Search found 949 matches

by damjam
Sun Feb 26, 2023 10:56 am
Forum: Personal Consumer Issues
Topic: Can you lock an iphone with hardware security key? [iPhone security discussion]
Replies: 138
Views: 9189

Re: Can you lock an iphone with hardware security key?

jebmke wrote: Sun Feb 26, 2023 10:31 am
damjam wrote: Sun Feb 26, 2023 10:26 am I just assume the phone is not secure and harden access to specific apps.
Same. I use Screentime = 0 on my email and the email address is not linked to my accounts. I don't think anything else on my phone matters. I also shut off all notifications except for text messages - but that is more for peace and quiet.
Thank you for this.
by damjam
Sun Feb 26, 2023 10:26 am
Forum: Personal Consumer Issues
Topic: Can you lock an iphone with hardware security key? [iPhone security discussion]
Replies: 138
Views: 9189

Re: Can you lock an iphone with hardware security key?

The WSJ also posted a video on their Youtube channel yesterday which was done in conjunction with the article that is behind the paywall. https://www.youtube.com/watch?v=QUYODQB_2wQ Lots of good tips in this video that highlight the often overlooked but severe vulnerability introduced by your iPhone passcode. To summarize the problem: 1) thieves (often in groups) are watching you as you enter your passcode in a public place such as a bar 2) thieves steal your phone when you are distracted at the bar or restaurant and enter the passcode 3) thieves immediately change your passcode and iCloud password, locking you out of your iCloud account 4) thieves use passcode to access all of your passwords in the iPhone password keychain 5) thieves use ...
by damjam
Sun Feb 26, 2023 10:04 am
Forum: Personal Consumer Issues
Topic: Can you lock an iphone with hardware security key? [iPhone security discussion]
Replies: 138
Views: 9189

Re: Can you lock an iphone with hardware security key?

The WSJ also posted a video on their Youtube channel yesterday which was done in conjunction with the article that is behind the paywall. https://www.youtube.com/watch?v=QUYODQB_2wQ Lots of good tips in this video that highlight the often overlooked but severe vulnerability introduced by your iPhone passcode. To summarize the problem: 1) thieves (often in groups) are watching you as you enter your passcode in a public place such as a bar 2) thieves steal your phone when you are distracted at the bar or restaurant and enter the passcode 3) thieves immediately change your passcode and iCloud password, locking you out of your iCloud account 4) thieves use passcode to access all of your passwords in the iPhone password keychain 5) thieves use ...
by damjam
Sun Apr 03, 2022 7:40 pm
Forum: Personal Consumer Issues
Topic: Need iphone 13 pro max case suggestions please
Replies: 24
Views: 1953

Re: Need iphone 13 pro max case suggestions please

worthit wrote: Sun Apr 03, 2022 7:17 pm Thanks all. It seems none of these (including otterbox) come with a built in screen protector. Appears that I need to buy one separately. Is that the case?
There are cases that have a screen protector as part of the case. My cousin who works in construction has that type. The case and screen protector are like a box with a clear top. Super bulky and I can't imagine the average user needs that much protection.

Right now DH and I are using a thin tempered glass that sticks directly onto the screen. Ailun is the brand. And yes it is purchased separately from the case.

When DH had that nasty spill with his iPhone he had a similar protector on it.
by damjam
Sun Apr 03, 2022 6:55 pm
Forum: Personal Consumer Issues
Topic: Need iphone 13 pro max case suggestions please
Replies: 24
Views: 1953

Re: Need iphone 13 pro max case suggestions please

walkabout wrote: Sun Apr 03, 2022 4:25 pm I have always uses Speck Candyshell iPhone cases.
+1
DH had a spectacular toss onto a gritty sidewalk of his iPhone 6S. The Speck case was somewhat cracked and scraped up but no damage to the phone. He also had a thin glass screen protector that got pretty messed up. No damage to the screen.

I've had a Speck Candyshell as well for several years. I don't love the Speck Candyshell color choices for the iPhone 13 pro max but the peace of mind is more important.
by damjam
Wed Apr 22, 2020 7:15 pm
Forum: Personal Consumer Issues
Topic: How are you doing laundry?
Replies: 15
Views: 2009

Re: How are you doing laundry?

