Can you have other sites open when doing financial transactions?

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
Post Reply
Topic Author
Caduceus
Posts: 3608
Joined: Mon Sep 17, 2012 1:47 am

Can you have other sites open when doing financial transactions?

Post by Caduceus »

If you are doing financial transactions, say, on Vanguard or Fidelity, is it alright to have other websites open on the same browser? Like Youtube, or news sites, or any random site really. I read that sites can track your browsing activity across an entire session and was curious if there was any security benefit to clearing cookies/cache and only having one financial site open while trading?
Tamalak
Posts: 2153
Joined: Fri May 06, 2016 2:29 pm

Re: Can you have other sites open when doing financial transactions?

Post by Tamalak »

I sure hope you can. I always have a bazillion tabs open no matter what I'm doing :D
jebmke
Posts: 28802
Joined: Thu Apr 05, 2007 2:44 pm
Location: Delmarva Peninsula

Re: Can you have other sites open when doing financial transactions?

Post by jebmke »

I generally use a different browser for financial sites but as far as I know, you can have other tabs open. Tracking can also be done across browsers but probably not devices if the device is totally isolated. I I were really paranoid I'd do all my financial stuff in a virtual machine but I don't. I only go into VG once a month generally.
When you discover that you are riding a dead horse, the best strategy is to dismount.
Topic Author
Caduceus
Posts: 3608
Joined: Mon Sep 17, 2012 1:47 am

Re: Can you have other sites open when doing financial transactions?

Post by Caduceus »

I just don't understand internet architecture well enough to know what's possible or not. But, for example, often I'll be browsing something, and then like a few clicks later, some site like the NYT will show me an ad that's tailored to what I was browsing, which I really dislike. So I was wondering if they can see exactly what sites you visit, what's to stop a malicious cookie/tracker from reading the passwords you enter, your usernames, etc.?
Unhandled
Posts: 81
Joined: Fri Dec 11, 2015 8:28 am
Location: Virginia

Re: Can you have other sites open when doing financial transactions?

Post by Unhandled »

Yes, it is alright to have other websites open. What you read about sites tracking browsing activity is referring to tracking which websites you visit, for advertising purposes. Websites are not reading what is on your screen at Vanguard, or recording what you type on your keyboard.

This is an issue you don't need to worry about. The developers of web browsers have thought about these issues decades ago. (EDIT: and they continue to improve security, close new security holes, which is why it's important to let your browser update itself). If it wasn't safe to use financial sites, then why would the financial companies even have websites?

There are privacy benefits to clearing cookies/cache. But no security benefits.
Last edited by Unhandled on Mon Sep 30, 2024 10:26 am, edited 1 time in total.
muffins14
Posts: 6747
Joined: Wed Oct 26, 2016 4:14 am
Location: New York

Re: Can you have other sites open when doing financial transactions?

Post by muffins14 »

Caduceus wrote: Mon Sep 30, 2024 10:11 am If you are doing financial transactions, say, on Vanguard or Fidelity, is it alright to have other websites open on the same browser? Like Youtube, or news sites, or any random site really. I read that sites can track your browsing activity across an entire session and was curious if there was any security benefit to clearing cookies/cache and only having one financial site open while trading?
No need to close anything. You can have other tabs and windows open and be fine.
Crom laughs at your Four Winds
jebmke
Posts: 28802
Joined: Thu Apr 05, 2007 2:44 pm
Location: Delmarva Peninsula

Re: Can you have other sites open when doing financial transactions?

Post by jebmke »

Caduceus wrote: Mon Sep 30, 2024 10:21 am I just don't understand internet architecture well enough to know what's possible or not. But, for example, often I'll be browsing something, and then like a few clicks later, some site like the NYT will show me an ad that's tailored to what I was browsing, which I really dislike. So I was wondering if they can see exactly what sites you visit, what's to stop a malicious cookie/tracker from reading the passwords you enter, your usernames, etc.?
The session is encrypted so unless there is malware on your system, I think the PWs are safe (assuming you don't keep them on the computer except in a PW manager). The rest of your concerns seem to be more privacy oriented than security. Different issues and possibly different solutions if a concern.
When you discover that you are riding a dead horse, the best strategy is to dismount.
User avatar
Clever_Username
Posts: 2148
Joined: Sun Jul 15, 2012 12:24 am
Location: California

Re: Can you have other sites open when doing financial transactions?

