Can you have other sites open when doing financial transactions?
Can you have other sites open when doing financial transactions?
If you are doing financial transactions, say, on Vanguard or Fidelity, is it alright to have other websites open on the same browser? Like Youtube, or news sites, or any random site really. I read that sites can track your browsing activity across an entire session and was curious if there was any security benefit to clearing cookies/cache and only having one financial site open while trading?
Re: Can you have other sites open when doing financial transactions?
I sure hope you can. I always have a bazillion tabs open no matter what I'm doing
Re: Can you have other sites open when doing financial transactions?
I generally use a different browser for financial sites but as far as I know, you can have other tabs open. Tracking can also be done across browsers but probably not devices if the device is totally isolated. I I were really paranoid I'd do all my financial stuff in a virtual machine but I don't. I only go into VG once a month generally.
When you discover that you are riding a dead horse, the best strategy is to dismount.
Re: Can you have other sites open when doing financial transactions?
I just don't understand internet architecture well enough to know what's possible or not. But, for example, often I'll be browsing something, and then like a few clicks later, some site like the NYT will show me an ad that's tailored to what I was browsing, which I really dislike. So I was wondering if they can see exactly what sites you visit, what's to stop a malicious cookie/tracker from reading the passwords you enter, your usernames, etc.?
Re: Can you have other sites open when doing financial transactions?
Yes, it is alright to have other websites open. What you read about sites tracking browsing activity is referring to tracking which websites you visit, for advertising purposes. Websites are not reading what is on your screen at Vanguard, or recording what you type on your keyboard.
This is an issue you don't need to worry about. The developers of web browsers have thought about these issues decades ago. (EDIT: and they continue to improve security, close new security holes, which is why it's important to let your browser update itself). If it wasn't safe to use financial sites, then why would the financial companies even have websites?
There are privacy benefits to clearing cookies/cache. But no security benefits.
This is an issue you don't need to worry about. The developers of web browsers have thought about these issues decades ago. (EDIT: and they continue to improve security, close new security holes, which is why it's important to let your browser update itself). If it wasn't safe to use financial sites, then why would the financial companies even have websites?
There are privacy benefits to clearing cookies/cache. But no security benefits.
Last edited by Unhandled on Mon Sep 30, 2024 10:26 am, edited 1 time in total.
Re: Can you have other sites open when doing financial transactions?
No need to close anything. You can have other tabs and windows open and be fine.Caduceus wrote: ↑Mon Sep 30, 2024 10:11 am If you are doing financial transactions, say, on Vanguard or Fidelity, is it alright to have other websites open on the same browser? Like Youtube, or news sites, or any random site really. I read that sites can track your browsing activity across an entire session and was curious if there was any security benefit to clearing cookies/cache and only having one financial site open while trading?
Crom laughs at your Four Winds
Re: Can you have other sites open when doing financial transactions?
The session is encrypted so unless there is malware on your system, I think the PWs are safe (assuming you don't keep them on the computer except in a PW manager). The rest of your concerns seem to be more privacy oriented than security. Different issues and possibly different solutions if a concern.Caduceus wrote: ↑Mon Sep 30, 2024 10:21 am I just don't understand internet architecture well enough to know what's possible or not. But, for example, often I'll be browsing something, and then like a few clicks later, some site like the NYT will show me an ad that's tailored to what I was browsing, which I really dislike. So I was wondering if they can see exactly what sites you visit, what's to stop a malicious cookie/tracker from reading the passwords you enter, your usernames, etc.?
When you discover that you are riding a dead horse, the best strategy is to dismount.
- Clever_Username
- Posts: 2148
- Joined: Sun Jul 15, 2012 12:24 am
- Location: California
Re: Can you have other sites open when doing financial transactions?
I keep meaning to take an old computer, clear it entirely and put a fresh Ubuntu install, and make it a computer I use for financial websites (banks, Vanguard, Fidelity) and only those. Oddly, this would have been easier in the era of KVM switches, but nevermind that now. I might still get around to doing that soon.
Anyway, yes, I keep other tabs open; as has been pointed out, this is not ideal from a privacy view but I don't worry about it as a security issue.
Anyway, yes, I keep other tabs open; as has been pointed out, this is not ideal from a privacy view but I don't worry about it as a security issue.
"What was true then is true now. Have a plan. Stick to it." -- XXXX, _Layer Cake_ |
|
I survived my first downturn and all I got was this signature line.
Re: Can you have other sites open when doing financial transactions?
On some things I am beyond obsessive to the nth degree. Not so with this type of Computer Financial security. I feel safe using passwords that I have no idea what they are But which are located in my password Software And using 2 factor authorizations. When I'm logging into these financial websites I am always having Many other Browser tabs open to other things.
Above provided by: Vinny, who always says: "I only regret that I have but one lap to give to my cats." AND "I'm a more-is-more person."
Re: Can you have other sites open when doing financial transactions?
