How secure are you?

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities

How secure are you? (check any or all)

I check my account at least once per month
152
30%
I have a strong and unique username
82
16%
I don't share my password with anyone, not even my spouse
88
18%
My spouse does not share his/her password with me
40
8%
I use up-to-date anti-virus, anti-spyware, and firewall software.
139
28%
 
Total votes : 501

Re: How secure are you?

Postby RTR2006 » Wed Nov 21, 2012 11:33 pm

Our accounts are not with Vanguard, and I maintain stock DRIP accounts that my wife should have access to in case of my demise, and I doubt she'd even know who to call if I dropped dead tomorrow. Why make things harder on her? I was simply responding to the op with the opinion that sharing passwords with a spouse is not necessarily quantitatively a risk.

RTR
RTR2006
 
Posts: 753
Joined: 24 May 2007
Location: Near SF...

Re: How secure are you?

Postby lightheir » Thu Nov 22, 2012 12:04 am

I'm not planning on dropping dead anytime soon, but it does make it easy to pass along info if you're a big Keepass user - you just make a "special" backup copy of the database and the program installation .exe on a USB, make up a password that is comprised of information only she would specifically know (like special trip details you did with her on certain vacations), and store the USB somewhere safe but yet accessible, like a safety deposit box. My wife isn't a keepass user and definitely not particularly computer savvy, but even if she can't figure it out, she can get a friend to help if needed to get the key information in there to access all my/her accounts. (I do keep it as organized as possible, which is pretty easy.) Yet another reason to love Keepass.
lightheir
 
Posts: 1238
Joined: 4 Oct 2011

Re: Sharing info with Spouse

Postby celia » Thu Nov 22, 2012 12:51 am

RTR2006 wrote:I don't see a "yes" answer to this as being any sort of security concern. I have everything written down - everything - including the log-in info on my Windows machine at home so if anything happens to me my wife can get into my/our account. Do you really think that if I drop dead I want my wife to turn on the computer in her state of despair and see a picture of a golf club or slice of pizza or my first dog or my favorite rock group from the 60s logo or whatever, and not know how to get into my account to be able to access our retirement accounts?

How secure am I? How secure are we all? But maybe more important, how secure are your heirs if you drop dead tonight?

RTR

Forget about dropping dead tonight. It is far more likely that your computer and the paper with your passwords would be stolen while you are away from home tomorrow. Then what?


Dying is the easy part. It's also easy for your spouse to then call up Vanguard and ask them what he/she should do. It's not so easy to clean up fraud/identity theft problems after you were careless.
User avatar
celia
 
Posts: 1599
Joined: 9 Mar 2008
Location: SoCal

Re: How secure are you?

Postby celia » Thu Nov 22, 2012 1:04 am

The topic of sharing your password with your spouse was discussed in Giving Vanguard password to spouse is a financial risk. If you don't want to read the whole thread, at least read the third page.
User avatar
celia
 
Posts: 1599
Joined: 9 Mar 2008
Location: SoCal

Re: How secure are you?

Postby Sunny Sarkar » Thu Nov 22, 2012 11:42 am

Vanguard wrote:Your Vanguard.com password should not be:
Written down or stored on your computer.
https://personal.vanguard.com/us/help/S ... ontent.jsp

LastPass wrote:we store your encrypted data on your local PC when you login, so that if LastPass.com can't be reached, you can still login to the add-on and get to your accounts.
https://lastpass.com/whylastpass_technology.php

Does using LastPass thus violate Vanguard security policy, since LastPass stores passwords locally (albeit highly encrypted)?
“Our life is frittered away by detail. Simplify, simplify.” ― Henry David Thoreau
User avatar
Sunny Sarkar
 
Posts: 2195
Joined: 2 Mar 2007
Location: Flower Mound, TX

Re: Sharing info with Spouse

Postby tadamsmar » Fri Nov 23, 2012 3:50 pm

RTR2006 wrote:Do you really think that if I drop dead I want my wife to turn on the computer in her state of despair and see a picture of a golf club or slice of pizza or my first dog or my favorite rock group from the 60s logo or whatever, and not know how to get into my account to be able to access our retirement accounts?