For people without laundry in their residence, how are you doing laundry? The public laundry is still open, but we're not sure if it's safe to use it. I really don't want to have to handwash everything though, and I don't know where to hang things to dry in the apartment. We've been washing a lot by hand. But sheets and towels are hard to do that way. So we took our laundry to the local laundromat and dropped it off. After pick up we're leaving the laundry to sit untouched for 3 days to allow die off of any viral contamination. Obviously precautions need to be taken during the in and out process. We happened to have one p100 respirator mask lying around from an old household project and plenty of disposable gloves and those were worn. When...
by damjam
Tue Mar 17, 2020 5:52 pm
Forum: Personal Finance (Not Investing)
Topic: Rental Property- how to "retire from service"
Replies: 2
Views: 574

Re: Rental Property- how to "retire from service"

Also how do I deal with prior year disallowed loses? According to a definitive source (https://www.thetaxadviser.com/issues/2017/apr/disposing-passive-activities.html) Disposing of a passive activity allows suspended passive losses to be deducted When a taxpayer disposes of the entire interest in a passive activity, that activity is no longer subject to the passive activity rules. If the activity is disposed of in a fully taxable (as opposed to tax-deferred) transaction to an unrelated party, both current and suspended passive activity losses generated by that activity (as well as any loss on the disposition) can be deducted (Sec. 469(g)(1)). I think that means that the prior year disallowed losses need to be carried forward until the prop...
by damjam
Tue Mar 17, 2020 12:35 pm
Forum: Personal Finance (Not Investing)
Topic: Rental Property- how to "retire from service"
Replies: 2
Views: 574

Rental Property- how to "retire from service"

I have a two family property.
Until Dec 2018 one unit was a rental the other my personal residence.
Jan 2019 I converted the rental unit into additional personal space. So both units are personal residence now.

How do I report this?
Also how do I deal with prior year disallowed loses?

I realize all depreciation will be recaptured upon sale and any capital gains exemption will be prorated based on % of time used for each purpose, but that is a issue for a later date.
by damjam
Wed Jun 05, 2019 1:26 pm
Forum: Personal Finance (Not Investing)
Topic: Selling home- Demanding Buyer (Repairs)
Replies: 495
Views: 71846

Re: Selling home- Demanding Buyer (Repairs)

This is my agent's response when I told her that we accepted buyers offer under the pretense that he was paying cash. Agent said that changing to financing is allowed per the contract. And that buyer was allowed to do that as long as it does not delay settlement. Here is her response to me exactly. Since there is no appraisal contingency- technically the terms have not changed. and the septic repair will not need to be done prior to settlement - once we have the final numbers on the septic repair - we will figure out the logistics of either reducing the price by that amount or paying the contractor directly from settlement I think your agent is incorrect here. Bringing in financing in any form at this point is changing the terms. You said ...
by damjam
Tue May 07, 2019 6:32 am
Forum: Personal Consumer Issues
Topic: Anybody try the Blue Apron or the like?
Replies: 77
Views: 8650

Re: Anybody try the Blue Apron or the like?

I agree with everyone that the packaging waste is an issue but I live with it. For us it's a service like this or eating at a restaurant or takeout. Neither one of us enjoys meal planning or grocery shopping so having those aspects taken care of by a service is perfect for us. We've tried several of the services and our favorites are Sun Basket and Plated. Here's my summary of the services we have tried: None of the plans offer single serving meals, minimum 2 servings per recipe. We've never tried the fish with any of the services. Some of the services, such as Blue Apron and Sun Basket, offer wine pairings - never tried them. Every week each service sends printed copies of the recipes you need. You get to select what you want up to 4 or 5 ...
by damjam
Tue Apr 16, 2019 6:33 am
Forum: Personal Consumer Issues
Topic: Women, How Much Do You Pay for Haircut
Replies: 94
Views: 8196

Re: Women, How Much Do You Pay for Haircut

Wow, wouldn't the hairstylists be very rich then? Some people here pay $200 for one visit. If the hairstylist just had three clients a day, that would be $600. And over 20 working days a month that would be $12,000. Take away, I don't know ... $3000 for rental/utilities/supplies, and that's like $9000 a month? Not in my case. Sure cut and color is $140 + $30 tip. But that's two people - one for color and another for cut. The colorist can handle 2/3 people at slightly overlapping intervals, but the stylist can only deal with one head at a time. Plus $3000 for rental/utilities/supplies would definitely be an underestimation. That could easily be the rent alone around here. To better answer the OP, the cut alone is $65 + tip. ETA: also, earni...
by damjam
Mon Apr 15, 2019 7:45 pm
Forum: Personal Consumer Issues
Topic: Women, How Much Do You Pay for Haircut
Replies: 94
Views: 8196

Re: Women, How Much Do You Pay for Haircut

HCOL area - $140 cut and color every 5 weeks + tip. Really hate those dark roots to show!
by damjam
Wed Feb 27, 2019 7:00 am
Forum: Personal Consumer Issues
Topic: Staying in Brooklyn- Recommendations
Replies: 18
Views: 1564

Re: Staying in Brooklyn- Recommendations

Dontwasteit wrote: Wed Feb 27, 2019 6:22 am I live in Brooklyn. Bay Ridge is always nice. Tons of restaurants, plenty of shopping, multiple subway stations. There is a nice Best Western Gregory Hotel (4th Ave & 83rd St).
I live in Bay Ridge. I would not recommend the Best Western. I had friends stay there when their house needed work. They said the staff is great but the facility is so so at best.
I love my neighborhood, however I wouldn't stay here for a short visit to NYC - especially if that visit includes lots of time in Manhattan or other parts of Brooklyn. Bay Ridge is just too far south in my opinion.

