What specific changes have you made post-Equifax?

Non-investing personal finance issues including insurance, credit, real estate, taxes, employment and legal issues such as trusts and wills
letsgobobby
Posts: 10697
Joined: Fri Sep 18, 2009 1:10 am

What specific changes have you made post-Equifax?

Post by letsgobobby » Mon Oct 09, 2017 5:44 pm

In the several long threads about Equifax I got lost as to the specific changes folks have made, and/or think are worth making. I'll list what I've done but hope I can do more.

What I had already done:
- 2 factor authentication at Fidelity
- voice verification at Vanguard
- all passwords long and random using password manager, which exists only on my desktop
- with the exception of one bank, I never access websites using any device but my desktop. With this bank (Chase) I have 2FA set up (but it bypasses it on recognized devices).

What I have done since:
- added 2 factor authentication and voice verification at TIAA and NYSaves 529
- changed passwords at any account with any significant money in it
- froze credit at Innovis, ChexSystems, Equifax
- I've been checking all account balances several times per week but hope this doesn't have to continue indefinitely

What I still plan to do:
- try to minimize my tax refund this year. It is difficult to do because my income is highly variable.
- freeze my credit at Experian and Transunion. I'm waiting til it's free, either by policy or by law. I'll give it til the end of 2017.
- explored 2FA with vanguard, however it looks like I have to purchase some kind of USB key. I'm not sure how complicated that is

What other specific steps should I take?

denovo
Posts: 3524
Joined: Sun Oct 13, 2013 1:04 pm

Re: What specific changes have you made post-Equifax?

Post by denovo » Mon Oct 09, 2017 5:47 pm

I think you've covered all the bases.

User avatar
jhfenton
Posts: 2285
Joined: Sat Feb 07, 2015 11:17 am
Location: Ohio

Re: What specific changes have you made post-Equifax?

Post by jhfenton » Mon Oct 09, 2017 5:51 pm

Already Done:

* Follow best available practices for each financial account, email account, and electronic device (the best available varies by provider)

Done Since:

* Froze Equifax, Experian, Innovis, ChexSystems
* Credit Lock at TransUnion

Haven't Done (for example):

* Enable USB key on Vanguard - as long as they always allow SMS fallback for access, then using the USB key is pointless

Going Forward:

* Update security practices as providers roll out better options (e.g., non-SMS 2FA)

livesoft
Posts: 57283
Joined: Thu Mar 01, 2007 8:00 pm

Re: What specific changes have you made post-Equifax?

Post by livesoft » Mon Oct 09, 2017 5:57 pm

Nothing. We've made absolutely no changes.
This signature message sponsored by sscritic: Learn to fish.

User avatar
nisiprius
Advisory Board
Posts: 34353
Joined: Thu Jul 26, 2007 9:33 am
Location: The terrestrial, globular, planetary hunk of matter, flattened at the poles, is my abode.--O. Henry

Re: What specific changes have you made post-Equifax?

Post by nisiprius » Mon Oct 09, 2017 6:13 pm

I had already frozen my Equifax, Experian, and Transunion accounts a couple of years ago.

Post-Equifax my wife froze her accounts, which she hadn't done, and I froze my accounts with Innovis and ChexSystems. I turned on two-factor authentication at Vanguard.

I have started to worry more about it all, but that's not a change I've made, it's a change Equifax has made in me.
Annual income twenty pounds, annual expenditure nineteen nineteen and six, result happiness; Annual income twenty pounds, annual expenditure twenty pounds ought and six, result misery.

2015
Posts: 977
Joined: Mon Feb 10, 2014 2:32 pm

Re: What specific changes have you made post-Equifax?

Post by 2015 » Mon Oct 09, 2017 6:33 pm

letsgobobby wrote:
Mon Oct 09, 2017 5:44 pm
In the several long threads about Equifax I got lost as to the specific changes folks have made, and/or think are worth making. I'll list what I've done but hope I can do more.