There is such a thing as cross site scripting, but this is mostly having code from a questionable site trying to retrieve data from a legitimate site. Browsers have also been constructed to prevent this sort of attack, It's perfectly safe to have Fidelity and Vanguard on separate tabs. Safe or not, it's probably not a good idea to surf your financial site while surfing questionable sites, so you may accidently enter information on the wrong tab.
- nisiprius
- Advisory Board
- Posts: 53863
- Joined: Thu Jul 26, 2007 9:33 am
- Location: The terrestrial, globular, planetary hunk of matter, flattened at the poles, is my abode.--O. Henry
Re: Can you have other sites open when doing financial transactions?
I don't worry about it.
I think the "close your browser" cautions refer to the situation where you are using a computer in a physically unsecured situation--at work, at a library, in a hotel business center or a table in the lobby, etc. where closing the window might somehow still leave you logged in. And theoretically someone could pull down the browsing history tab, see where you'd been, and re-open a connection to a financial website.
Having a dedicated financial computer is one of those ideas that's easy to say but seems extreme to do. Plus it's hard to separate the truly trusted sites from the oughta-be-but-are-they sites. Do you access the electric, gas, and internet companies for paying your bills on the "secure" computer or the "regular" computer?
Having a separate, dedicated user account on the same computer, i.e. FinancialNisi and SocialNisi, at least wouldn't cost anything. Depending how good the OS is at enforcing user security it might provide marginally more protection. I don't actually do that, it's just a random idea that occurred to me.
Years ago I had the bright idea of removing Administrator status from "main" account that my Mac boots into (after setting up a new account with Administrator status), and basically it was a slow-moving disaster. It turns out that the first account on MacOS is special, is numbered 501, and is different from any other admin account, and... well, don't get me started.
I think the "close your browser" cautions refer to the situation where you are using a computer in a physically unsecured situation--at work, at a library, in a hotel business center or a table in the lobby, etc. where closing the window might somehow still leave you logged in. And theoretically someone could pull down the browsing history tab, see where you'd been, and re-open a connection to a financial website.
Having a dedicated financial computer is one of those ideas that's easy to say but seems extreme to do. Plus it's hard to separate the truly trusted sites from the oughta-be-but-are-they sites. Do you access the electric, gas, and internet companies for paying your bills on the "secure" computer or the "regular" computer?
Having a separate, dedicated user account on the same computer, i.e. FinancialNisi and SocialNisi, at least wouldn't cost anything. Depending how good the OS is at enforcing user security it might provide marginally more protection. I don't actually do that, it's just a random idea that occurred to me.
Years ago I had the bright idea of removing Administrator status from "main" account that my Mac boots into (after setting up a new account with Administrator status), and basically it was a slow-moving disaster. It turns out that the first account on MacOS is special, is numbered 501, and is different from any other admin account, and... well, don't get me started.
Annual income twenty pounds, annual expenditure nineteen nineteen and six, result happiness; Annual income twenty pounds, annual expenditure twenty pounds ought and six, result misery.
Re: Can you have other sites open when doing financial transactions?
We do have room for you at the Windows Inn!nisiprius wrote: ↑Mon Sep 30, 2024 2:14 pm I don't worry about it.
I think the "close your browser" cautions refer to the situation where you are using a computer in a physically unsecured situation--at work, at a library, in a hotel business center or a table in the lobby, etc. where closing the window might somehow still leave you logged in. And theoretically someone could pull down the browsing history tab, see where you'd been, and re-open a connection to a financial website.
Having a dedicated financial computer is one of those ideas that's easy to say but seems extreme to do. Plus it's hard to separate the truly trusted sites from the oughta-be-but-are-they sites. Do you access the electric, gas, and internet companies for paying your bills on the "secure" computer or the "regular" computer?
Having a separate, dedicated user account on the same computer, i.e. FinancialNisi and SocialNisi, at least wouldn't cost anything. Depending how good the OS is at enforcing user security it might provide marginally more protection. I don't actually do that, it's just a random idea that occurred to me.
Years ago I had the bright idea of removing Administrator status from "main" account that my Mac boots into (after setting up a new account with Administrator status), and basically it was a slow-moving disaster. It turns out that the first account on MacOS is special, is numbered 501, and is different from any other admin account, and... well, don't get me started.
Above provided by: Vinny, who always says: "I only regret that I have but one lap to give to my cats." AND "I'm a more-is-more person."
Re: Can you have other sites open when doing financial transactions?
I really like the Vivaldi browser. It lets you have a group of collections of tabs. I have one group for financial. Opens up broker and banking tabs and things I look at like Treasury direct etc. Vivaldi also by default limits or blocks tracking cookies and ads. As others say this is more of a privacy than security advantage.
Re: Can you have other sites open when doing financial transactions?
You are right. I also want to add that using someone else's machine (to do anything sensitive) is the #1 "don't" on my personal security list of "dos and don'ts." The owner of that machine has complete control of it, and can see whatever they want regarding your activity. Even barring anything malicious, the owner of that machine might just have it configured poorly (e.g. with security features turned off, OS and applications not up-to-date). My concise list...