Where to stay depends on what your itinerary is going to be.
by damjam
Fri Sep 21, 2018 1:16 pm
Forum: Personal Consumer Issues
Topic: My Very First Smartphone [Samsung Galaxy S9+] — Please Critique This Plan
Replies: 123
Views: 9762

Re: My Very First Smartphone — Please Critique This Plan

Would it be possible for me to use my landline phone number for this phone? Yes. You can port a land line number over to a wireless carrier. It will take at least a few days to do it. Otherwise you can get a new number with little to no delay. Thanks! Would that involve abandoning my landline, or could the same number be used for both? You would loose your land line with this plan. As an alternative you could keep your land line. Get a second number for your mobile. Then have calls to your land line forwarded to the mobile. Or vise versa. Of course this requires having a plan that provides call forwarding on your land line. The mobile phone plan almost certainly would have that capability. Thanks for this info! A related question: my prima...
by damjam
Fri Sep 21, 2018 12:59 pm
Forum: Personal Consumer Issues
Topic: My Very First Smartphone [Samsung Galaxy S9+] — Please Critique This Plan
Replies: 123
Views: 9762

Re: My Very First Smartphone — Please Critique This Plan

iceport wrote: Fri Sep 21, 2018 12:54 pm
damjam wrote: Fri Sep 21, 2018 12:52 pm
iceport wrote: Fri Sep 21, 2018 12:48 pm Would it be possible for me to use my landline phone number for this phone?
Yes. You can port a land line number over to a wireless carrier. It will take at least a few days to do it. Otherwise you can get a new number with little to no delay.
Thanks! Would that involve abandoning my landline, or could the same number be used for both?
You would loose your land line with this plan.
As an alternative you could keep your land line. Get a second number for your mobile. Then have calls to your land line forwarded to the mobile. Or vise versa.
Of course this requires having a plan that provides call forwarding on your land line. The mobile phone plan almost certainly would have that capability.
by damjam
Fri Sep 21, 2018 12:52 pm
Forum: Personal Consumer Issues
Topic: My Very First Smartphone [Samsung Galaxy S9+] — Please Critique This Plan
Replies: 123
Views: 9762

Re: My Very First Smartphone — Please Critique This Plan

iceport wrote: Fri Sep 21, 2018 12:48 pm Would it be possible for me to use my landline phone number for this phone?
Yes. You can port a land line number over to a wireless carrier. It will take at least a few days to do it. Otherwise you can get a new number with little to no delay.
by damjam
Fri Sep 21, 2018 11:12 am
Forum: Personal Investments
Topic: How real is cyber risk?
Replies: 176
Views: 16827

Re: How real is cyber risk?

Google has found security keys are a big improvement in security. Requiring employees to use security keys eliminated successful phishing attempts. I hope we can agree that phishing is a very real concern for just about everyone even if SIM swaps and number porting are not. As was pointed out earlier in other threads, browser-based password managers very effectively thwart phishing attempts without the hassles associated with hardware keys. Yes they (password managers) can assist by alerting you to being on the wrong web page, but human behavior is a funny thing. Google's results by testing thousands of employees using security keys is a strong enough recommendation for me. I also find physical keys logically simple to understand. I know h...
by damjam
Fri Sep 21, 2018 10:48 am
Forum: Personal Investments
Topic: How real is cyber risk?
Replies: 176
Views: 16827

Re: How real is cyber risk?

No there is no way to disable the SMS at this time I believe we discussed this earlier. Use Google Voice. You will get your SMS via email. Yes. You can also have your verification code sent to a land line via voice rather than SMS. All these work around tactics that firms are requiring are exhausting. Also it should be recognized that users who are unaware of the dangers of SMS are being ill served by Vanguard in this instance. Concerns about security of SMS are overblown. Well over 99.999% of people will never have their phone number ported out by a malicious actor, a couple of well-publicized celebrity cases notwithstanding. For them, using SMS as a second factor is a HUGE improvement over not having a second factor at all. That said, I ...
by damjam
Fri Sep 21, 2018 7:01 am
Forum: Personal Investments
Topic: How real is cyber risk?
Replies: 176
Views: 16827

Re: How real is cyber risk?