No, what I really think is that people like you should make sure your spouse knows what to do if you drop dead, see this link:

https://retirementplans.vanguard.com/VG ... +loved+one
User avatar
tadamsmar
 
Posts: 5957
Joined: 7 May 2007

Re: How secure are you?

Postby Epsilon Delta » Fri Nov 23, 2012 4:01 pm

RTR2006 wrote:Our accounts are not with Vanguard, and I maintain stock DRIP accounts that my wife should have access to in case of my demise, and I doubt she'd even know who to call if I dropped dead tomorrow. Why make things harder on her? I was simply responding to the op with the opinion that sharing passwords with a spouse is not necessarily quantitatively a risk.

RTR

If you want to make things easier on her, give her the list of people to call. Or get a copy of the appropriate forms and pre-fill them, highlighting the information she will need to add (e.g. date of death) and the documents she will need to provide.

Continuing to operate an account after the owners death is likely to make things harder for your wife.
The SSA publishes a list of the SSN of dead people. Many institutions will check this at some point and freeze accounts associated with those SSN. At that point your wife will have to go through the proper procedures anyway, and may have to answer awkward questions about dead people performing transactions.
User avatar
Epsilon Delta
 
Posts: 3076
Joined: 28 Apr 2011

Re: How secure are you?

Postby tadamsmar » Fri Nov 23, 2012 4:04 pm

lightheir wrote:I'm not planning on dropping dead anytime soon, but it does make it easy to pass along info if you're a big Keepass user - you just make a "special" backup copy of the database and the program installation .exe on a USB, make up a password that is comprised of information only she would specifically know (like special trip details you did with her on certain vacations), and store the USB somewhere safe but yet accessible, like a safety deposit box. My wife isn't a keepass user and definitely not particularly computer savvy, but even if she can't figure it out, she can get a friend to help if needed to get the key information in there to access all my/her accounts. (I do keep it as organized as possible, which is pretty easy.) Yet another reason to love Keepass.


You are nowhere close to keeping things organized as possible because you have not even bothered with the first step: to figure out what your wife is supposed to do and organized things so she can easily do that.
User avatar
tadamsmar
 
Posts: 5957
Joined: 7 May 2007

Re: How secure are you?

Postby lightheir » Fri Nov 23, 2012 10:01 pm

tadamsmar wrote:
lightheir wrote:I'm not planning on dropping dead anytime soon, but it does make it easy to pass along info if you're a big Keepass user - you just make a "special" backup copy of the database and the program installation .exe on a USB, make up a password that is comprised of information only she would specifically know (like special trip details you did with her on certain vacations), and store the USB somewhere safe but yet accessible, like a safety deposit box. My wife isn't a keepass user and definitely not particularly computer savvy, but even if she can't figure it out, she can get a friend to help if needed to get the key information in there to access all my/her accounts. (I do keep it as organized as possible, which is pretty easy.) Yet another reason to love Keepass.


You are nowhere close to keeping things organized as possible because you have not even bothered with the first step: to figure out what your wife is supposed to do and organized things so she can easily do that.


Well, considering she's pretty good at reading, and I've left a pretty clear note attached to the USB drive about how to access the info, I'd say I'm covered. It'll probably take her 20 mins max to figure out how to turn on my computer and log into Keepass (less than 5 minutes most likely.) Almost everything is automated so even if I disappear, almost everything keeps running smoothly and she can take her time to figure out what's what in the interim.
lightheir
 
Posts: 1238
Joined: 4 Oct 2011

Re: How secure are you?

Postby LadyGeek » Fri Nov 23, 2012 11:19 pm

There's a world of difference between reading and doing. Have her try this on her own. If she has a problem (I'm thinking yes), let her make notes in her own words and keep trying until she's successful.