What I had already done:
- 2 factor authentication at Fidelity
- voice verification at Vanguard
- all passwords long and random using password manager, which exists only on my desktop
- with the exception of one bank, I never access websites using any device but my desktop. With this bank (Chase) I have 2FA set up (but it bypasses it on recognized devices).

What I have done since:
- added 2 factor authentication and voice verification at TIAA and NYSaves 529
- changed passwords at any account with any significant money in it
- froze credit at Innovis, ChexSystems, Equifax
- I've been checking all account balances several times per week but hope this doesn't have to continue indefinitely

What I still plan to do:
- try to minimize my tax refund this year. It is difficult to do because my income is highly variable.
- freeze my credit at Experian and Transunion. I'm waiting til it's free, either by policy or by law. I'll give it til the end of 2017.
- explored 2FA with vanguard, however it looks like I have to purchase some kind of USB key. I'm not sure how complicated that is

What other specific steps should I take?
I have done all of the above and also changed all of my security answers, pin codes, secret pass phrases, etc. to jibberish and entered the questions/answers into the notes section of my password manager for each account. As I've stated before, I only access financial accounts in Avast's BankMode on my laptop, and when I close the session, it's as if it never happened. I also access no accounts on any other device.

I am also in the process of fortifying my email dedicated strictly to financial accounts. I am migrating my hotmail dedicated solely to financial accounts to Gmail and will use that account with a Yubikey in order to thwart the possibility of hackers hijacking my phone and using social engineering to gain access to and lock me out of my financial accounts. My rationale is explained in this post (be sure to look at the link embedded in that post for an explanation of the process; beyond the task of having to migrate all emails from hotmail to gmail, the Yubikey setup really doesn't seem all that hard to me):

viewtopic.php?f=11&t=229254&p=3563121#p3563121

User avatar
Tycoon
Posts: 1100
Joined: Wed Mar 28, 2012 7:06 pm

Re: What specific changes have you made post-Equifax?

Post by Tycoon » Mon Oct 09, 2017 6:40 pm

I've done nothing.
...I might be just beginning | I might be near the end. Enya | | C'est la vie

littlebird
Posts: 1268
Joined: Sat Apr 10, 2010 6:05 pm
Location: Valley of the Sun, AZ

Re: What specific changes have you made post-Equifax?

Post by littlebird » Mon Oct 09, 2017 6:46 pm

Nothing. Completely unimpressed by recommendations of media.

Achelois
Posts: 118
Joined: Sun Jul 10, 2011 12:50 pm

Re: What specific changes have you made post-Equifax?

Post by Achelois » Mon Oct 09, 2017 6:55 pm

The only thing I have done after learning of the Equifax disaster was to freeze my credit at Equifax, Experian, Transunion, Innovis and Chex.

I already had two-factor authentication at Vanguard and the restricted device enabled. I will look into the voice recognition thing as well now. I make my passwords as long as the site will allow and they are site-specific. I check my balance every day.

I have 2FA enabled at Amazon/Audible and Itunes.

I already had alerts set up at my credit card to alert me whenever any charge is made. Also they will require a confirmation call over a certain transaction amount.

My bank doesn’t have 2FA for every time I log on, but will require a code it the device is not recognized. I check my balances every other day.

I enabled an extra security layer at my phone carrier—an 8 digit numerical code required for any account changes or functions, even bill pay.

I change passwords every month on everything. I tried using a password vault thing, but I am ashamed to say I couldn’t figure it out. Imay go back and change the answers to all my security questions as well.

Any suggestions on improving what I do are welcome. I am in my later 60s and not especially computer literate.

azurekep
Posts: 1013
Joined: Tue Jun 16, 2015 7:16 pm

Re: What specific changes have you made post-Equifax?

Post by azurekep » Mon Oct 09, 2017 8:27 pm

Achelois wrote:
Mon Oct 09, 2017 6:55 pm
I check my balance every day.
I think most people will advise against that. If you can do your banking/financial activities on a separate computer or in a VM (virtual machine), that would be preferable. Then, just log in when you need to.

