Dedicated Financial Computer Master Thread
- TheTimeLord
- Posts: 12554
- Joined: Fri Jul 26, 2013 2:05 pm
Dedicated Financial Computer Master Thread
This topic occasionally comes up but is fairly hard to search on the form. So how many people are using a dedicated financial computer as their only means of online access to their accounts? Any tips or tricks you think are worth sharing?
IMHO, Investing should be about living the life you want, not avoiding the life you fear. |
Run, You Clever Boy! [9085]
Re: Dedicated Financial Computer Master Thread
I don't understand, are you saying some people own a computer that is only used to access their bank, investment, etc. accounts, and not used for anything else? They have a separate computer to track their March Madness brackets, look up stuff to cook, shop online?
Re: Dedicated Financial Computer Master Thread
I assume this approach is intended to provide more security. Perhaps by avoiding general internet browsing, one seeks to avoid malware. Not clear how this would make one more secure as opposed to general precautions, up to date antivirus software, not clicking on inappropriate links...
Or is there some other reason to limit financial access to one computer?
Or is there some other reason to limit financial access to one computer?
We don't know how to beat the market on a risk-adjusted basis, and we don't know anyone that does know either |
--Swedroe |
We assume that markets are efficient, that prices are right |
--Fama
- TheTimeLord
- Posts: 12554
- Joined: Fri Jul 26, 2013 2:05 pm
Re: Dedicated Financial Computer Master Thread
Yes.Oddball wrote: Fri Mar 22, 2024 12:34 pm I don't understand, are you saying some people own a computer that is only used to access their bank, investment, etc. accounts, and not used for anything else? They have a separate computer to track their March Madness brackets, look up stuff to cook, shop online?
IMHO, Investing should be about living the life you want, not avoiding the life you fear. |
Run, You Clever Boy! [9085]
Re: Dedicated Financial Computer Master Thread
I can see the arguments for using a separate dedicated computer, but think it would be overkill if you do the following.
Use unique, long passwords
Use 2FA with a security key, authenticator or Google Voice number
Use a different username for each financial account
Use a dedicated email address for financial accounts
Check your accounts daily
Get email AND text alerts of any trading activity or large transactions
Have your brokerage/bank accounts customer services on speed dial
Lock your brokerage accounts to the extent possible/practical
Install anti-malware (e.g., Malwarebytes) on your computer
Otherwise practice good computer hygiene--don't click on email links, visit dodgy sites, etc.
I'm sure others will have additions to the above list.
Use unique, long passwords
Use 2FA with a security key, authenticator or Google Voice number
Use a different username for each financial account
Use a dedicated email address for financial accounts
Check your accounts daily
Get email AND text alerts of any trading activity or large transactions
Have your brokerage/bank accounts customer services on speed dial
Lock your brokerage accounts to the extent possible/practical
Install anti-malware (e.g., Malwarebytes) on your computer
Otherwise practice good computer hygiene--don't click on email links, visit dodgy sites, etc.
I'm sure others will have additions to the above list.
Re: Dedicated Financial Computer Master Thread
Never heard of such a thing. Where is it that it "occasionally comes up"?TheTimeLord wrote: Fri Mar 22, 2024 12:13 pm This topic occasionally comes up but is fairly hard to search on the form. So how many people are using a dedicated financial computer as their only means of online access to their accounts? Any tips or tricks you think are worth sharing?
If it is a thing, I wonder what kind of net worth these individuals have....
- cheese_breath
- Posts: 12300
- Joined: Wed Sep 14, 2011 7:08 pm
Re: Dedicated Financial Computer Master Thread
OP is right. It has come up before.finfire wrote: Fri Mar 22, 2024 12:52 pmNever heard of such a thing. Where is it that it "occasionally comes up"?TheTimeLord wrote: Fri Mar 22, 2024 12:13 pm This topic occasionally comes up but is fairly hard to search on the form. So how many people are using a dedicated financial computer as their only means of online access to their accounts? Any tips or tricks you think are worth sharing?
If it is a thing, I wonder what kind of net worth these individuals have....
But in answer to the question, I don't have a separate computer for such things,
The surest way to know the future is when it becomes the past.
Re: Dedicated Financial Computer Master Thread
cheese_breath wrote: Fri Mar 22, 2024 12:55 pmOP is right. It has come up before.finfire wrote: Fri Mar 22, 2024 12:52 pmNever heard of such a thing. Where is it that it "occasionally comes up"?TheTimeLord wrote: Fri Mar 22, 2024 12:13 pm This topic occasionally comes up but is fairly hard to search on the form. So how many people are using a dedicated financial computer as their only means of online access to their accounts? Any tips or tricks you think are worth sharing?
If it is a thing, I wonder what kind of net worth these individuals have....
