TMC is an independent, primarily volunteer organization that relies on ad revenue to cover its operating costs. Please consider whitelisting TMC on your ad blocker or making a Paypal contribution here: paypal.me/SupportTMC

Securing investment accounts

Discussion in 'TSLA Investor Discussions' started by anticitizen13.7, Mar 28, 2014.

  1. anticitizen13.7

    anticitizen13.7 Enemy of the Status Quo

    Joined:
    Dec 22, 2012
    Messages:
    2,551
    Location:
    United States
    I saw in one of the short-term threads that a security researcher warned that Model S was not secure enough over Internet. One response was that brokerage accounts are also one password away from being compromised.

    I'm sure many people have brokerage and retirement accounts that are worth much more than their car. What are good ways to ensure the security of those accounts?

    Keeping software and antivirus up to date are the obvious steps to take. However, I think it's a given that large software systems are going to have security bugs. The only thing I can think of is to constantly monitor accounts for unusual activity.
     
  2. EarlyAdopter

    EarlyAdopter Active Member

    Joined:
    Jun 24, 2012
    Messages:
    2,497
    Location:
    Redmond, WA
    Use a strong password - at least 8 characters long, combination of upper case, lower case, special characters (punctuation), and numbers. AND, this is important, make sure it isn't one you use on any other site. It needs to be unique to your brokerage account.

    Also, enable trade-confirmations via email and SMS text message if your broker offers it. Most likely you don't have large amounts of cash sitting in your investment accounts - most is hopefully in stocks, ETFs, mutual funds, bonds, etc - so anyone that got in and wanted to transfer out any money would first have to sell some funds, which would trigger an email/SMS to you giving you some notification something was up.

    Also, most brokerages require additional verification for large withdrawals and transfers, so even if someone got in through a password guess alone it's unlikely they could get any money out without knowing a lot more about you.
     
  3. 40percent

    40percent Member

    Joined:
    Nov 13, 2013
    Messages:
    18
    Location:
    Whitmore, CA
    I recommend using 1Password. It's a great password management tool. I remembers all your passwords and logs in for you. It automatically generates really strong passwords so every account can have a different password that looks something like this: [email protected],C[udF@[email protected]^67A2JR42U.vjwRYr

    I use 1Password to store all my credentials, secure documents, digital images of passports, licenses etc. It has all my credit card info, bank info etc.

    You only have to remember the 1 password to get into the tool and it does the rest for you. They have clients for Mac, Windows, iOS devices and Android.

    https://agilebits.com
     
  4. Incredulocious

    Incredulocious '11 LEAF –> '13 RAV4 EV

    Joined:
    Mar 31, 2012
    Messages:
    132
    Location:
    Santa Cruz, CA
    #4 Incredulocious, Mar 28, 2014
    Last edited: Mar 28, 2014
    If you think about it, this rather defeats the purpose of having different and super-complex passwords for everything if it's all unlocked with one. Super-convenient for you, and anyone else who manages to get in.

    This functionality (auto-generated and/or retained/entered for you) is now built-in to the Mac OS and iOS. Very convenient for miscellaneous non-critical online accounts, forums, stores, etc. but I recommend never using any such system for things that you *really* don't want anyone else in, like financial accounts. I think it's worth keeping such critical logins only in your head. (Though I do also keep an encrypted file that has just enough of each password to jog my memory in case I find myself struggling to remember.)
     
  5. SebastianR

    SebastianR Member

    Joined:
    Feb 8, 2013
    Messages:
    464
    Location:
    Denmark
    On Password Security and Password Strength, I highly recommend this XKCD here:
    https://xkcd.com/936/

    Don't be fooled by the comic style explanation, Randall Munroe knows a thing or two about math...

    Aside from that, yes, use 2 factor authentication where possible, make sure that your email account is with a secure provider (most of the time hacks don't happen directly but target your email account at which point you are down to a 'reset password' level of complexity for taking over your account).
     