Post by Clever_Username »

I keep meaning to take an old computer, clear it entirely and put a fresh Ubuntu install, and make it a computer I use for financial websites (banks, Vanguard, Fidelity) and only those. Oddly, this would have been easier in the era of KVM switches, but nevermind that now. I might still get around to doing that soon.

Anyway, yes, I keep other tabs open; as has been pointed out, this is not ideal from a privacy view but I don't worry about it as a security issue.
"What was true then is true now. Have a plan. Stick to it." -- XXXX, _Layer Cake_ | | I survived my first downturn and all I got was this signature line.
User avatar
yankees60
Posts: 5913
Joined: Sat Jul 31, 2010 8:50 pm
Location: Massachusetts

Re: Can you have other sites open when doing financial transactions?

Post by yankees60 »

On some things I am beyond obsessive to the nth degree. Not so with this type of Computer Financial security. I feel safe using passwords that I have no idea what they are But which are located in my password Software And using 2 factor authorizations. When I'm logging into these financial websites I am always having Many other Browser tabs open to other things.
Above provided by: Vinny, who always says: "I only regret that I have but one lap to give to my cats." AND "I'm a more-is-more person."
gavinsiu
Posts: 6011
Joined: Sun Nov 14, 2021 11:42 am

Re: Can you have other sites open when doing financial transactions?

Post by gavinsiu »

There is such a thing as cross site scripting, but this is mostly having code from a questionable site trying to retrieve data from a legitimate site. Browsers have also been constructed to prevent this sort of attack, It's perfectly safe to have Fidelity and Vanguard on separate tabs. Safe or not, it's probably not a good idea to surf your financial site while surfing questionable sites, so you may accidently enter information on the wrong tab.
User avatar
nisiprius
Advisory Board
Posts: 53863
Joined: Thu Jul 26, 2007 9:33 am
Location: The terrestrial, globular, planetary hunk of matter, flattened at the poles, is my abode.--O. Henry

Re: Can you have other sites open when doing financial transactions?

Post by nisiprius »

I don't worry about it.

I think the "close your browser" cautions refer to the situation where you are using a computer in a physically unsecured situation--at work, at a library, in a hotel business center or a table in the lobby, etc. where closing the window might somehow still leave you logged in. And theoretically someone could pull down the browsing history tab, see where you'd been, and re-open a connection to a financial website.

Having a dedicated financial computer is one of those ideas that's easy to say but seems extreme to do. Plus it's hard to separate the truly trusted sites from the oughta-be-but-are-they sites. Do you access the electric, gas, and internet companies for paying your bills on the "secure" computer or the "regular" computer?

Having a separate, dedicated user account on the same computer, i.e. FinancialNisi and SocialNisi, at least wouldn't cost anything. Depending how good the OS is at enforcing user security it might provide marginally more protection. I don't actually do that, it's just a random idea that occurred to me.

Years ago I had the bright idea of removing Administrator status from "main" account that my Mac boots into (after setting up a new account with Administrator status), and basically it was a slow-moving disaster. It turns out that the first account on MacOS is special, is numbered 501, and is different from any other admin account, and... well, don't get me started.
Annual income twenty pounds, annual expenditure nineteen nineteen and six, result happiness; Annual income twenty pounds, annual expenditure twenty pounds ought and six, result misery.
User avatar
yankees60
Posts: 5913
Joined: Sat Jul 31, 2010 8:50 pm
Location: Massachusetts

Re: Can you have other sites open when doing financial transactions?