But in answer to the question, I don't have a separate computer for such things,
I did not think OP made it up. I just Never heard of such a thing.
- TheTimeLord
- Posts: 12554
- Joined: Fri Jul 26, 2013 2:05 pm
Re: Dedicated Financial Computer Master Thread
Here is one of the past threads.finfire wrote: Fri Mar 22, 2024 12:52 pmNever heard of such a thing. Where is it that it "occasionally comes up"?TheTimeLord wrote: Fri Mar 22, 2024 12:13 pm This topic occasionally comes up but is fairly hard to search on the form. So how many people are using a dedicated financial computer as their only means of online access to their accounts? Any tips or tricks you think are worth sharing?
If it is a thing, I wonder what kind of net worth these individuals have....
viewtopic.php?t=389336
IMHO, Investing should be about living the life you want, not avoiding the life you fear. |
Run, You Clever Boy! [9085]
Re: Dedicated Financial Computer Master Thread
If it goes thru your same home router, does that negate the safety? Also, Mobile apps for banking are handy. Do you avoid those?
- TheTimeLord
- Posts: 12554
- Joined: Fri Jul 26, 2013 2:05 pm
Re: Dedicated Financial Computer Master Thread
IMHO, Investing should be about living the life you want, not avoiding the life you fear. |
Run, You Clever Boy! [9085]
Re: Dedicated Financial Computer Master Thread
Next up, how many people use a dedicated phone to access your financial accounts?
- TheTimeLord
- Posts: 12554
- Joined: Fri Jul 26, 2013 2:05 pm
Re: Dedicated Financial Computer Master Thread
There might be a some folks with dedicated Google Voice numbers.billaster wrote: Fri Mar 22, 2024 1:19 pm Next up, how many people use a dedicated phone to access your financial accounts?
IMHO, Investing should be about living the life you want, not avoiding the life you fear. |
Run, You Clever Boy! [9085]
Re: Dedicated Financial Computer Master Thread
Similar to the dedicated phone for only international travel use thread.billaster wrote: Fri Mar 22, 2024 1:19 pm Next up, how many people use a dedicated phone to access your financial accounts?
viewtopic.php?p=7779537#p7779537
To OP, No, I don't use separate computers or phones.
Re: Dedicated Financial Computer Master Thread
I wouldn't bother with it as long as you are staying fairly mainstream with your visits and habits.TheTimeLord wrote: Fri Mar 22, 2024 12:13 pm This topic occasionally comes up but is fairly hard to search on the form. So how many people are using a dedicated financial computer as their only means of online access to their accounts? Any tips or tricks you think are worth sharing?
I personally use Firefox with NoScript to limit what sites can do. It's a huge pain to get everything working. But once you do, you'll be amazed how fast your computer actually is when it's not trying to load 97 individual advertising and tracking scripts.
I stick with Microsoft Defender. Most third-party antivirus is more trouble than it's worth. It's usually the new stuff that gets you. By the time antivirus vendors update their signatures, a new one is out.
I'm not suggesting that you hook up your computer to free WiFi and transact, but if it's at home, behind a NAT device, you'll be fine.
In general, people tend to exaggerate risks. Email with attachments is probably your biggest risk.
I've had an internet company since 1996. We currently have about 100 employees, but have probably had 500 different employees over the years. We used to offer dial up service. We've hosted websites for financial firms and state governments.
In that time, we had one issue with Code Red at the turn of the century. The most recent problem was a couple of years ago, when our in-house council, who's probably close to 70 now, fell for a phishing email with a malicious attachment.
The only virus that I've ever personally dealt with was sometime from 1989-1990, when a classmate gave me a disk that had the Jerusalem virus. (https://en.m.wikipedia.org/wiki/Jerusal ... ter_virus))
I have basically used a computer daily for 35 years and use one 8-10 hours a day for my work. (And I wasn't always just on mainstream stuff.) I have no concerns.
-
- Posts: 6450
- Joined: Mon Aug 22, 2016 3:22 pm
Re: Dedicated Financial Computer Master Thread
Perhaps I should buy a car dedicated for driving only to the bank.
Re: Dedicated Financial Computer Master Thread
Now I'm wondering if there is a modern cloud equivalent?
say you spin up a OS (windows, linux etc) instance for the few minutes that you need to browse a financial site, then you down the instance and kill it....
say you spin up a OS (windows, linux etc) instance for the few minutes that you need to browse a financial site, then you down the instance and kill it....
Re: Dedicated Financial Computer Master Thread
We do this, more or less. My personal computer is only used for financial sites and yearly taxes. I do sometimes visit a site that is known and/or trusted (e.g. Amazon, insurance company, Bogleheads, etc), and will always log out afterwards.