My #2 is meant to prevent what the OP is concerned about. Like Unhandled said:1. Don't access your accounts from a machine that you don't own and maintain. Corollary: Don't allow other people to physically access your machine.
2. Keep your machine's operating system and browser updated.
3. Use a password manager to create and safely store unique, random 20+ character passwords and security question answers for each account.
4. Turn on 2FA for personal email and financial accounts.
5. Have a disaster recovery plan including proper backups of account information and credentials.
Re: Can you have other sites open when doing financial transactions?
For a moment there I thought I was back in a music topic!B88 wrote: ↑Mon Sep 30, 2024 2:38 pm I really like the Vivaldi browser. It lets you have a group of collections of tabs. I have one group for financial. Opens up broker and banking tabs and things I look at like Treasury direct etc. Vivaldi also by default limits or blocks tracking cookies and ads. As others say this is more of a privacy than security advantage.
Above provided by: Vinny, who always says: "I only regret that I have but one lap to give to my cats." AND "I'm a more-is-more person."
- Clever_Username
- Posts: 2148
- Joined: Sun Jul 15, 2012 12:24 am
- Location: California
Re: Can you have other sites open when doing financial transactions?
The caution on the separate computer is well received. Thank you. I might decide to not do this after all.nisiprius wrote: ↑Mon Sep 30, 2024 2:14 pm Having a dedicated financial computer is one of those ideas that's easy to say but seems extreme to do. Plus it's hard to separate the truly trusted sites from the oughta-be-but-are-they sites. Do you access the electric, gas, and internet companies for paying your bills on the "secure" computer or the "regular" computer?
Having a separate, dedicated user account on the same computer, i.e. FinancialNisi and SocialNisi, at least wouldn't cost anything. Depending how good the OS is at enforcing user security it might provide marginally more protection. I don't actually do that, it's just a random idea that occurred to me.
Years ago I had the bright idea of removing Administrator status from "main" account that my Mac boots into (after setting up a new account with Administrator status), and basically it was a slow-moving disaster. It turns out that the first account on MacOS is special, is numbered 501, and is different from any other admin account, and... well, don't get me started.
I have long since removed Admin access from my main account on my computers, but I use Windows and Linux, so I haven't encountered the MacOS issue you describe.
"What was true then is true now. Have a plan. Stick to it." -- XXXX, _Layer Cake_ |
|
I survived my first downturn and all I got was this signature line.
Re: Can you have other sites open when doing financial transactions?
Interesting about the MacOS admin status. When I got my Mac Air, I decided to create an admin account and remove admin from my main account. I didn't encountered any issues though. May be they fixed this in later version of MacOS?nisiprius wrote: ↑Mon Sep 30, 2024 2:14 pm I don't worry about it.
I think the "close your browser" cautions refer to the situation where you are using a computer in a physically unsecured situation--at work, at a library, in a hotel business center or a table in the lobby, etc. where closing the window might somehow still leave you logged in. And theoretically someone could pull down the browsing history tab, see where you'd been, and re-open a connection to a financial website.
Having a dedicated financial computer is one of those ideas that's easy to say but seems extreme to do. Plus it's hard to separate the truly trusted sites from the oughta-be-but-are-they sites. Do you access the electric, gas, and internet companies for paying your bills on the "secure" computer or the "regular" computer?
Having a separate, dedicated user account on the same computer, i.e. FinancialNisi and SocialNisi, at least wouldn't cost anything. Depending how good the OS is at enforcing user security it might provide marginally more protection. I don't actually do that, it's just a random idea that occurred to me.
Years ago I had the bright idea of removing Administrator status from "main" account that my Mac boots into (after setting up a new account with Administrator status), and basically it was a slow-moving disaster. It turns out that the first account on MacOS is special, is numbered 501, and is different from any other admin account, and... well, don't get me started.
Your idea of separate work better on something like ChromeOS, where each login is more isolated. For example, there is no way for one account to write to the storage of a different account on the same chrome device. There is even a guess mode that erases everything when you exit, but may be a pain to use because then you will need to setup the password manager each time.
-
- Posts: 1494
- Joined: Thu Apr 22, 2021 3:29 pm
Re: Can you have other sites open when doing financial transactions?
Sounds like you need an ad-blocker. Ads are often vectors for malware. (Apparently even if you don't click on them...as long as javascript is running on the site, which is the default these days.)Caduceus wrote: ↑Mon Sep 30, 2024 10:21 am I just don't understand internet architecture well enough to know what's possible or not. But, for example, often I'll be browsing something, and then like a few clicks later, some site like the NYT will show me an ad that's tailored to what I was browsing, which I really dislike.
Security types can check my above comment for accuracy, but even if that is not the case, the clutter of modern websirtes makes it easy to click on an ad without realizing it.