Author Topic: Security of your finances  (Read 3512 times)

RyanAtTanagra

  • Handlebar Stache
  • *****
  • Posts: 1139
  • Location: SF Bay, CA
Security of your finances
« on: January 05, 2015, 12:16:11 PM »
Not financial security in the normal sense.  I'm curious what you do to protect yourself from fraud/theft.

I've never been victim of identity theft but a long time ago I did make enemies with the wrong people online and had my utilities/phone disconnected and then my apartment swatted in the middle of the night.  Not fun.  I keep a lower profile now but it did make me aware of how easy it is to piss off the wrong person (or just catch the attention of someone that's bored), who can then cause you a lot of problems.  Now that I'm started to accumulate assets I'm thinking of what steps I can do to protect myself, or in the least make sure I can recover quickly.

What do you guys do to protect your assets from 3rd parties?

FeynmanFan

  • Guest
Re: Security of your finances
« Reply #1 on: January 05, 2015, 12:20:28 PM »
Sig Sauer.

RyanAtTanagra

  • Handlebar Stache
  • *****
  • Posts: 1139
  • Location: SF Bay, CA
Re: Security of your finances
« Reply #2 on: January 05, 2015, 12:28:00 PM »
Sig Sauer.

Haha.  Ok yea I should have clarified.  Assets invested/banked at institutions.  Not your physical assets.  Protection against someone wiping out your accounts.  For example, calling up vanguard posing as you to get access to your accounts and then transferring everything out.

GizmoTX

  • Handlebar Stache
  • *****
  • Posts: 1397
Re: Security of your finances
« Reply #3 on: January 05, 2015, 12:58:44 PM »
Vanguard & most banks are pretty stringent about account access. You have to be calling from a known phone number that you register in advance, i.e. your home, cell, etc. You have to know your account number, SSN, & answers to various security questions that you set up. Obviously you need to record this info yourself in a safe place, preferably strongly encrypted. If you use online access, do it from a trusted computer using private internet & make sure you set a very strong password, preferably unique to that site, & change it periodically.

Get a crosscut shredder & use it whenever you discard anything with sensitive information.
« Last Edit: January 05, 2015, 01:00:31 PM by GizmoTX »

frugaliknowit

  • Handlebar Stache
  • *****
  • Posts: 1671
Re: Security of your finances
« Reply #4 on: January 05, 2015, 01:01:52 PM »
1.  Strong passwords
2.  I do not do any banking/investing transactions or queries unless it is a cabled internet line I trust (like my own, a good friend's house or work).  No wireless of any kind and certainly no coffee shop or hotel wifi.

ADK_Junkie

  • 5 O'Clock Shadow
  • *
  • Posts: 47
Re: Security of your finances
« Reply #5 on: January 05, 2015, 02:29:05 PM »
Sometimes diversity in banks and brokerages is a good idea. 

Right now my assets are fairly scattered, but I plan on bringing this down to 2 or 3 firms by the time I reach FIRE. 

Separately, I think credit monitoring fees are pretty reasonable (say $10-$20/month) for peace of mind.  Personally, I'm a finance guy, so rarely a few days go by without me checking every credit card and banking account I have.  Staying on top of things can help hugely in the event of fraud.

ysette9

  • Walrus Stache
  • *******
  • Posts: 5405
  • Location: Bay Area, CA
    • Insert Snappy Title Here (Journal)
Re: Security of your finances
« Reply #6 on: January 05, 2015, 02:42:59 PM »
I use two-step authentication everywhere I can. I also get text messages for all cash movement over a certain amount so I know when our paychecks hit, when the rent gets paid, etc. That helps me stay on top of things without logging into my accounts every day. I use USAA for almost everything in my financial life and have been very happy with their online security options.

Spork

  • Walrus Stache
  • *******
  • Posts: 5753
    • Spork In The Eye
Re: Security of your finances
« Reply #7 on: January 05, 2015, 03:13:43 PM »
Good advice so far...  I'll add a few...

* use long, random passwords -- and some sort of password manager.  Do not reuse the same passwords.  (I use a script that generates 16 character randoms with upper/lower/numeric/special characters.)
* don't store your passwords in clear text.  Don't let your browser (or ANY program) store the userid/password.  Keep it in a password manager and copy/paste it in manually.
* don't use the same user name if you can help it
* don't use the same email address on any 2 sites if you can help it.  (I use a combo of special_user@mydomain.com and I use sneakemail.)  If an email address gets leaked - delete it and create a new one.
* I use an entirely different browser instance for anything financial.  Probably all of them do this, but if you're using firefox, you can use the profile manager and create a second profile.
* This sounds like a Luddite but... RESIST the urge to tie everything together all automatically.  Don't let some program automatically log into your account and fetch the transactions.  And for god sake: Don't let a third party web site login and do it.  Lots of people will hate this.  They want to use Mint or some other cool app... but a primary security philosophy is "least access".
* all those password reminder questions.... Lie.  Lie.  Lie.  Lie and write down the question/answer in your encrypted password manager.  "Q:What's your mother's maiden name?"  "A:Dilitheum Crystals"   "Q:What's your first pet's name?"  "A: A mongoose ate my parrot"   These password recovery questions are terrible things that use common knowledge.
* It should be common sense, but: keep your systems updated.  If you're using Windows XP (or Centos 4, for that matter) you're doing it wrong.  Use an OS that is up-to-date.
* I generally think Linux is better...  but...  use what you understand best.  A poorly updated Linux box run by someone that set it up poorly is much worse than a well updated, reasonably installed Windows box.
* Privilege separation!  You should never run anything with administrative privileges unless you have to.  And then, it should prompt you to enter your (long and complex) password.  ...and then it should drop admin privs as soon as it can.
* backups.  Since you've got impossible to remember passwords and password reset questions... you'd better have a backup.  Even better to keep one somewhere outside of your house.  (Trusted friend, safe deposit box, etc.)

RyanAtTanagra

  • Handlebar Stache
  • *****
  • Posts: 1139
  • Location: SF Bay, CA
Re: Security of your finances
« Reply #8 on: January 05, 2015, 03:18:03 PM »
Thanks for the replies so far.  From a technical security standpoint I'm comfortable.  I use 2-factor authentication with a unique password.  My browsers never save logins, etc.

I don't do paper anything, and shred what little does come my way, so not worried about identity theft in that manner.

As far as 'someone has to know your account number, SSN, and security questions'.  That's how my cell phone got shut off, they knew all 3 of those.  Since I've had it happen to me, social engineering is my biggest concern and the biggest hole I see (the whole human factor being the weakest thing).  Security questions tend to be horrible public/widespread knowledge items, like your elementary school and mothers maiden name (or horrible, changing ones like 'your favorite actor').  I'll have to review what I have set up and see if I can create custom ones.  The suggestion to make up fake answers and writing them down is good, as well.  I've done this for sites in my password manager, but I don't have my financial sites in the password manager so haven't really thought to do it there.

I've thought about distributing across multiple institutions, since everything banking and investing is at one right now.  Glad someone else does this, I won't feel overly paranoid if I go that way ;-)

Good idea on the text alerts for transactions over a dollar amount.  I'll see if that's an option.