But never for general “browsing” and I don’t install any 3rd part apps, except for google’s Chrome browser.
All personal reading and browsing happens on an iPad.
I do not use apps for any financial sites (e.g. brokerages). However, I do use phone apps for credit cards and a checking account that we use to pay some bills that only contains a small amount of cash, on average.
Furthermore all brokerages have Symantec VIP enabled with money lockdown and strong passwords (that are “not” kept in an online password manager).
But never for general “browsing” and I don’t install any 3rd part apps, except for google’s Chrome browser.
All personal reading and browsing happens on an iPad.
I do not use apps for any financial sites (e.g. brokerages). However, I do use phone apps for credit cards and a checking account that we use to pay some bills that only contains a small amount of cash, on average.
Furthermore all brokerages have Symantec VIP enabled with money lockdown and strong passwords (that are “not” kept in an online password manager).
"Buy-and-hold, long-term, all-market-index strategies, implemented at rock-bottom cost, are the surest of all routes to the accumulation of wealth" - John C. Bogle
-
- Posts: 184
- Joined: Tue May 17, 2011 4:16 pm
Re: Dedicated Financial Computer Master Thread
I use an inexpensive Chromebook (though Chromebooks are now getting more expensive) that still gets Android security updates (they end after a while).
I only login as a guest, not under my Gmail profile. Guest mode is a temporary user account on Chromebooks, so browsing history, website data, and downloaded files from the guest user will be deleted once I exit guest mode.
It means I have to re-enter passwords, but I don't mind. I find it's better not to have instantaneous access to all my financial accounts because it raises the chance I'll over react to market moves instead of staying the course. I do have text alerts activated for my most important accounts.
I only login as a guest, not under my Gmail profile. Guest mode is a temporary user account on Chromebooks, so browsing history, website data, and downloaded files from the guest user will be deleted once I exit guest mode.
It means I have to re-enter passwords, but I don't mind. I find it's better not to have instantaneous access to all my financial accounts because it raises the chance I'll over react to market moves instead of staying the course. I do have text alerts activated for my most important accounts.
Re: Dedicated Financial Computer Master Thread
We use one.
It's a raspberry pi 400 running ubuntu, so if you have an old monitor the cost is $100. For an added bonus, the only storage, user or OS, is one microSD card. If you wanted to use it for something else most of the time you could pull the SD card and put the card in your safe. Whatever got hacked on the general use SD card would stay with it when you swapped cards (modulo a few exotic attacks).
This is specifically only for financial stuff, or more specifically transactions with treasury direct/brokerages/banks. I don't use it for email, looking at bogleheads, doing our general financial planning, or whatever. The only traffic is using a browser to go to vanguard.com or whatever. or click t
The benefit is that if I (or my better half) go to some sketchy site or open the wrong PDF on our general purpose computers there isn't exposure to the bulk of our assets.
I agree it is a very cautious approach, but OTOH is is cheap and easy to do.
It's a raspberry pi 400 running ubuntu, so if you have an old monitor the cost is $100. For an added bonus, the only storage, user or OS, is one microSD card. If you wanted to use it for something else most of the time you could pull the SD card and put the card in your safe. Whatever got hacked on the general use SD card would stay with it when you swapped cards (modulo a few exotic attacks).
This is specifically only for financial stuff, or more specifically transactions with treasury direct/brokerages/banks. I don't use it for email, looking at bogleheads, doing our general financial planning, or whatever. The only traffic is using a browser to go to vanguard.com or whatever. or click t
The benefit is that if I (or my better half) go to some sketchy site or open the wrong PDF on our general purpose computers there isn't exposure to the bulk of our assets.
I agree it is a very cautious approach, but OTOH is is cheap and easy to do.
- Svensk Anga
- Posts: 1898
- Joined: Sun Dec 23, 2012 4:16 pm
Re: Dedicated Financial Computer Master Thread
I do have a dedicated financial computer. It is a very basic Chromebook. If you shop around, you can get these for $100 or a bit more, so it is not a great extravagance. Oh, and I bought a mouse, so add maybe $15. When Google provides updates, I understand that it rewrites the whole operating system, so I think that would clear out any junk that got in. One does have to replace the hardware when it has reached the end of it's update availability if you want to be assured of security.
I guess email is the most likely vector for malware. I try not to open email on the financial machine, but sometimes there are things that cannot be done otherwise.
$100 or so every five years is worthwhile to me for some peace of mind regarding safety of our stash.
The only time I use a phone app for financial stuff is to deposit a check to my credit union.
I guess email is the most likely vector for malware. I try not to open email on the financial machine, but sometimes there are things that cannot be done otherwise.
$100 or so every five years is worthwhile to me for some peace of mind regarding safety of our stash.
The only time I use a phone app for financial stuff is to deposit a check to my credit union.