Vulcan wrote: Fri Sep 21, 2018 6:57 am
damjam wrote: Tue Sep 18, 2018 8:04 pm No there is no way to disable the SMS at this time
I believe we discussed this earlier. Use Google Voice. You will get your SMS via email.
Yes. You can also have your verification code sent to a land line via voice rather than SMS.
All these work around tactics that firms are requiring are exhausting.
Also it should be recognized that users who are unaware of the dangers of SMS are being ill served by Vanguard in this instance.
by damjam
Fri Sep 21, 2018 6:47 am
Forum: Personal Investments
Topic: How real is cyber risk?
Replies: 176
Views: 16827

Re: How real is cyber risk?

Non-SMS 2FA is a reasonable practice, as long as you're maintaining your phone (or key) secure too.. otherwise non-SMS 2FA is just as useless once your phone is compromised. Security is like ogres. And ogres are like onions. Layers are important. Here is an excellent recent article "Before You Turn On Two-Factor Authentication…" Aug 14, 2018, https://medium.com/@stuartschechter/before-you-turn-on-two-factor-authentication-27148cc5b9a1 Victoria I found the article VictoriaF reference muddied in execution but this chart helped untangle some of the issues: https://cdn-images-1.medium.com/max/800/1*mVn_17PBl6d14ScBfnBfTw.png It's too bad SMS was not explicitly added to the chart, but at best I think SMS can only be expected to perfor...
by damjam
Wed Sep 19, 2018 8:28 am
Forum: Investing - Theory, News & General
Topic: Vanguard - You'll need to sign up for security codes soon
Replies: 194
Views: 35802

Re: Vanguard - You'll need to sign up for security codes soon

LadyGeek wrote: Tue Sep 18, 2018 6:57 pm My DH just got the email. The sign-up deadline is September 26.

As noted earlier, there is no option for email. You gotta be kidding. :annoyed

My contact phone number does not have text messaging (old landline) and I may not be near the phone when logging in. No, I'm not giving them another phone number.
You don't need a cell phone.
Just checked it two seconds ago. You can have the code sent to you via audio message to a land line.
by damjam
Tue Sep 18, 2018 8:04 pm
Forum: Personal Investments
Topic: How real is cyber risk?
Replies: 176
Views: 16827

Re: How real is cyber risk?

(Cue: entry stage right; someone who will explain how email is even worse... :) ) This is what Vanguard says: "Why can't you email security codes to me? We believe that text messages and phone calls provide greater security for our clients. Email providers can be compromised on a large scale, and email phishing attempts are prevalent." There doesn't seem to be a way to use a SECOND Yubikey as a sole backup to the first one. Is there (anyone, anyone, Bueller)? No there is no way to disable the SMS at this time and no you can't use a second Yubikey as backup. I would love if I could register two or more keys and disable all forms of recovery that don't involve talking to someone. Calling will always have to be the ultimate fallback...
by damjam
Tue Sep 18, 2018 7:51 pm
Forum: Personal Finance (Not Investing)
Topic: Bank of America credit card “feature” (be careful with autopay)
Replies: 53
Views: 9444

Re: Bank of America credit card “feature” (be careful with autopay)

I am old school. Send me a bill and I'll use bill pay and schedule payments. I could see a benefit if you travel a lot or when your mental facilities decline. I think the key bill to pay is health insurance since I fear that could be a cause to cancel or be a source of confusion especially if a covered person is having health issues. Lucky our health insurance is Medicare and retiree insurance and premiums are deducted from SS and pension. When I used to get paper statements, I had a statement fail to show up on two occasions over the past 30+ years. I missed my payment both times. My fault obviously, I should have tracked it better. However, autopay eliminates this problem. BofA and Pen Fed have poor implementation of this service. Other ...
by damjam
Tue Sep 18, 2018 7:29 pm
Forum: Personal Investments
Topic: How real is cyber risk?
Replies: 176
Views: 16827

Re: How real is cyber risk?

I have read only about half of this thread, so I apologize if someone has already mentioned this. With regard to Vanguard's implementation of Yubikey as a second factor, I agree that the use of an SMS text message as a backup is a poor decision on their part. The National Institute of Standards and Technology (NIST) now cautions against using SMS as a second factor, there are increasing numbers of examples of SMS-based fraud, and I think government agencies are supposed to avoid using it. It's hard for me to believe that Vanguard's security team thinks that Yubikey backed by SMS is a good idea - I am concerned that the use of SMS was a decision made by clueless upper management. We've gotten around the problem by giving Vanguard our old-fa...
by damjam
Tue Sep 18, 2018 2:00 pm
Forum: Personal Investments
Topic: How real is cyber risk?
Replies: 176
Views: 16827

Re: How real is cyber risk?