There apparently also is a "banking mode" in browsers, I think. I've never come across that myself, but the concept is the same... segregating financial stuff and other, less sensitive activities.
I change passwords every month on everything. I tried using a password vault thing, but I am ashamed to say I couldn’t figure it out. Imay go back and change the answers to all my security questions as well.
"Best practices" these days (for what that's worth) is to not continually change one's password. It's preferable to create a good one and stick with it. There have been some threads on this. I'l leave it to others to provide the complete rationale as I've forgotten it. But at some level, it actually makes sense.
I am in my later 60s and not especially computer literate.
You've done a great job. Quite impressive.

Edit: Forgot this:
already had alerts set up at my credit card to alert me whenever any charge is made. Also they will require a confirmation call over a certain transaction amount.
Alerts can also be set up at many financial institutions for checking account transactions, ACHs, password changes, address changes, etc.

ztn
Posts: 27
Joined: Sat Mar 25, 2017 9:13 pm

Re: What specific changes have you made post-Equifax?

Post by ztn » Mon Oct 09, 2017 9:33 pm

- I had already frozen my credit > 10 years ago at Equifax, Experian and Trans Union. Last month I ordered my credit reports from Innovis and Chexsystems and then froze at both. Still waiting for the PIN's for the last two.
- Re-thought my use of emails as others have done. I now have one email account dedicated to financial activities, one email account dedicated to non-financial web-based subscriptions (Amazon, Ebay, etc.), one email account dedicated to personal correspondence, and one email account dedicated to business (or what remains of such activities post-FIRE).
- I signed up for a free Google Voice number and set it so it cannot be ported at all. I then changed all 2FA to the GV number and removed my cell number to eliminate the problem of losing access to any 2FA's if my cell number is ported unbeknownst to me or if I just lose my phone. I don't/won't use this GV number anywhere else.
- I had already set up a separate checking account for my automatic bill payments (utilities, etc.). Last month I removed the auto bill pay from the checking account and I now pay all bills through one credit card.
- I have 4 credit cards. One is now dedicated to paying monthly bills (see above). One is used for all web-based purchases or where I need a credit card saved in the app (Amazon, Uber, etc.). One I keep for in-store purchases. And one I keep 'clean' - not used at all unless one of the other cards 'breaks'.
- I presently do business with quite a number of banks and brokerages. I like diversification in my assets and with my business partners! I set up 2FA where I hadn't already done so. I downloaded Google Authenticator and Symantec VIP and used those where I could. I discovered that the brokerage relationship containing the most assets doesn't support 2FA! I am moving the assets out of there (hadn't done so earlier since it's an IRA and didn't want the aggravation).
- I had always used nonsense answers for my security questions such as mothers maiden name. No changes needed there.
- I established an account with the IRS and with my state's income tax dept. This way I should be in better control of any tax transactions (ie hijacked refunds).
- I attempted to set up an online account with SSA. My credit is frozen and the system locked me out so I'll soon go to the local Social Security office with my ID and establish the account in person.
- I set up alerts with all banks/brokers/credit cards where I could. I now get email alerts whenever I login, or have any transactions at all.
- I made copies of all of my id (license, passport, birth certificate), debit and credit cards. I scanned the copies and keep one on an encrypted flash drive in my safe deposit box and one in an encrypted flash drive at home. I also scanned a page listing all of my account numbers, id's and pw's and they are also kept in a file on both encrypted flash drives.
- Last year I organized my personal documents (statements, 1099s, tax returns). I now save each account monthly pdf statement and a copy also goes on the encrypted flash drive at home. Copies of all are also on my encrypted pc hard drive.

It might sound like a lot, but once everything is/was set up, it is quite routine now.

Longtermgrowth
Posts: 447
Joined: Thu Nov 26, 2015 1:59 pm

Re: What specific changes have you made post-Equifax?