Re: Dedicated Financial Computer Master Thread
With a prior gig, where I had to use a company-issued laptop, that's what I did. You can script it pretty easily.finfire wrote: Fri Mar 22, 2024 1:29 pm Now I'm wondering if there is a modern cloud equivalent?
say you spin up a OS (windows, linux etc) instance for the few minutes that you need to browse a financial site, then you down the instance and kill it....
Again, though, I think the risk is exaggerated.
Re: Dedicated Financial Computer Master Thread
I do, it's a chromebook. It has its own google account too.
Re: Dedicated Financial Computer Master Thread
I did this at one point, many years ago. Finally decided the risk mitigation was not worth the effort.
These days all my financial data is in a Bitlocker encrypted share which only gets unlocked for updates or viewing the data.
Edit: I've read windows 12 ( ?) will have sandboxing for individual apps.. Another reason a separate PC is not needed.
..
These days all my financial data is in a Bitlocker encrypted share which only gets unlocked for updates or viewing the data.
Edit: I've read windows 12 ( ?) will have sandboxing for individual apps.. Another reason a separate PC is not needed.
..
TheTimeLord wrote: Fri Mar 22, 2024 12:13 pm This topic occasionally comes up but is fairly hard to search on the form. So how many people are using a dedicated financial computer as their only means of online access to their accounts? Any tips or tricks you think are worth sharing?
Re: Dedicated Financial Computer Master Thread
I do not... And have no plans to ever do so... And I would not recommend others to do so... (I'm not sure the effort/cost is worth a potentially negligible "benefit".)
But if someone was going to, I would make the same recommendations for this device as I would any/all others:
But if someone was going to, I would make the same recommendations for this device as I would any/all others:
- Ensure it remains updated on a supported OS
- Which means you'll likely need to replace the hardware every few years as Apple, Microsoft, and Google won't make OS updates available for really old hardware (timeline varies by company)
- Ensure it remains updated with recent/supported versions of any/all applications used on it - including antivirus.
Re: Dedicated Financial Computer Master Thread
Who does this? I've never heard of it.TheTimeLord wrote: Fri Mar 22, 2024 12:48 pmYes.Oddball wrote: Fri Mar 22, 2024 12:34 pm I don't understand, are you saying some people own a computer that is only used to access their bank, investment, etc. accounts, and not used for anything else? They have a separate computer to track their March Madness brackets, look up stuff to cook, shop online?
50% VTSAX | 25% VTIAX | 25% VBTLX (retirement), 25% VTEAX (taxable)
Re: Dedicated Financial Computer Master Thread
I wouldn't bother, but if I wanted to do this, I'd have a VM dedicated to this, versus actual hardware. You could spin up a linux VM easily, since all you really need is a browser (well, you need software to run a VM machine).cheese_breath wrote: Fri Mar 22, 2024 12:55 pmOP is right. It has come up before.finfire wrote: Fri Mar 22, 2024 12:52 pmNever heard of such a thing. Where is it that it "occasionally comes up"?TheTimeLord wrote: Fri Mar 22, 2024 12:13 pm This topic occasionally comes up but is fairly hard to search on the form. So how many people are using a dedicated financial computer as their only means of online access to their accounts? Any tips or tricks you think are worth sharing?
If it is a thing, I wonder what kind of net worth these individuals have....
But in answer to the question, I don't have a separate computer for such things,
Re: Dedicated Financial Computer Master Thread
It would probably be more secure also. The VM could be minimalist, just enough of a kernel to support networking and browser.TN_Boy wrote: Fri Mar 22, 2024 2:05 pmI wouldn't bother, but if I wanted to do this, I'd have a VM dedicated to this, versus actual hardware. You could spin up a linux VM easily, since all you really need is a browser (well, you need software to run a VM machine).cheese_breath wrote: Fri Mar 22, 2024 12:55 pmOP is right. It has come up before.finfire wrote: Fri Mar 22, 2024 12:52 pmNever heard of such a thing. Where is it that it "occasionally comes up"?TheTimeLord wrote: Fri Mar 22, 2024 12:13 pm This topic occasionally comes up but is fairly hard to search on the form. So how many people are using a dedicated financial computer as their only means of online access to their accounts? Any tips or tricks you think are worth sharing?
If it is a thing, I wonder what kind of net worth these individuals have....
But in answer to the question, I don't have a separate computer for such things,
However, this may be complex for many people.
- TheTimeLord
- Posts: 12554
- Joined: Fri Jul 26, 2013 2:05 pm
Re: Dedicated Financial Computer Master Thread
I think there are people who probably have implemented virtual machines.finfire wrote: Fri Mar 22, 2024 1:29 pm Now I'm wondering if there is a modern cloud equivalent?
say you spin up a OS (windows, linux etc) instance for the few minutes that you need to browse a financial site, then you down the instance and kill it....