Don't worry, I can make you feel worse about those institutions too. :D Example #1: Not too long ago there was an outage of the symantec TFA backend service. During that outage, which lasted many hours, Fidelity did not require TFA at all. U+P was enough. Example #2: Try out the Fidelity phone system and let me know what you think of them after that experience. :D Unfortunately none of them are great. They all have done something to lock the front door while leaving the window wide open. But this does not take away from your point. SMS fallback is a terrible decision. I had a long call with Vanguard this AM on this very topic and am applying pressure higher on the mgmt chain. They need to get better. They are making progress but are not th...
by damjam
Tue Sep 18, 2018 12:22 pm
Forum: Personal Finance (Not Investing)
Topic: [Credit freezes and un-freezes are now free]
Replies: 58
Views: 4358

Re: New York Times--NYTimes: Freezing Credit Will Now Be Free. Here’s Why You Should Go for It.

How easy is it to unfreeze it? I like to play the new credit card game to get bonus miles Unfreezing is simple. Probably too simple as GCD alluded to. When you freeze (which can often be done online, but not always) you receive a PIN for unfreezing. Obviously keep the PIN safe. When you need to unfreeze you go to their website or call a number provided and follow the prompts. Takes only a few minutes for each credit reporting company. Earlier this year, when I needed to unfreeze a single credit reporting company to open a new utility type of account, I was able to unfreeze immediately and call the same day to the utility and open the account. I only unfroze for the one day. I was actually surprised the recent unfreeze was so quick. In the ...
by damjam
Tue Sep 18, 2018 10:58 am
Forum: Personal Finance (Not Investing)
Topic: Bank of America credit card “feature” (be careful with autopay)
Replies: 53
Views: 9444

Re: Bank of America credit card “feature” (be careful with autopay)

SpaethCo wrote: Tue Sep 18, 2018 10:23 am There are quite a few banks where the autopay system is disconnected from the credit card system, so it is unaware of other payments or credits. In addition to BoA, I've had that same situation with Capital One, US Bank / Elan, Barclays, plus a few credit unions.
That explains a lot. Thank you.
by damjam
Tue Sep 18, 2018 10:29 am
Forum: Personal Finance (Not Investing)
Topic: [AARP Article re: ID Theft & Dark Web]
Replies: 32
Views: 4852

Re: AARP Article re: ID Theft & Dark Web

All good info CaliJim.
You might want to check out this thread.viewtopic.php?f=2&t=259015&newpost=4124 ... ead#unread
by damjam
Tue Sep 18, 2018 9:50 am
Forum: Personal Finance (Not Investing)
Topic: Bank of America credit card “feature” (be careful with autopay)
Replies: 53
Views: 9444

Re: Bank of America credit card “feature” (be careful with autopay)

I am old school. Send me a bill and I'll use bill pay and schedule payments. I could see a benefit if you travel a lot or when your mental facilities decline. I think the key bill to pay is health insurance since I fear that could be a cause to cancel or be a source of confusion especially if a covered person is having health issues. Lucky our health insurance is Medicare and retiree insurance and premiums are deducted from SS and pension. When I used to get paper statements, I had a statement fail to show up on two occasions over the past 30+ years. I missed my payment both times. My fault obviously, I should have tracked it better. However, autopay eliminates this problem. BofA and Pen Fed have poor implementation of this service. Other ...
by damjam
Tue Sep 18, 2018 9:41 am
Forum: Personal Investments
Topic: How real is cyber risk?
Replies: 176
Views: 16827

Re: How real is cyber risk?

One of those conveniences being banking by phone. It's really quick and easy to do many things this way but the biggest for me is depositing checks. Check depositing via mobile is not necessarily a bad thing however. I would just ensure if using your mobile fancy thinking device for banking, you enable some sort of PIN/Pass on the phone and can confirm how both your phone and your banking app encrypts your session or data stored. The PIN/Pass depending on model will also ensure data encryption as well as being a barrier to access. That's interesting. I really need to understand the underlying tech, but as of now I do not. Right now I probably know just enough to make me dangerous - to myself mostly. At the moment I'm going to make as conse...
by damjam
Tue Sep 18, 2018 9:27 am
Forum: Personal Investments
Topic: How real is cyber risk?
Replies: 176
Views: 16827

Re: How real is cyber risk?

jainn wrote: Tue Sep 18, 2018 9:05 am AIG Fraud SafeGuard coverage add-on to homeowners insurance.
https://halcyonuw.com/Home/Pdf?path=Aig ... ochure.pdf


AIG has another product called Family CyberEdge
https://www-200.aigprivateclient.com/in ... e-coverage


Image
CyberEdge sounds fantastic, especially for those with caregivers and other staff entering the home. Wonder how high the premium would be.
by damjam
Tue Sep 18, 2018 9:23 am
Forum: Personal Investments
Topic: How real is cyber risk?
Replies: 176
Views: 16827

Re: How real is cyber risk?