Post by yankees60 »

nisiprius wrote: Mon Sep 30, 2024 2:14 pm I don't worry about it.

I think the "close your browser" cautions refer to the situation where you are using a computer in a physically unsecured situation--at work, at a library, in a hotel business center or a table in the lobby, etc. where closing the window might somehow still leave you logged in. And theoretically someone could pull down the browsing history tab, see where you'd been, and re-open a connection to a financial website.

Having a dedicated financial computer is one of those ideas that's easy to say but seems extreme to do. Plus it's hard to separate the truly trusted sites from the oughta-be-but-are-they sites. Do you access the electric, gas, and internet companies for paying your bills on the "secure" computer or the "regular" computer?

Having a separate, dedicated user account on the same computer, i.e. FinancialNisi and SocialNisi, at least wouldn't cost anything. Depending how good the OS is at enforcing user security it might provide marginally more protection. I don't actually do that, it's just a random idea that occurred to me.

Years ago I had the bright idea of removing Administrator status from "main" account that my Mac boots into (after setting up a new account with Administrator status), and basically it was a slow-moving disaster. It turns out that the first account on MacOS is special, is numbered 501, and is different from any other admin account, and... well, don't get me started.
We do have room for you at the Windows Inn!
Above provided by: Vinny, who always says: "I only regret that I have but one lap to give to my cats." AND "I'm a more-is-more person."
User avatar
B88
Posts: 77
Joined: Sun Apr 14, 2024 8:05 pm

Re: Can you have other sites open when doing financial transactions?

Post by B88 »

I really like the Vivaldi browser. It lets you have a group of collections of tabs. I have one group for financial. Opens up broker and banking tabs and things I look at like Treasury direct etc. Vivaldi also by default limits or blocks tracking cookies and ads. As others say this is more of a privacy than security advantage.
User avatar
warner25
Posts: 1102
Joined: Wed Oct 29, 2014 4:38 pm

Re: Can you have other sites open when doing financial transactions?

Post by warner25 »

nisiprius wrote: Mon Sep 30, 2024 2:14 pm I think the "close your browser" cautions refer to the situation where you are using a computer in a physically unsecured situation--at work, at a library, in a hotel business center or a table in the lobby, etc. where...
You are right. I also want to add that using someone else's machine (to do anything sensitive) is the #1 "don't" on my personal security list of "dos and don'ts." The owner of that machine has complete control of it, and can see whatever they want regarding your activity. Even barring anything malicious, the owner of that machine might just have it configured poorly (e.g. with security features turned off, OS and applications not up-to-date). My concise list...
1. Don't access your accounts from a machine that you don't own and maintain. Corollary: Don't allow other people to physically access your machine.
2. Keep your machine's operating system and browser updated.
3. Use a password manager to create and safely store unique, random 20+ character passwords and security question answers for each account.
4. Turn on 2FA for personal email and financial accounts.
5. Have a disaster recovery plan including proper backups of account information and credentials.
My #2 is meant to prevent what the OP is concerned about. Like Unhandled said:
Unhandled wrote: Mon Sep 30, 2024 10:23 am...The developers of web browsers have thought about these issues decades ago. (EDIT: and they continue to improve security, close new security holes, which is why it's important to let your browser update itself)...
User avatar
yankees60
Posts: 5913
Joined: Sat Jul 31, 2010 8:50 pm
Location: Massachusetts

Re: Can you have other sites open when doing financial transactions?

Post by yankees60 »

B88 wrote: Mon Sep 30, 2024 2:38 pm I really like the Vivaldi browser. It lets you have a group of collections of tabs. I have one group for financial. Opens up broker and banking tabs and things I look at like Treasury direct etc. Vivaldi also by default limits or blocks tracking cookies and ads. As others say this is more of a privacy than security advantage.
For a moment there I thought I was back in a music topic!
Above provided by: Vinny, who always says: "I only regret that I have but one lap to give to my cats." AND "I'm a more-is-more person."
User avatar
Clever_Username
Posts: 2148
Joined: Sun Jul 15, 2012 12:24 am
Location: California

Re: Can you have other sites open when doing financial transactions?