Post by Longtermgrowth » Mon Oct 09, 2017 9:36 pm

Froze ChexSystems and Innovis. Locked TransUnion and Equifax. Fraud alert at Experian for now; hoping they will come out with a free lock option soon, so I don't have to freeze there (I'm not paying a monthly fee for access to the lock option, which is currently the only way to lock at Experian).
I'm trying to lock instead of freeze where possible, so low threat pulls can be made from employers and insurance companies. I don't want my insurance premiums going up as a nasty side effect of attempting to secure things.

Finally got around to the 5 year OptOutPrescreen as well.

investor997
Posts: 176
Joined: Tue Feb 07, 2017 3:23 pm

Re: What specific changes have you made post-Equifax?

Post by investor997 » Mon Oct 09, 2017 9:55 pm

Removed my cell phone number from all accounts (including Gmail) such that it can never be used as a password recovery mechanism.

wolf359
Posts: 1016
Joined: Sun Mar 15, 2015 8:47 am

Re: What specific changes have you made post-Equifax?

Post by wolf359 » Mon Oct 09, 2017 10:13 pm

letsgobobby wrote:
Mon Oct 09, 2017 5:44 pm
In the several long threads about Equifax I got lost as to the specific changes folks have made, and/or think are worth making. I'll list what I've done but hope I can do more.

What I had already done:
- 2 factor authentication at Fidelity
- voice verification at Vanguard
- all passwords long and random using password manager, which exists only on my desktop
- with the exception of one bank, I never access websites using any device but my desktop. With this bank (Chase) I have 2FA set up (but it bypasses it on recognized devices).

What I have done since:
- added 2 factor authentication and voice verification at TIAA and NYSaves 529
- changed passwords at any account with any significant money in it
- froze credit at Innovis, ChexSystems, Equifax
- I've been checking all account balances several times per week but hope this doesn't have to continue indefinitely

What I still plan to do:
- try to minimize my tax refund this year. It is difficult to do because my income is highly variable.
- freeze my credit at Experian and Transunion. I'm waiting til it's free, either by policy or by law. I'll give it til the end of 2017.
- explored 2FA with vanguard, however it looks like I have to purchase some kind of USB key. I'm not sure how complicated that is

What other specific steps should I take?
- Set up as many accounts as possible to text you alerts when there are payments or changes. This can be done at the brokerages, banks, credit cards, and some utilities. If an account address changes, or unusual activity occurs, you're notified immediately, without having to login to check the balances.
- File taxes early, or arrange to owe some money rather than getting a refund.
- You can file to get an IP PIN (Identity Protection PIN) if you live in DC, Georgia, or Florida, or if the IRS requires you to have one. Once you file with an IP PIN, you're filing with one forever. I'm not sure its worth the hassle unless someone is already using your identity.
- Sign up to monitor your credit at Credit Karma. Do this before signing up for credit freezes.
- Freeze credit at Experian and Transunion. It's only $20. Don't wait. The potential risk exceeds you saving $20. You may be able to get your money back by joining a class action lawsuit against Equifax, because you can prove a direct cost that you incurred in order to protect yourself against the Equifax breach. In any case, if someone commits identity theft before your protection is in place, the cost will greatly exceed $20 in time and hassle.
- Set up a specific e-mail account to use for all account verifications and administrative transactions. Don't use it for anything else. Protect it with 2-factor authentication.
- Buy a chromebook and dedicate its use to financial transactions. They' re cheap, pretty secure, and if you only use it for financial transactions, you'll minimize the chance that malware you pick up during your routine Internet usage will never affect your financial accounts.

MnD
Posts: 3089
Joined: Mon Jan 14, 2008 12:41 pm

Re: What specific changes have you made post-Equifax?

Post by MnD » Tue Oct 10, 2017 12:18 am

zero.zip.zilch.nada

User avatar
oldcomputerguy
Posts: 2099
Joined: Sun Nov 22, 2015 6:50 am
Location: In the middle of five acres of woods

Re: What specific changes have you made post-Equifax?