This is the same situation in which everyone says they backup their data on a regular basis. But, how many have actually restored the data? Delete a file and try it now. I'm betting there will be a few questions (for a different thread).
To some, the glass is half full. To others, the glass is half empty. To an engineer, it's twice the size it needs to be.
User avatar
LadyGeek
Site Admin
 
Posts: 15982
Joined: 20 Dec 2008
Location: Philadelphia

Re: How secure are you?

Postby lightheir » Sat Nov 24, 2012 10:06 am

LadyGeek wrote:There's a world of difference between reading and doing. Have her try this on her own. If she has a problem (I'm thinking yes), let her make notes in her own words and keep trying until she's successful.

This is the same situation in which everyone says they backup their data on a regular basis. But, how many have actually restored the data? Delete a file and try it now. I'm betting there will be a few questions (for a different thread).


Yes, have done that. It's very easy to loginto Keepass and then find the subsites - I've shown it to her twice already, but given that she's not a Keepass user herself on a regular basis, she instantly forgets how/what to do unless I write it down explicitly for her (she rarely even uses a computer, favoring her iphone for web browsing.)

The idea of checking your backups as well is a good one - I do it every few months with my Crashplan online archive as well as with my external HD backups (I have 2 local ones.)I've been impressed with how well and smoothly Crashplan has been working - it's has been nearly flawless in its execution of background backups. Especially once that initial big datadump was done, the incremental ones have been effortless - I don't even monitor it.
lightheir
 
Posts: 1238
Joined: 4 Oct 2011

Re: How secure are you?

Postby astrohip » Sun Nov 25, 2012 12:20 am

jebmke wrote:I try to check banks, VG and CCs weekly.

+1. I check all my financial sites every Wednesday. Banks, brokerages, credit cards. I look for anything unexpected. And have found a few things over the years.
astrohip
 
Posts: 132
Joined: 21 Dec 2010
Location: Houston TX

Re: How secure are you?

Postby teacher » Wed Nov 28, 2012 8:39 pm

Very important thread. How often should usernames and/or passwords be changed? I couldn't find mention of that question in the Vanguard site on security.
User avatar
teacher
 
Posts: 670
Joined: 5 Oct 2008
Location: California

Re: How secure are you?

Postby tadamsmar » Thu Nov 29, 2012 9:58 am

lightheir wrote:
tadamsmar wrote:
lightheir wrote:I'm not planning on dropping dead anytime soon, but it does make it easy to pass along info if you're a big Keepass user - you just make a "special" backup copy of the database and the program installation .exe on a USB, make up a password that is comprised of information only she would specifically know (like special trip details you did with her on certain vacations), and store the USB somewhere safe but yet accessible, like a safety deposit box. My wife isn't a keepass user and definitely not particularly computer savvy, but even if she can't figure it out, she can get a friend to help if needed to get the key information in there to access all my/her accounts. (I do keep it as organized as possible, which is pretty easy.) Yet another reason to love Keepass.


You are nowhere close to keeping things organized as possible because you have not even bothered with the first step: to figure out what your wife is supposed to do and organized things so she can easily do that.


Well, considering she's pretty good at reading, and I've left a pretty clear note attached to the USB drive about how to access the info, I'd say I'm covered. It'll probably take her 20 mins max to figure out how to turn on my computer and log into Keepass (less than 5 minutes most likely.) Almost everything is automated so even if I disappear, almost everything keeps running smoothly and she can take her time to figure out what's what in the interim.


Seems your goal is to have your wife inpersonate a dead man. But even measured against that goal, you are not very well organized. You need to avoid news of your death getting around, that news will eventually gum up the works for your wife. You need to see the movie "Bernie" to get some ideas.

I have not considered this approach. Instead, I have organized toward to the goal of my wife avoiding impersonating a dead man and just going through the ordinary process of executing the estate.
User avatar
tadamsmar
 
Posts: 5957
Joined: 7 May 2007

Re: How secure are you?

Postby lightheir » Thu Nov 29, 2012 3:04 pm

Totally disagree that I'm having my wife impersonate me.

The point isn't for her to take over and assume shes me to continue using my accounts - it's for her to access anything shared we need so she can track it and transfer if necessary.