IMHO, Investing should be about living the life you want, not avoiding the life you fear. |
Run, You Clever Boy! [9085]
Re: Dedicated Financial Computer Master Thread
Agree on the above. Probably too complex for many. I have several VMs with Linux and most are non-persistent so even if something crept in it won't survive turning off the VM. I don't use them for financial stuff - mainly what little search I do a and a bit of browsing .finfire wrote: Fri Mar 22, 2024 2:08 pmIt would probably be more secure also. The VM could be minimalist, just enough of a kernel to support networking and browser.TN_Boy wrote: Fri Mar 22, 2024 2:05 pmI wouldn't bother, but if I wanted to do this, I'd have a VM dedicated to this, versus actual hardware. You could spin up a linux VM easily, since all you really need is a browser (well, you need software to run a VM machine).cheese_breath wrote: Fri Mar 22, 2024 12:55 pmOP is right. It has come up before.finfire wrote: Fri Mar 22, 2024 12:52 pmNever heard of such a thing. Where is it that it "occasionally comes up"?TheTimeLord wrote: Fri Mar 22, 2024 12:13 pm This topic occasionally comes up but is fairly hard to search on the form. So how many people are using a dedicated financial computer as their only means of online access to their accounts? Any tips or tricks you think are worth sharing?
If it is a thing, I wonder what kind of net worth these individuals have....
But in answer to the question, I don't have a separate computer for such things,
However, this may be complex for many people.
Don't trust me, look it up. https://www.irs.gov/forms-instructions-and-publications
Re: Dedicated Financial Computer Master Thread
I don't use a separate device, vm or otherwise. I do understand the risk but am not convinced it would be substantially reduced by using a separate device. Also I log onto financial sites often so it would be a significant inconvenience.
Re: Dedicated Financial Computer Master Thread
I have a laptop that is dedicated for financial type stuff as well as one used only for photo/video editing and another I use for general day to day stuff like email etc and yet another as a Linux machine running my DNS server.
I do this not necessarily because I’m paranoid or like keeping everything separate but somehow I ended up with 6 laptops when I retired so I don’t want any of them to feel neglected.
I do this not necessarily because I’m paranoid or like keeping everything separate but somehow I ended up with 6 laptops when I retired so I don’t want any of them to feel neglected.
Bad spellers of the world untie |
Autocorrect is my worst enema
Re: Dedicated Financial Computer Master Thread
I agree, though there are many people who would not want to mess with this. You have to buy/download the VM software (the better stuff costs more), get the OS (Linux maybe a bit more pain) downloaded and running, make a few configuration decisions etc. It's not rocket science, but it's not completely trivial if you are not a bit of a techie.TheTimeLord wrote: Fri Mar 22, 2024 2:37 pmI think there are people who probably have implemented virtual machines.finfire wrote: Fri Mar 22, 2024 1:29 pm Now I'm wondering if there is a modern cloud equivalent?
say you spin up a OS (windows, linux etc) instance for the few minutes that you need to browse a financial site, then you down the instance and kill it....
Re: Dedicated Financial Computer Master Thread
I have been using a separate, dedicated laptop for finance for a long time. This is my setup:
- I bought a new laptop running windows professional
-Unistalled all unwanted programs. I only have Microsoft Office, Moneydance to track expenses, Chrome browser, Adobe pdf reader, Keepass password manager, tax software, and some windows utilities.
- I set up a separate email account on this laptop. I use that exclsively for accessing my accounts and for nothing else. I never share that email account with anyone.
- I created a simple html document containing links to all my accounts, saved it on the harddrive, and made that my home page. So when I launch the browser, that page loads up and I go to my account by clicking on the link on that page.
I have a couple of other computers for other purposes, one for processing photographs using Adobe Lightroom and another for everything else.
- I bought a new laptop running windows professional
-Unistalled all unwanted programs. I only have Microsoft Office, Moneydance to track expenses, Chrome browser, Adobe pdf reader, Keepass password manager, tax software, and some windows utilities.
- I set up a separate email account on this laptop. I use that exclsively for accessing my accounts and for nothing else. I never share that email account with anyone.
- I created a simple html document containing links to all my accounts, saved it on the harddrive, and made that my home page. So when I launch the browser, that page loads up and I go to my account by clicking on the link on that page.
I have a couple of other computers for other purposes, one for processing photographs using Adobe Lightroom and another for everything else.
-
- Posts: 856
- Joined: Thu Mar 06, 2014 9:43 pm
Re: Dedicated Financial Computer Master Thread
I don’t have a separate computer for financial stuff, but on my Mac I have a separate account for some video games/services that I’m not sure I trust (mostly about the game publisher). That account doesn’t get admin access.
