I'm trying to see if anyone here knows better than the guy I just talked to, but here's my situation: I don't like Vanguard's security (for reasons already much-discussed on this forum) and want to put up some roadblocks to taking out money (as my VG accounts are for long-term investing - I don't need fast access to withdraw funds). I worry that while I'm on a remote trip and offline for a week, someone could gain access, switch my bank details, and start unloading money, or something to that effect. It's kind of unlikely but it's one of those things where even a small chance at such a hugely negative outcome is quite scary.
My thought was that I could maybe set up something like this: (1) force a 30-day wait and immediate notification on any attempt to remove money from VG to any bank account - thus, the worst someone who got access could do is buy/sell stuff within VG, or (2) make any withdrawal to a bank account be done with writing - still allowing me to add funds to VG or rebalance within VG, but maybe adding a layer of security for removing funds. Those were both really just my first-pass ideas - my hope was that someone on the phone could give me an existing protocol for people wanting to do something similar.
Instead, the options they gave me were, as I understood them, roughly as follows: (1) disable all online access so that only phone or written orders could be placed - this is a huge pain in terms of checking on the account balances, adding more funds, rebalancing, etc... and really doesn't add a layer of security as far as I can tell (it just removes one access point - someone could conceivably still spoof me by voice or mail), or (2) disable all phone orders - again, same problem: this still adds no layer of protection, it just eliminates one week point in the chain (which could be the wrong one). Both of these lack any kind of time delay, which seems crucial to me.
Maybe I'm asking too much, or maybe the guy I talked to didn't know of other options. Does anyone here have experience/ideas that might help? Am I being unreasonable? Or am I focused on the wrong kind of security? Do they have options he didn't mention or that I misunderstood? Do either of his presented options seem like a good first step?
"In the absence of clarity, diversification is the only logical strategy" -= Larry Swedroe