out!
TSP + Vanguard + Fidelity CMA: 80% equities / 20% bonds | "I don't shine shoes, I don’t tape ankles, I don't cut checks - straight cash homie!!" --R. Moss | Winner 2021 Hedge Fund Contest
Re: Securing my accounts, what am I missing?
after suggestions of 1password, I signed up.
one problem is that 1password generate 20 chars. I can't find a way to customize.
many sites dont' take 20 chars. what's worse is that some site silently takes it and then when you sign in, the password will be incorrect.
anyone knows how to customize length of generated password?
one problem is that 1password generate 20 chars. I can't find a way to customize.
many sites dont' take 20 chars. what's worse is that some site silently takes it and then when you sign in, the password will be incorrect.
anyone knows how to customize length of generated password?
Re: Securing my accounts, what am I missing?
I used to think that too. I was wrong.
If you want the ultimate in secure email, use Gmail and sign up for the Advanced Protection Program.
Re: Securing my accounts, what am I missing?
I use Dashlane to store over 600 randomly generated 10-character passwords. This is their answer to the "what if they get hacked" question: "Dashlane does not store your Master Password anywhere on our servers, and it is never transmitted over the internet. That means the key to your castle cannot be taken from you and your encrypted data stored on our servers is useless to hackers." Of course this means you must NEVER forget your master password, because you and you alone know it. Although it would only mean that you would have to say you lost your password for each site you access and have them send you a reset link. An inconvenience, not as bad as forgetting your bitcoin password!palanzo wrote: ↑Sun Jan 24, 2021 4:49 pmGood ideas both. Also many people mistakenly believe that 1Password has to use the cloud. This is not the case.Tejfyy wrote: ↑Sun Jan 24, 2021 4:01 amI use an offline password manager (it's on the device not in the cloud). The thing about them is that you can generate pass phrases, strings you'd never be able to remember. I also use it to generate usernames on accounts, which again are unique strings of characters.HawkeyePierce wrote: ↑Sat Jan 23, 2021 8:16 pmIt's not. A password manager reduces risk by ensuring you use unique passwords and reducing the chances you get phished.
Password managers are very safe.
This is the opinion of every information security expert in the industry. Ignore their advice at your own peril.
Re: Securing my accounts, what am I missing?
It's right there on the screen when you say generate password. Are you sure you are using 1Password?RJ2010 wrote: ↑Mon Jan 25, 2021 5:54 pm after suggestions of 1password, I signed up.
one problem is that 1password generate 20 chars. I can't find a way to customize.
many sites dont' take 20 chars. what's worse is that some site silently takes it and then when you sign in, the password will be incorrect.
anyone knows how to customize length of generated password?
Re: Securing my accounts, what am I missing?
Sure. You can do that with 1Password too. All depends on how strong your master password is. You can do a lot with a GPU.JaneyLH wrote: ↑Mon Jan 25, 2021 6:43 pmI use Dashlane to store over 600 randomly generated 10-character passwords. This is their answer to the "what if they get hacked" question: "Dashlane does not store your Master Password anywhere on our servers, and it is never transmitted over the internet. That means the key to your castle cannot be taken from you and your encrypted data stored on our servers is useless to hackers." Of course this means you must NEVER forget your master password, because you and you alone know it. Although it would only mean that you would have to say you lost your password for each site you access and have them send you a reset link. An inconvenience, not as bad as forgetting your bitcoin password!palanzo wrote: ↑Sun Jan 24, 2021 4:49 pmGood ideas both. Also many people mistakenly believe that 1Password has to use the cloud. This is not the case.Tejfyy wrote: ↑Sun Jan 24, 2021 4:01 amI use an offline password manager (it's on the device not in the cloud). The thing about them is that you can generate pass phrases, strings you'd never be able to remember. I also use it to generate usernames on accounts, which again are unique strings of characters.HawkeyePierce wrote: ↑Sat Jan 23, 2021 8:16 pmIt's not. A password manager reduces risk by ensuring you use unique passwords and reducing the chances you get phished.
Password managers are very safe.
This is the opinion of every information security expert in the industry. Ignore their advice at your own peril.
Re: Securing my accounts, what am I missing?