I use that separate account for my Steam games (games from assorted publishers), and (years ago) world of warships (published by a company originally HQ’d in Minsk)
But some games I’ll play on my primary account (SimCity from EA).
I use that separate account for my Steam games (games from assorted publishers), and (years ago) world of warships (published by a company originally HQ’d in Minsk)
But some games I’ll play on my primary account (SimCity from EA).
Re: Dedicated Financial Computer Master Thread
I have a new ipad that I only use for my Banking/Brokerage/Insurance sites. I don’t have email set up on it, and I limit applications and data shared via icloud ( no photos, safari bookmarks, etc.).
I bought it to replace my ipad 6, since it was on sale. However, I ended up just using the new one for financial purposes only.
I do use my phone to log into one of my bank accounts, but I don’t keep much cash there.
Years ago, I ran Ubuntu from an external drive.
Not sure if all this actually adds anything, but it works for me!
I bought it to replace my ipad 6, since it was on sale. However, I ended up just using the new one for financial purposes only.
I do use my phone to log into one of my bank accounts, but I don’t keep much cash there.
Years ago, I ran Ubuntu from an external drive.
Not sure if all this actually adds anything, but it works for me!
Re: Dedicated Financial Computer Master Thread
I concur, many of these are the steps one should take, but no reason to have a separate computer.cowdogman wrote: Fri Mar 22, 2024 12:48 pm I can see the arguments for using a separate dedicated computer, but think it would be overkill if you do the following.
Use unique, long passwords
Use 2FA with a security key, authenticator or Google Voice number
Use a different username for each financial account
Use a dedicated email address for financial accounts
Check your accounts daily
Get email AND text alerts of any trading activity or large transactions
Have your brokerage/bank accounts customer services on speed dial
Lock your brokerage accounts to the extent possible/practical
Install anti-malware (e.g., Malwarebytes) on your computer
Otherwise practice good computer hygiene--don't click on email links, visit dodgy sites, etc.
I'm sure others will have additions to the above list.
That said, I use my iphone and iPad for many personal things and tend to use my laptop for business/financial tasks.
But If I want to watch a YouTube video on my laptop, no big deal. The above steps should be followed on any/all devices you own.
I don't want ANY of my devices hacked, and some hacks are not device specific anyway.
-
- Posts: 315
- Joined: Tue Oct 23, 2018 11:07 am
Re: Dedicated Financial Computer Master Thread
No need. Run this from a write protected drive. Easy, fast, not possible for the drive to have any info about your accounts saved on it:
https://tails.net/
https://tails.net/
- nisiprius
- Advisory Board
- Posts: 54718
- Joined: Thu Jul 26, 2007 9:33 am
- Location: The terrestrial, globular, planetary hunk of matter, flattened at the poles, is my abode.--O. Henry
Re: Dedicated Financial Computer Master Thread
I know that security is technically complicated, and that I am not an expert. I therefore think that my intuitions about what practices add security are not reliable.
It is very easy to get talked into some basically-superstitious practice under the guise of advice. At one point I was working for two scientists, each of whom had their own PDP-11 minicomputer. One of them absolutely insisted that his computer be powered down every night--not for energy reasons, but because he believed that risks and required maintenance were a direct function of the number of hours of operation. (The expensive air filters for the disk drives absolutely did have a replacement schedule based on hours of operation, for example). The other absolutely insisted that his computer be kept powered up continuously, 24/7, because he believed each power up stressed the devices and wore them out incrementally.
If there were a solid general consensus among real security experts that everyone should have a dedicated financial computer, I think computer sellers would be marketing the heck out of this, with deals for buying a pair of computers at a discounted price.
I have no idea what to do about the flood of data breaches that now seem to occur every few months. I've been notified of exposure to, let me think, three of them within the last year. But those data breaches are occurring at their end, not mine. My account would have been breached whatever computer I was using.
Routers are computers and can and have been hacked. We moved a couple of years ago and our Internet service "gave" us an Internet modem with built-in WiFI router. Since they came with a preset password that appeared to have been randomly generated for each customer, I haven't changed any settings. (One reason is that the manual for the router--online only--is quite sketchy in terms of what things you can actually set and how). Presumably my provider knows my router password, though! It seems to me that if I were doing random things to add security, I'd throw out their router, and buy my own.
This sounds like an older idea of having two computers, one connected to the Internet and one not. ("Air-gapped" is the jargon term). I did know a couple that said they were going do this, but think they actually did. Nowadays I don't even know how you would use such a thing, since very little software is delivered on physical media these days! You'd pretty much be restricted to what's bundled, and you'd need to connect to the Internet just to pay for and activate the full version!