  6. Chickenlittle

    Chickenlittle Active Member

    Joined:
    Sep 10, 2013
    Messages:
    1,665
    Location:
    Virginia
    I take it very seriously. strong passwords and a separate computer that is used for nothing else. does not go over the web, etc. my brokerage will not wire any funds without confirmation as well. one thing that does bother me is the brokerage uses security questions tat are crazy. everyone in my family knows my mothers maiden name etc. I will frequently setp false answers their questions to avoid people knowing me well enough to get in on their questions. paranoid....yes I am.
     
  7. AndreN

    AndreN Member

    Joined:
    Feb 22, 2012
    Messages:
    94
    Location:
    Redmond, WA
    I have an E*TRADE account, and they sent me a keychain dongle that spits out a new 6-digit code every minute. The only way to log into my account is with my password with the current 6-digit number the dongle shows added onto that. Even if someone was keylogging my PC they'd have only seconds to enter the same password+digits to log in.
     
  8. smorgasbord

    smorgasbord Active Member

    Joined:
    Jun 3, 2011
    Messages:
    2,379
    Location:
    SF Bay Area
    And this is what all famous people do for their accounts as well. Except Sarah Palin didn't quite understand that in time...
     
  9. Mitthrawnuruodo

    Joined:
    Jun 10, 2013
    Messages:
    114
    Location:
    California

    Good thread guys. I am really impressed at E-Trades ability to do this, just like in corporate remote security. I don't think tradeking has this but I would request it in a heartbeat. I used this website to create new passwords a while ago: How Secure Is My Password?. I mixed some latin and numbers together that I can remember easily and got it to 23 trillion years.
     
  10. Causalien

    Causalien Reaper of Trolls

    Joined:
    Nov 19, 2012
    Messages:
    1,443
    Location:
    Canada
    I use a mental encryption scheme for now. But plan on writing a GUI program to automated it. 1Password's failure point is that 1Password could be compromised, and a trojan can gain access to your 1Password runtime. When securing small fortune 1Password is enough, but I think above 50k, the hacker has an incentive to break your defenses.
     
  11. Mario Kadastik

    Mario Kadastik Active Member

    Joined:
    Sep 5, 2013
    Messages:
    2,045
    Location:
    Rae, Harjumaa, Estonia
    I too recommend that people not stick to the old crappy minimum 8 characters scheme. Even with addition of symbols and numbers the passwords are way too easy to offline hack. A sample: Pa5sW)%$ takes an average PC ~3 days to crack. Using just a couple of words: "Keep my dough secure" yields 83 quintillion years. Of course using plain words may yield dictionary attacks, but it's still a few orders of magnitude more secure. Going outside the english language immediately increases the security by a few orders of magnitude. A simple google translate would be enough, but you'd have to remember it too ;) Also those passwords are easier to type and remember and are also more tablet etc friendly.
     
  12. anticitizen13.7

    anticitizen13.7 Enemy of the Status Quo

    Joined:
    Dec 22, 2012
    Messages:
    2,551
    Location:
    United States
    Great to read everyone's perspectives!

    How do you avoid the web to access your brokerage online? Or do you mean not using websites other than financial ones? I access my brokerage via a web page.

    I've seen people access via iPad app. That's the only thing I can think of to avoid the web.

    I've seen people use those code generators for VPN'ing into their workplace. Anyone know what other brokerages use this?

    I really only have 1 low-tech idea to add, about one thing to do if one's account is hacked: if your financial institution has physical/brick&mortar offices nearby, go there with passport/ID and have everything reset in person.

    Also, knowing someone at the institution could help, but turnover at banks and brokerages can be high. Many people don't go to the bank often enough to know a person there.
     
  13. Chickenlittle

    Chickenlittle Active Member

    Joined:
    Sep 10, 2013
    Messages:
    1,665
    Location:
    Virginia
    What I mean is that a single computer with only destinations on the web are my broker accounts. All research and browsing done on another computer. I don't even have e mail on it. We actually have 3 computers. The one I mention above, the second level security one that we access our banking email and bill paying on and a third I will browse on without fear.
     

Share This Page