Post by Clever_Username »

nisiprius wrote: Mon Sep 30, 2024 2:14 pm Having a dedicated financial computer is one of those ideas that's easy to say but seems extreme to do. Plus it's hard to separate the truly trusted sites from the oughta-be-but-are-they sites. Do you access the electric, gas, and internet companies for paying your bills on the "secure" computer or the "regular" computer?

Having a separate, dedicated user account on the same computer, i.e. FinancialNisi and SocialNisi, at least wouldn't cost anything. Depending how good the OS is at enforcing user security it might provide marginally more protection. I don't actually do that, it's just a random idea that occurred to me.

Years ago I had the bright idea of removing Administrator status from "main" account that my Mac boots into (after setting up a new account with Administrator status), and basically it was a slow-moving disaster. It turns out that the first account on MacOS is special, is numbered 501, and is different from any other admin account, and... well, don't get me started.
The caution on the separate computer is well received. Thank you. I might decide to not do this after all.

I have long since removed Admin access from my main account on my computers, but I use Windows and Linux, so I haven't encountered the MacOS issue you describe.
"What was true then is true now. Have a plan. Stick to it." -- XXXX, _Layer Cake_ | | I survived my first downturn and all I got was this signature line.
gavinsiu
Posts: 6011
Joined: Sun Nov 14, 2021 11:42 am

Re: Can you have other sites open when doing financial transactions?

Post by gavinsiu »

nisiprius wrote: Mon Sep 30, 2024 2:14 pm I don't worry about it.

I think the "close your browser" cautions refer to the situation where you are using a computer in a physically unsecured situation--at work, at a library, in a hotel business center or a table in the lobby, etc. where closing the window might somehow still leave you logged in. And theoretically someone could pull down the browsing history tab, see where you'd been, and re-open a connection to a financial website.

Having a dedicated financial computer is one of those ideas that's easy to say but seems extreme to do. Plus it's hard to separate the truly trusted sites from the oughta-be-but-are-they sites. Do you access the electric, gas, and internet companies for paying your bills on the "secure" computer or the "regular" computer?

Having a separate, dedicated user account on the same computer, i.e. FinancialNisi and SocialNisi, at least wouldn't cost anything. Depending how good the OS is at enforcing user security it might provide marginally more protection. I don't actually do that, it's just a random idea that occurred to me.

Years ago I had the bright idea of removing Administrator status from "main" account that my Mac boots into (after setting up a new account with Administrator status), and basically it was a slow-moving disaster. It turns out that the first account on MacOS is special, is numbered 501, and is different from any other admin account, and... well, don't get me started.
Interesting about the MacOS admin status. When I got my Mac Air, I decided to create an admin account and remove admin from my main account. I didn't encountered any issues though. May be they fixed this in later version of MacOS?

Your idea of separate work better on something like ChromeOS, where each login is more isolated. For example, there is no way for one account to write to the storage of a different account on the same chrome device. There is even a guess mode that erases everything when you exit, but may be a pain to use because then you will need to setup the password manager each time.
roamingzebra
Posts: 1494
Joined: Thu Apr 22, 2021 3:29 pm

Re: Can you have other sites open when doing financial transactions?

Post by roamingzebra »

Caduceus wrote: Mon Sep 30, 2024 10:21 am I just don't understand internet architecture well enough to know what's possible or not. But, for example, often I'll be browsing something, and then like a few clicks later, some site like the NYT will show me an ad that's tailored to what I was browsing, which I really dislike.
Sounds like you need an ad-blocker. Ads are often vectors for malware. (Apparently even if you don't click on them...as long as javascript is running on the site, which is the default these days.)

Security types can check my above comment for accuracy, but even if that is not the case, the clutter of modern websirtes makes it easy to click on an ad without realizing it.
Post Reply