It is very easy to get talked into some basically-superstitious practice under the guise of advice. At one point I was working for two scientists, each of whom had their own PDP-11 minicomputer. One of them absolutely insisted that his computer be powered down every night--not for energy reasons, but because he believed that risks and required maintenance were a direct function of the number of hours of operation. (The expensive air filters for the disk drives absolutely did have a replacement schedule based on hours of operation, for example). The other absolutely insisted that his computer be kept powered up continuously, 24/7, because he believed each power up stressed the devices and wore them out incrementally.
If there were a solid general consensus among real security experts that everyone should have a dedicated financial computer, I think computer sellers would be marketing the heck out of this, with deals for buying a pair of computers at a discounted price.
I have no idea what to do about the flood of data breaches that now seem to occur every few months. I've been notified of exposure to, let me think, three of them within the last year. But those data breaches are occurring at their end, not mine. My account would have been breached whatever computer I was using.
Routers are computers and can and have been hacked. We moved a couple of years ago and our Internet service "gave" us an Internet modem with built-in WiFI router. Since they came with a preset password that appeared to have been randomly generated for each customer, I haven't changed any settings. (One reason is that the manual for the router--online only--is quite sketchy in terms of what things you can actually set and how). Presumably my provider knows my router password, though! It seems to me that if I were doing random things to add security, I'd throw out their router, and buy my own.
This sounds like an older idea of having two computers, one connected to the Internet and one not. ("Air-gapped" is the jargon term). I did know a couple that said they were going do this, but think they actually did. Nowadays I don't even know how you would use such a thing, since very little software is delivered on physical media these days! You'd pretty much be restricted to what's bundled, and you'd need to connect to the Internet just to pay for and activate the full version!
Annual income twenty pounds, annual expenditure nineteen nineteen and six, result happiness; Annual income twenty pounds, annual expenditure twenty pounds ought and six, result misery.
Re: Dedicated Financial Computer Master Thread
I have a sibling who does precisely this.TheTimeLord wrote: Fri Mar 22, 2024 12:13 pm This topic occasionally comes up but is fairly hard to search on the form. So how many people are using a dedicated financial computer as their only means of online access to their accounts? Any tips or tricks you think are worth sharing?
A fool and his money are good for business.
Re: Dedicated Financial Computer Master Thread
For those who are not really computer literate, but want more security when browsing on their fin sites, just download the 'brave' browser. Essentially Firefox with all the security settings set for you and can't be changed. If you know what you are doing, you can set Firefox to delete history, or not save anything etc etc.
For those who have a bit more computer knowledge, as mentioned above, booting tails and running a browser from that would keep nothing on the computer.
For the rest of us, as said early on, probably THE most important issue is 2FA. Having a long unique passphrase is hand in hand with that, but most people re use pwds, which might be out there associated to your email address, but if you have 2FA, you are safe(r).
For those who have a bit more computer knowledge, as mentioned above, booting tails and running a browser from that would keep nothing on the computer.
For the rest of us, as said early on, probably THE most important issue is 2FA. Having a long unique passphrase is hand in hand with that, but most people re use pwds, which might be out there associated to your email address, but if you have 2FA, you are safe(r).
-
- Posts: 17372
- Joined: Fri Apr 10, 2015 12:29 am
Re: Dedicated Financial Computer Master Thread
Long unique passwords are a great idea, but that does not mitigate the risk of a machine being compromised, which is what having a dedicated machine attempts to address.cowdogman wrote: Fri Mar 22, 2024 12:48 pm I can see the arguments for using a separate dedicated computer, but think it would be overkill if you do the following.
(partial list for comments below)
Use unique, long passwords
Use a different username for each financial account
Use a dedicated email address for financial accounts
Install anti-malware (e.g., Malwarebytes) on your computer
Using different and/or random usernames for each account does not provide much. Having as much of the entropy for the combined username and password as possible in the password is more secure as it should be stored securely at the service provider.
Properly locking down email accounts matters. Having a dedicated one for financial accounts does not add much. Segregating accounts used for 2FA and accounts used for email alerts is beneficial. If say a google account used for google voice were compromised, getting email alerts at a different email address than associated with the google voice account would mean that the alerts would not also be compromised. This is segregating the preventive control (google voice 2FA) from the detective control (email alerts).
If using Windows, the built-in Windows Defender is a good anti-malware solution. Installing a 3rd party one has pluses and minuses. It theoretically could catch something that gets through Windows Defender, but it is an application running with admin rights and with connections to the outside world, which becomes an additional point of attack. I prefer not to add to the attack surface for minimal extra security on top of Windows Defender.
I turn this around. The machine I use for financial accounts is not dedicated for that purpose, but all access to financial accounts is done with a single machine. I manage that machine in a more secure manner than other machines. It is segregated on its own virtual network with an Ethernet cable connecting it to the router. I ensure virus signatures are up to date and reboot the machine before accessing a financial account. I minimize the number of software packages installed on the machine, and don't use it for general web surfing.