Post by oldcomputerguy » Tue Oct 10, 2017 5:06 am

I had already put 2FA in place on our Fidelity and Vanguard accounts (Fidelity uses Symantec VIP Access, Vanguard was set up prior with SMS text). Since the Equifax breach, I have enabled a Yubikey login on Vanguard. In addition, I have protected my Google account (as well as my Mint account and my Amazon login) with Google Authenticator, and have begun looking around for a local B&M bank that uses some sort of 2FA. There are not many, even that use SMS, and practically none use anything stronger, so I may end up abandoning a local bank and switching to Fidelity Cash Management for my banking needs.

I guess generally the Equifax breach has made me more cognizant of the need to protect oneself (read: more paranoid), which I suppose is a good thing in any case.
Anybody know why there's a 20-pound frozen turkey up in the light grid?

wolf359
Posts: 1016
Joined: Sun Mar 15, 2015 8:47 am

Re: What specific changes have you made post-Equifax?

Post by wolf359 » Tue Oct 10, 2017 5:51 am

For those who haven't made any changes, I'm curious as to why not? Do you already have protections in place? Do you think this whole getting your identity stolen thing is overhyped? Have you just not gotten around to it yet, but you plan to?

There's lots of difference even among the people who haven't taken any actions.

gd
Posts: 1231
Joined: Sun Nov 15, 2009 8:35 am
Location: MA, USA

Re: What specific changes have you made post-Equifax?

Post by gd » Tue Oct 10, 2017 5:58 am

You're doing all this stuff in direct response to the security breach, yet not doing the one thing most recommended (credit freeze) in the hope that eventually someone will pass a law that will allow you to do it free, thus saving you maybe $10?

My answer to your question: initiated credit freeze for spouse and I at the 4 credit rating services, didn't bother with the bank one. Had to pay $5 per person at one, and send a letter to another. Not quite sure what this has to do with account passwords, but I change those roughly once a year anyway.

DiggleRex
Posts: 168
Joined: Fri Sep 29, 2017 7:17 am

Re: What specific changes have you made post-Equifax?

Post by DiggleRex » Tue Oct 10, 2017 6:23 am

letsgobobby wrote:
Mon Oct 09, 2017 5:44 pm
- all passwords long and random using password manager, which exists only on my desktop
Just curious, which password manager, and how to ensure it exists only on desktop?

FedGuy
Posts: 1180
Joined: Sun Jul 25, 2010 3:36 pm

Re: What specific changes have you made post-Equifax?

Post by FedGuy » Tue Oct 10, 2017 6:32 am

I had already frozen my credit at the big three credit reporting agencies and gotten an IP PIN from the IRS, both following the OPM hack. I had also previously enabled two-factor authentication wherever possible and started using a password manager.

I didn't think I had much left to do after the most recent hack. I froze my credit at Innovis and Chex and activated all of the remaining "notify me when..." alerts at my bank so I can hopefully find out if someone is monkeying around with my account. Unfortunately, my bank doesn't use two-factor authentication and, while it allows me to set an alert anytime money is paid INTO my account, it doesn't have a corresponding alert for whenever money comes OUT of my account. I obviously don't like that. The bank otherwise works well for me and I'd rather not switch, but I'm thinking about it.

bklyn96
Posts: 113
Joined: Thu Apr 02, 2015 8:12 am

Re: What specific changes have you made post-Equifax?

Post by bklyn96 » Tue Oct 10, 2017 7:59 am

letsgobobby wrote:
Mon Oct 09, 2017 5:44 pm
....What other specific steps should I take?
I changed my PIN at Equifax's The Work Number after reading the KrebsOn Security article:

https://krebsonsecurity.com/2017/10/equ ... y-history/

goingup
Posts: 2838
Joined: Tue Jan 26, 2010 1:02 pm

Re: What specific changes have you made post-Equifax?