One of those conveniences being banking by phone. It's really quick and easy to do many things this way but the biggest for me is depositing checks. Check depositing via mobile is not necessarily a bad thing however. I would just ensure if using your mobile fancy thinking device for banking, you enable some sort of PIN/Pass on the phone and can confirm how both your phone and your banking app encrypts your session or data stored. The PIN/Pass depending on model will also ensure data encryption as well as being a barrier to access. That's interesting. I really need to understand the underlying tech, but as of now I do not. Right now I probably know just enough to make me dangerous - to myself mostly. At the moment I'm going to make as conse...
by damjam
Tue Sep 18, 2018 7:46 am
Forum: Personal Investments
Topic: How real is cyber risk?
Replies: 176
Views: 16827

Re: How real is cyber risk?

I assume that most of the password managers allow you to cut and paste the password. This seems like a good feature to prevent keyloggers from getting the password, but you also need to remember to delete the password from the cut-and-paste buffer. Password managers typically clear the clipboard automatically. I think KeePass did it in 30 seconds or something like that. But in computing time 30 seconds is an eternity. I imagine there is some type of malware that can capture clipboard data with ease - although that's just a guess on my part. I believe 2FA might protect you in this type of situation, depending on all the specifics - what type of 2FA, etc. As an aside, another poster possibly on one of the other threads re cyber security, poi...
by damjam
Tue Sep 18, 2018 7:34 am
Forum: Personal Finance (Not Investing)
Topic: [Credit freezes and un-freezes are now free]
Replies: 58
Views: 4358

Re: New York Times--NYTimes: Freezing Credit Will Now Be Free. Here’s Why You Should Go for It.

How easy is it to unfreeze it? I like to play the new credit card game to get bonus miles Unfreezing is simple. Probably too simple as GCD alluded to. When you freeze (which can often be done online, but not always) you receive a PIN for unfreezing. Obviously keep the PIN safe. When you need to unfreeze you go to their website or call a number provided and follow the prompts. Takes only a few minutes for each credit reporting company. Earlier this year, when I needed to unfreeze a single credit reporting company to open a new utility type of account, I was able to unfreeze immediately and call the same day to the utility and open the account. I only unfroze for the one day. I was actually surprised the recent unfreeze was so quick. In the ...
by damjam
Tue Sep 18, 2018 7:02 am
Forum: Personal Finance (Not Investing)
Topic: Bank of America credit card “feature” (be careful with autopay)
Replies: 53
Views: 9444

Re: Bank of America credit card “feature” (be careful with autopay)

Pen Fed does what the OP experienced as well.
I never pre pay that card now.
As an aside, I had a different issue with a BofA CC and cancelled it several years ago.
by damjam
Tue Sep 18, 2018 6:44 am
Forum: Personal Investments
Topic: How real is cyber risk?
Replies: 176
Views: 16827

Re: How real is cyber risk?

I'd argue the main realistic infosec risk end users face is phishing. I've parroted this response on several of the 2FA token threads, but complex passwords, OTP tokens or password managers won't protect you against common financial phishing attacks, specifically what is known as time of use phishing. Phishing in this context doesn't just mean a spoofed email, it can also come in the form of SEO spamdexing websites, malvertising, etc. Hardware 2FA is the best approach here to mitigate that type of risk if you so choose. I agree. I am a huge fan of yubikey or similar. I use them everywhere I can. OK, you guys and others have successfully explained this stuff and convinced me to make a few changes. Regretfully I think I'll have to walk back ...
by damjam
Tue Sep 18, 2018 1:22 am
Forum: Personal Finance (Not Investing)
Topic: [AARP Article re: ID Theft & Dark Web]
Replies: 32
Views: 4852

Re: Dark Web Article

I do the first 2 above but use Google to keep most of my passwords, those of low security. I also keep an encrypted spreadsheet in case there are problems. The few which are critical are for financial sites (bank, investments, etc.) and each has a unique strong password and Google does not keep those. I do not see how the password managers could significantly improve my security (that may be my ignorance). Personally I think that is a good start, as long as you are keeping cloud or offsite backups since the risk of losing your data to human error, disk error, fire, or physical computer theft is significant. Like you, I let the browser keep most non-financial passwords, and with Chrome I'm sure Google keeps them backed up in the cloud. Usin...
by damjam
Tue Sep 18, 2018 1:18 am
Forum: US Chapters
Topic: Jack Bogle Bobblehead
Replies: 24
Views: 4953

Re: Jack Bogle Bobblehead

I'd love one. Maybe even two.
My local chapter of Bogelheads could put it on the table when we meet in public areas so newcomers know they've reached their destination.
by damjam
Tue Sep 18, 2018 1:08 am
Forum: Personal Finance (Not Investing)
Topic: BofA - Am I Shadow-Loaning to Them?
Replies: 9
Views: 1076

Re: BofA - Am I Shadow-Loaning to Them?