Most of my utilities and other bills default to emailing to me - most of them do not allow multiple email options, and my wife wouldn't want them in her inbox anyway. By having them listed in Keepass, she can find out what's where and make the arrangements to transfer.

Joint bank accounts she already has access to, but she accesses our brokerage and retirement accounts sso rarely that she will def need my records to remind her how to get back in.

She's already listed as the main beneficiary on all financials.

I wish I could get her to actively manage the bills, etc. like I do, but she's not interested, and frankly, it's probably working better with only one cook in the house. About once a year I show her how to use my Keepass, but it's not meant to substitute for my written instructions.

I'm wondering what you think a better solution is to track/mantain all records for a spouse who isn't very interested in the details of bills and accounts.
lightheir
 
Posts: 1238
Joined: 4 Oct 2011

Re: How secure are you?

Postby runthetrails » Thu Nov 29, 2012 6:34 pm

nisiprius wrote:Having finally gotten around to doing the business of cross-authorizing my wife's account and mine, I would say that I think it's a great thing to do--not because of the security issues in telling your spouse your password, but because it is extremely difficult to deal with a spouse's password and it is much easier for your spouse to access your account via your spouse's own username, password, and security questions... meaning better security the sense of security against loss to your heirs due to overlooked, forgotten, or inaccessible accounts.


I agree, and my spouse and I are cross-authorized for our IRAs, but our 401(k)s -- both at VG, apparently are not eligible for spousal authorization. So I'm obliged to log in as her to manage our accounts as a whole.
User avatar
runthetrails
 
Posts: 587
Joined: 5 Jun 2007
Location: Tennessee

Re: How secure are you?

Postby tadamsmar » Sat Dec 01, 2012 5:51 pm

runthetrails wrote:
nisiprius wrote:Having finally gotten around to doing the business of cross-authorizing my wife's account and mine, I would say that I think it's a great thing to do--not because of the security issues in telling your spouse your password, but because it is extremely difficult to deal with a spouse's password and it is much easier for your spouse to access your account via your spouse's own username, password, and security questions... meaning better security the sense of security against loss to your heirs due to overlooked, forgotten, or inaccessible accounts.


I agree, and my spouse and I are cross-authorized for our IRAs, but our 401(k)s -- both at VG, apparently are not eligible for spousal authorization. So I'm obliged to log in as her to manage our accounts as a whole.


It's called Agent Authorization at Vanguard, check the links here:

https://personal.vanguard.com/us/litful ... C&subCat2=

not sure how you and your spouse could not be eligible, assuming the other party (other spouse in your case) is willing to grant agent authorization.
User avatar
tadamsmar
 
Posts: 5957
Joined: 7 May 2007

Re: How secure are you?

Postby tadamsmar » Sat Dec 01, 2012 6:05 pm

lightheir wrote:Totally disagree that I'm having my wife impersonate me.

The point isn't for her to take over and assume shes me to continue using my accounts - it's for her to access anything shared we need so she can track it and transfer if necessary.


Most of my utilities and other bills default to emailing to me - most of them do not allow multiple email options, and my wife wouldn't want them in her inbox anyway. By having them listed in Keepass, she can find out what's where and make the arrangements to transfer.

Joint bank accounts she already has access to, but she accesses our brokerage and retirement accounts sso rarely that she will def need my records to remind her how to get back in.

She's already listed as the main beneficiary on all financials.

I wish I could get her to actively manage the bills, etc. like I do, but she's not interested, and frankly, it's probably working better with only one cook in the house. About once a year I show her how to use my Keepass, but it's not meant to substitute for my written instructions.

I'm wondering what you think a better solution is to track/mantain all records for a spouse who isn't very interested in the details of bills and accounts.


For Vanguard accounts, start here:

https://retirementplans.vanguard.com/VG ... +loved+one

Not sure of the details of all other accounts. I think joint accounts tend to be easier to manage, require less red tape, but not sure about all joint accounts in all states. Of course, it's unusual to have everything in joint accounts because many types of retirement savings accounts don't allow it.