Post by goingup » Tue Oct 10, 2017 9:16 am

Nothing yet. This whole freeze thing at 3 credit agencies plus Innovis, etc goes against my quest to simplify, simplify, simplify. More accounts, more passwords, freeze-unfreeze, so fussy and frenetic.

Cheyenne
Posts: 277
Joined: Sun Jun 14, 2015 6:46 am

Re: What specific changes have you made post-Equifax?

Post by Cheyenne » Tue Oct 10, 2017 9:40 am

I signed up for a free Google Voice number and set it so it cannot be ported at all. I then changed all 2FA to the GV number and removed my cell number to eliminate the problem of losing access to any 2FA's if my cell number is ported unbeknownst to me or if I just lose my phone. I don't/won't use this GV number anywhere else.
With Google Voice, do you read the 2FA by logging in to your Google Voice account on a computer or tablet? Does a Google Voice number need to be connected to at least a phone land line?
Thanks

Achelois
Posts: 118
Joined: Sun Jul 10, 2011 12:50 pm

Re: What specific changes have you made post-Equifax?

Post by Achelois » Tue Oct 10, 2017 10:20 am

azurekep wrote:
Mon Oct 09, 2017 8:27 pm
Achelois wrote:
Mon Oct 09, 2017 6:55 pm
I check my balance every day.
I think most people will advise against that. If you can do your banking/financial activities on a separate computer or in a VM (virtual machine), that would be preferable. Then, just log in when you need to.

There apparently also is a "banking mode" in browsers, I think. I've never come across that myself, but the concept is the same... segregating financial stuff and other, less sensitive activities.
I change passwords every month on everything. I tried using a password vault thing, but I am ashamed to say I couldn’t figure it out. Imay go back and change the answers to all my security questions as well.
"Best practices" these days (for what that's worth) is to not continually change one's password. It's preferable to create a good one and stick with it. There have been some threads on this. I'l leave it to others to provide the complete rationale as I've forgotten it. But at some level, it actually makes sense.
I am in my later 60s and not especially computer literate.
You've done a great job. Quite impressive.

Edit: Forgot this:
already had alerts set up at my credit card to alert me whenever any charge is made. Also they will require a confirmation call over a certain transaction amount.
Alerts can also be set up at many financial institutions for checking account transactions, ACHs, password changes, address changes, etc.

Thank you very much for your reply. I am going to look into these suggestions, especially at my bank. Also, I will try reading more threads on this site related to this matter. It would be much easier if I didn’t have to check my accounts or change my passwords so often—so if it is doing no good or is potentially harmful, I will stop doing it. It had not occurred to me that I might be at more risk by doing this.

I already have a “dedicated” laptop for financial matters. It is connected via the cable, not wifi. I haven’t heard of that banking mode but I will look into it. I automatically clear cookies, etc on the laptop when I close. I don’t know if that is helpful to do or not.

Thanks again for taking the time to respond and for your suggestions.

As an aside, I have spoken to various acquaintances and employees of dentist and doctor just in passing about this Equifax breach and the most common reaction I have gotten seems to be “oh, yeah, I heard something about that,” but there seemed to be no real concern among these various people.

azurekep
Posts: 1013
Joined: Tue Jun 16, 2015 7:16 pm

Re: What specific changes have you made post-Equifax?

Post by azurekep » Tue Oct 10, 2017 11:31 am

Achelois wrote:
Tue Oct 10, 2017 10:20 am
Thank you very much for your reply. I am going to look into these suggestions, especially at my bank. Also, I will try reading more threads on this site related to this matter. It would be much easier if I didn’t have to check my accounts or change my passwords so often—so if it is doing no good or is potentially harmful, I will stop doing it. It had not occurred to me that I might be at more risk by doing this.
It's one of those paradoxes. :) The specific risk of checking your balance every day is the possibility of picking up a keystroke logger. You are now indicating you have a dedicated laptop for financial matters, so you're already doing the right thing there. Daily checking of the balances is less harmful in that case, but I would argue it's not particularly helpful.