Re: Dedicated Financial Computer Master Thread
I think a primary requirement for a financial computer is to satisfy the fraud protection policies of your financial companies. Many of the policies require an audit of your computer in the event of a major theft. To me, the use of a virtual machine, or even Linux is questionable for a representative from the financial company to understand so I use a plain vanilla windows PC always updated.
Here are some recent links to the fraud protection policies at some brokers
Schwab
https://international.schwab.com/security-guarantee
Fidelity
https://www.fidelity.com/security/custo ... guarantee
Merrill Edge
https://www.ml.com/privacy-and-security ... ction.html
Vanguard
https://investor.vanguard.com/trust-sec ... ity-center
A thread from 2021 on bogleheads on broker fraud guarantees. I found some of the links dated.
viewtopic.php?t=355944
Here are some recent links to the fraud protection policies at some brokers
Schwab
https://international.schwab.com/security-guarantee
Fidelity
https://www.fidelity.com/security/custo ... guarantee
Merrill Edge
https://www.ml.com/privacy-and-security ... ction.html
Vanguard
https://investor.vanguard.com/trust-sec ... ity-center
A thread from 2021 on bogleheads on broker fraud guarantees. I found some of the links dated.
viewtopic.php?t=355944
Re: Dedicated Financial Computer Master Thread
dual wrote: Sat Mar 23, 2024 1:45 pm To me, the use of a virtual machine, or even Linux is questionable for a representative from the financial company to understand
Can you clarify what you mean as questionable.. to understand?
many linux distros can be run as a (read only) ISO from a thumbdrive or cd.
easy to do and much cheaper than a second machine
-
- Posts: 1723
- Joined: Thu Apr 22, 2021 3:29 pm
Re: Dedicated Financial Computer Master Thread
I suppose it's possible that someone could surf the web without an ad-blocker, click on a malicious ad and have their computer taken over by ransomware.nisiprius wrote: Sat Mar 23, 2024 7:07 am I have no idea what to do about the flood of data breaches that now seem to occur every few months. I've been notified of exposure to, let me think, three of them within the last year. But those data breaches are occurring at their end, not mine. My account would have been breached whatever computer I was using.
Would the victim still be able to access their financial accounts on the second computer? One would think so, but there's the question of the router. Does ransomware affect only a computer or the router as well?
Re: Dedicated Financial Computer Master Thread
I imagine someone from a financial company looking over my shoulder to decide whether I took reasonable care to secure my computer. I doubt they would understand whether I implemented a virtual machine so it is secure. I am an engineer, retired, but I still keep up on software, and I do not understand the implications of whether instances of virtual machines retain history.will86 wrote: Sat Mar 23, 2024 1:55 pmdual wrote: Sat Mar 23, 2024 1:45 pm To me, the use of a virtual machine, or even Linux is questionable for a representative from the financial company to understand
Can you clarify what you mean as questionable.. to understand?
many linux distros can be run as a (read only) ISO from a thumbdrive or cd.
easy to do and much cheaper than a second machine
As for Linux, there are so many distro and versions of software, like browsers, to download and install that I think it’s hard for a financial company to say this is a good implementation. The fraction of people who run Linux is tiny compared to windows or a Mac so again, I think it will be hard to find someone from a financial company who is up on the latest Linux systems.
Re: Dedicated Financial Computer Master Thread
I do have several computers and VMs, but it's not for security reasons. As a practical matter unless the machines are running all the time (which somewhat defeats the "destroy the instance" practices that some people are following), it's annoying to have to apply updates virtually every time I use a computer or image. It doesn't take forever, but takes time for downloading, applying updates, then ((often) rebooting. Unless you research the updates, you won't necessarily know which might be security-related or not, and of course that would take longer than just applying the updates. So I'm just seeing this as a substantial inconvenience for a two-minute login session.
Re: Dedicated Financial Computer Master Thread
I am aware of a non-profit that had a dedicated computer for accessing financial accounts. It was configured so it "reset" to a clean, default configuration on reboot. Anything saved or installed to the internal hard drive during each use was thus removed on reboot. (This type of configuration is often used in universities for computer labs and or common area computers). The thinking was that this approach reduced risk of malware being permanently installed, so reduced risk of financial fraud.
Wrench
Wrench
Re: Dedicated Financial Computer Master Thread
Thanksdual wrote: Sat Mar 23, 2024 2:25 pm I think it will be hard to find someone from a financial company who is up on the latest Linux systems.
I would like to think the financial company has qualified IT people on their payroll. Whether they use them to determine who is liable in case of a breach is a different question