While you are alive, she can use agent authorization if you arrange it.

Having your wife as the sole beneficiary on an account is not the same as having a joint account.
User avatar
tadamsmar
 
Posts: 5957
Joined: 7 May 2007

Re: How secure are you?

Postby tadamsmar » Tue Dec 04, 2012 9:20 am

phillip wrote:
tadamsmar wrote:
phillip wrote:Option 2 should read "I use a strong and unique _password_," no?

Other options should include (at least) the following:
- I use two-factor authentication
- I use non-obvious security questions


No! I meant usename. Read Vanguard's fraud policy linked in the OP.

My poll does not cover everything in the fraud policy.


Usernames are public information. They _must_ be unique. And what does it mean to make them "strong"?

Edit: If you want to measure security accurately, you shouldn't leave out "I use a complex, unique password." It is the most important element on (not on?) the list. And you should probably omit "I use a strong and unique username" because it is inconsequential.


A unique username is one that is not used on some other website:

http://www.google.com/goodtoknow/online ... passwords/

A strong username is one that is hard to guess. Vanguard allows letters and numbers in the username.

Usernames are not really public information in the way that your voter registration is public information, one can't just look it up online. By "public information" I guess you mean it appears on the screen when you log in, in that sense a username is more public than a password.
User avatar
tadamsmar
 
Posts: 5957
Joined: 7 May 2007

Re: How secure are you?

Postby lightheir » Tue Dec 04, 2012 10:12 am

I treat my usernames on my financial websites just like a password. Unique, long, and complex.

I manage all financial logins with Keepass, so there's no extra effort at all required to have complex hard-to guess username on top of password. Makes it a bit tougher for a hacker to crack both if they're both unique with bank-strength complexity. Fortunately, with Keepass, the amount of work required to login with a bank-strength password/username is identical to the work logging on with a simple one.
lightheir
 
Posts: 1238
Joined: 4 Oct 2011

Re: How secure are you?

Postby telemark » Tue Dec 04, 2012 1:49 pm

A bit of personal experience here -- my mother never used the computer and had only a minimal knowledge of my parents' finances. When my father died unexpectedly, we discovered that he kept all his online account and password information in an encrypted database, with a key that only he knew. I will admit that I initially saw this as a problem, but now I think it was a good thing. It kept me from doing anything stupid and forced us to do everything legally and properly.

If you want to provide for your survivors then make a will, name your beneficiaries, and keep good records. Sharing your passwords is no substitute for any of that.
User avatar
telemark
 
Posts: 689
Joined: 11 Aug 2012

Re: How secure are you?

Postby kamo » Wed Dec 05, 2012 8:17 am

Too many usernames and password I have. Every site seems to need them nowadays, and if you only use the site once a month/quarter, then you have to write it down somewhere. And because you have so many you need them frequently and so where you write them down has to be easily and quickly accessed. I guess it's best to have important ones, like for financial accounts, written down on an encrypted doc and the silly ones on a regular (WORD?) doc.
He who knows he has enough is rich. Lao-Tzu
kamo
 
Posts: 54
Joined: 6 Dec 2007

Re: How secure are you?

Postby lightheir » Wed Dec 05, 2012 9:08 pm

kamo wrote:Too many usernames and password I have. Every site seems to need them nowadays, and if you only use the site once a month/quarter, then you have to write it down somewhere. And because you have so many you need them frequently and so where you write them down has to be easily and quickly accessed. I guess it's best to have important ones, like for financial accounts, written down on an encrypted doc and the silly ones on a regular (WORD?) doc.


Just go Keepass. Makes it trivial to have different usernames/pwd's for all financial sites. Me, and a bunch of others on this forum use Keepass (a free download) to manage all financial or sensitive websites and passwords, and then just use more rememberable passwords without keepass for things of low-security importance to keep things streamlined.
lightheir
 
Posts: 1238
Joined: 4 Oct 2011

Previous

Return to Personal Consumer Issues

Who is online

Users browsing this forum: leonard, Yahoo [Bot] and 54 guests