I'm using Edge (which is based on Chrome) browser extension. When offering to generate password, it defaults 20 chars. you can't customize it. Apparently, there is a web version that you have to manually use and generate. https://1password.com/password-generator/ allows you to specify if you want symbols and how long. it even allows you to use whole wordspalanzo wrote: ↑Mon Jan 25, 2021 7:24 pmIt's right there on the screen when you say generate password. Are you sure you are using 1Password?RJ2010 wrote: ↑Mon Jan 25, 2021 5:54 pm after suggestions of 1password, I signed up.
one problem is that 1password generate 20 chars. I can't find a way to customize.
many sites dont' take 20 chars. what's worse is that some site silently takes it and then when you sign in, the password will be incorrect.
anyone knows how to customize length of generated password?
Re: Securing my accounts, what am I missing?
Are you on a PC or a Mac? On the Mac you can customize it to your heart's content. No web version required.RJ2010 wrote: ↑Mon Jan 25, 2021 10:34 pmI'm using Edge (which is based on Chrome) browser extension. When offering to generate password, it defaults 20 chars. you can't customize it. Apparently, there is a web version that you have to manually use and generate. https://1password.com/password-generator/ allows you to specify if you want symbols and how long. it even allows you to use whole wordspalanzo wrote: ↑Mon Jan 25, 2021 7:24 pmIt's right there on the screen when you say generate password. Are you sure you are using 1Password?RJ2010 wrote: ↑Mon Jan 25, 2021 5:54 pm after suggestions of 1password, I signed up.
one problem is that 1password generate 20 chars. I can't find a way to customize.
many sites dont' take 20 chars. what's worse is that some site silently takes it and then when you sign in, the password will be incorrect.
anyone knows how to customize length of generated password?
Re: Securing my accounts, what am I missing?
I'm on PC. OK, figured it out. You have to click on the + sign to get it to customize. Thank you for your persistence of pointing this outpalanzo wrote: ↑Tue Jan 26, 2021 12:40 amAre you on a PC or a Mac? On the Mac you can customize it to your heart's content. No web version required.RJ2010 wrote: ↑Mon Jan 25, 2021 10:34 pmI'm using Edge (which is based on Chrome) browser extension. When offering to generate password, it defaults 20 chars. you can't customize it. Apparently, there is a web version that you have to manually use and generate. https://1password.com/password-generator/ allows you to specify if you want symbols and how long. it even allows you to use whole wordspalanzo wrote: ↑Mon Jan 25, 2021 7:24 pmIt's right there on the screen when you say generate password. Are you sure you are using 1Password?RJ2010 wrote: ↑Mon Jan 25, 2021 5:54 pm after suggestions of 1password, I signed up.
one problem is that 1password generate 20 chars. I can't find a way to customize.
many sites dont' take 20 chars. what's worse is that some site silently takes it and then when you sign in, the password will be incorrect.
anyone knows how to customize length of generated password?
Re: Securing my accounts, what am I missing?
You're welcome.RJ2010 wrote: ↑Tue Jan 26, 2021 10:57 amI'm on PC. OK, figured it out. You have to click on the + sign to get it to customize. Thank you for your persistence of pointing this outpalanzo wrote: ↑Tue Jan 26, 2021 12:40 amAre you on a PC or a Mac? On the Mac you can customize it to your heart's content. No web version required.RJ2010 wrote: ↑Mon Jan 25, 2021 10:34 pmI'm using Edge (which is based on Chrome) browser extension. When offering to generate password, it defaults 20 chars. you can't customize it. Apparently, there is a web version that you have to manually use and generate. https://1password.com/password-generator/ allows you to specify if you want symbols and how long. it even allows you to use whole wordspalanzo wrote: ↑Mon Jan 25, 2021 7:24 pmIt's right there on the screen when you say generate password. Are you sure you are using 1Password?RJ2010 wrote: ↑Mon Jan 25, 2021 5:54 pm after suggestions of 1password, I signed up.
one problem is that 1password generate 20 chars. I can't find a way to customize.
many sites dont' take 20 chars. what's worse is that some site silently takes it and then when you sign in, the password will be incorrect.
anyone knows how to customize length of generated password?