So we're all aware that once upon a time, savings deposits were used to fund loans that banks loaned out, i.e. pay 2% interest on the savings, loan it out at 4.5%, make money on the spread. (Or at least it used to be, it's probably something much more esoteric now) It's my understanding that retail banks like BofA, Chase and the like, make a substantial portion of their revenues from fees. Try reading something like "The Unbanking of America: how the new middle class survives," by Lisa Servon to get an idea of how damaging fees can be to ordinary savers. More directly to your question; I don't think your paranoid at all. Banks, insurance companies, etc always make money on the float. If BofA isn't making money on the float the bi...
by damjam
Mon Sep 17, 2018 11:55 am
Forum: Personal Finance (Not Investing)
Topic: [AARP Article re: ID Theft & Dark Web]
Replies: 32
Views: 4852

Re: Dark Web Article

So the relevant actionable part of the article is this: Actions recommended to protect yourself from identity theft 1. Freeze your credit 2. Monitor your financial accounts 3. Use a Password Manager I do the first 2 above but use Google to keep most of my passwords, those of low security. I also keep an encrypted spreadsheet in case there are problems. The few which are critical are for financial sites (bank, investments, etc.) and each has a unique strong password and Google does not keep those. I do not see how the password managers could significantly improve my security (that may be my ignorance). Please excuse my ignorance. How would one use Google to keep their passwords? Do you mean the auto save function of Chrome, the browser by G...
by damjam
Mon Sep 17, 2018 11:46 am
Forum: Personal Finance (Not Investing)
Topic: Need help in solving Tenant landlord issue
Replies: 26
Views: 2852

Re: Need help in solving Tenant landlord issue

I imagine it would help to know what state and possibly what county the apartment you vacated is in.
by damjam
Mon Sep 17, 2018 10:15 am
Forum: Personal Finance (Not Investing)
Topic: [Credit freezes and un-freezes are now free]
Replies: 58
Views: 4358

Re: New York Times--NYTimes: Freezing Credit Will Now Be Free. Here’s Why You Should Go for It.

jehovasfitness wrote: Sun Sep 16, 2018 2:43 pm Froze ours. Then because you have to do 3 separate freezes for each spouse that's 6 logins/passwords.

We were car shopping recently and what a PITA to unfreeze
Sorry to hear that you found the unfreezing process to be burdensome.

Spouse and I froze last year after the Equifax debacle. I've had to unfreeze mine twice since then. Once all three credit reporting companies and another time just one. Didn't seem that bad to me. Both times the unfreeze was for a specified period, so no further effort on my part to refreeze.

I will say that many years ago we had our credit frozen and unfreezing was much less streamlined. Had to do it by letter if I remember correctly.
by damjam
Mon Sep 17, 2018 8:57 am
Forum: Personal Investments
Topic: How real is cyber risk?
Replies: 176
Views: 16827

Re: How real is cyber risk?

Although I greatly appreciate what all of you have contributed to this thread and other threads, I think you guys have given me a headache. I really wish someone could explain to me what is a reasonable course of action. I have a tech person who is willing to help me (a former UNIX administrator), but personal cyber security is not his area of expertise. Honestly I'm beginning to see why most people don't even bother to try to get this right. — Use a strong, unique password for each site and store passwords in a password manager. — Use 2FA. — For security questions, instead of giving the the correct answer (first car is a mustang), give an answer that doesn’t make sense and only you would know, like lollipop. — Use a strong passcode on you...
by damjam
Mon Sep 17, 2018 8:48 am
Forum: Personal Investments
Topic: How real is cyber risk?
Replies: 176
Views: 16827

Re: How real is cyber risk?

Although I greatly appreciate what all of you have contributed to this thread and other threads, I think you guys have given me a headache. I really wish someone could explain to me what is a reasonable course of action. I have a tech person who is willing to help me (a former UNIX administrator), but personal cyber security is not his area of expertise. Honestly I'm beginning to see why most people don't even bother to try to get this right. — Use a strong, unique password for each site and store passwords in a password manager. — Use 2FA. — For security questions, instead of giving the the correct answer (first car is a mustang), give an answer that doesn’t make sense and only you would know, like lollipop. — Use a strong passcode on you...
by damjam
Mon Sep 17, 2018 4:05 am
Forum: Personal Investments
Topic: How real is cyber risk?
Replies: 176
Views: 16827

Re: How real is cyber risk?

Although I greatly appreciate what all of you have contributed to this thread and other threads, I think you guys have given me a headache.

I really wish someone could explain to me what is a reasonable course of action.

I have a tech person who is willing to help me (a former UNIX administrator), but personal cyber security is not his area of expertise.

Honestly I'm beginning to see why most people don't even bother to try to get this right.
by damjam
Sun Sep 16, 2018 3:28 pm
Forum: Personal Investments
Topic: How real is cyber risk?
Replies: 176
Views: 16827

Re: How real is cyber risk?

The threat model of the OS is not such that encrypting your credentials locally moves the needle anyway. iOS is probably the only exception as the sandboxing track record, while imperfect, it awfully good over the last 10 years. That said, on some level this is all a fools errand. If a bad guy gets on your computer they own everything on your computer. It is not a matter if but rather when this happens. I think were talking about very different levels of risk. Does the world contain trained assassins that can kill me in the blink of a eye? Yes. Are any of them even remotely interested in me or my life? I doubt it sincerely. No security set up is impenetrable. Each of us needs to gauge our risk profile and act accordingly. Not that unlike t...
by damjam
Sun Sep 16, 2018 3:07 pm
Forum: Personal Investments
Topic: How real is cyber risk?
Replies: 176
Views: 16827

Re: How real is cyber risk?

For Vanguard and other brokerage and mutual fund companies there is no federal regulation if you are hacked. Some firms offer a policy. Here is Vanguard policy about your responsibilities: https://personal.vanguard.com/us/help/SecurityOnlineFraudPledgeContent.jsp I found this requirement from Vanguard interesting: Don't store your password or answers to security questions on the computer or device you use to access your Vanguard accounts. I suppose they don't intend us to use password managers then? If you follow the informational links from the fraud pledge page, get to a page that says that you are not supposed to store your password unencrypted on your computer: https://investor.vanguard.com/security/credentials I guess that means encry...
by damjam
Sun Sep 16, 2018 1:56 pm
Forum: Personal Investments
Topic: How real is cyber risk?
Replies: 176
Views: 16827

Re: How real is cyber risk?

For GMail you would use Authenticator app for 2FA. Nothing gets sent anywhere. Google Mail can also be secured with a Yubikey. I have Yubikey as primary 2FA on my Gmail with Authenticator as secondary. Enable Google's advanced account protection evestor, thank you. This is exactly what I've been looking for! I wonder if Yubikey works with this. The blurb on the service says a "wireless" enabled key? I believe the Google Titan key works with bluetooth, but Yubikey NEO works with NFC. Dealing with multiple keys from different vendors would be a bit of a pain, but such is life. You also don't have to have a wireless key. Not strictly required. They push you down this path because most users want email on their phone and that is the ...
by damjam
Sun Sep 16, 2018 11:33 am
Forum: Personal Consumer Issues
Topic: Using Lastpass as your password manager
Replies: 34
Views: 5258

Re: Using Lastpass as your password manager

triceratop wrote: Sun Sep 16, 2018 11:24 am
damjam wrote: Sun Sep 16, 2018 11:11 am I would love it if a password manager worked with Yubikey and would jump on it in a heartbeat. Until then...
Shakespeare: “Striving to better, oft we mar what's well.”
There is such a password manager and I use it every day (as I mentioned above, sorry to repeat myself). It’s called password-store by zx2c4. It even has web browser integration.
Thank you for pointing this out.

However, this is beyond my pay grade. I will need to have my family tech support person look at this, and I will.
Does it work with mobile devices? Not a deal breaker if not. I could just split my passwords between two managers.
by damjam
Sun Sep 16, 2018 11:21 am
Forum: Personal Finance (Not Investing)
Topic: [AARP Article re: ID Theft & Dark Web]
Replies: 32
Views: 4852

Re: Dark Web Article

3. Use a Password Manager Browser autofill integration was once thought to be primarily a convenience feature, but these days it's actually a really important security feature. Your password manager should be doing 2 things for you: Ensuring a unique password for every site Ensuring your user/password are only being used on the site you intended In order to autofill, the password manager checks the URL that you landed on to figure out what user/pass credentials to fill in. If you land on an unknown URL, it won't fill in anything. From internal phishing campaigns run by "red teams" at our company, people who are using "copy/paste" password managers still get caught at an embarrassingly high rate, because they just happil...