The overarching thing is to understand what your liability as a customer is. It wouldn't hurt to call up your banker or broker and have a conversation about security. They can make sure you're taking advantage of all the security features they offer and can give assurances on what conditions you will be made whole. The latter generally just means ensuring you don't share your logon credentials or leave them around to be stolen.

ztn
Posts: 27
Joined: Sat Mar 25, 2017 9:13 pm

Re: What specific changes have you made post-Equifax?

Post by ztn » Tue Oct 10, 2017 1:08 pm

Cheyenne wrote:
Tue Oct 10, 2017 9:40 am
I signed up for a free Google Voice number and set it so it cannot be ported at all. I then changed all 2FA to the GV number and removed my cell number to eliminate the problem of losing access to any 2FA's if my cell number is ported unbeknownst to me or if I just lose my phone. I don't/won't use this GV number anywhere else.
With Google Voice, do you read the 2FA by logging in to your Google Voice account on a computer or tablet? Does a Google Voice number need to be connected to at least a phone land line?
Thanks
The way I did it was to create a new Gmail account. I then created a Google Voice number associated with the Gmail account. I use the Gmail account for nothing at all other than the GV number. I set up the GV number to send any SMS message to the new Gmail account as an email. So to answer your question - I read the 2FA by logging into my associated Gmail account.
The GV number does not need to be 'connected' to phone 'line' at all.

Cheyenne
Posts: 277
Joined: Sun Jun 14, 2015 6:46 am

Re: What specific changes have you made post-Equifax?

Post by Cheyenne » Tue Oct 10, 2017 1:12 pm

The way I did it was to create a new Gmail account. I then created a Google Voice number associated with the Gmail account. I use the Gmail account for nothing at all other than the GV number. I set up the GV number to send any SMS message to the new Gmail account as an email. So to answer your question - I read the 2FA by logging into my associated Gmail account.
The GV number does not need to be 'connected' to phone 'line' at all.
Thanks for the explanation. Do you use 2FA to login to your new Gmail account, and if so, how?

ztn
Posts: 27
Joined: Sat Mar 25, 2017 9:13 pm

Re: What specific changes have you made post-Equifax?

Post by ztn » Tue Oct 10, 2017 1:27 pm

Cheyenne wrote:
Tue Oct 10, 2017 1:12 pm
The way I did it was to create a new Gmail account. I then created a Google Voice number associated with the Gmail account. I use the Gmail account for nothing at all other than the GV number. I set up the GV number to send any SMS message to the new Gmail account as an email. So to answer your question - I read the 2FA by logging into my associated Gmail account.
The GV number does not need to be 'connected' to phone 'line' at all.
Thanks for the explanation. Do you use 2FA to login to your new Gmail account, and if so, how?
Yes, for the GV Gmail account I use Google Authenticator for 2FA. If I lose my cell phone - which is connected to the Google Authenticator - I have 10 backup emergency codes from Gmail that I have stored in several safe places.

User avatar
ryuns
Posts: 3477
Joined: Tue Aug 07, 2007 6:07 pm
Location: Sacramento, CA

Re: What specific changes have you made post-Equifax?

Post by ryuns » Tue Oct 10, 2017 1:38 pm

DiggleRex wrote:
Tue Oct 10, 2017 6:23 am
letsgobobby wrote:
Mon Oct 09, 2017 5:44 pm
- all passwords long and random using password manager, which exists only on my desktop
Just curious, which password manager, and how to ensure it exists only on desktop?
If it's something like LastPass, I assume the OP was referring to only installing the extension/app or only using the website from one computer exclusively. As far as the password, it does exist in the cloud somewhere as a hashed or coded version of itself. Folks who know more than I do seem to hold LastPass's security features in pretty high esteem, and it's certainly better than my previous habit of using the same password on multiple accounts and failing to change the password regularly.
An inconvenience is only an adventure wrongly considered; an adventure is an inconvenience rightly considered. -- GK Chesterton

Cheyenne
Posts: 277
Joined: Sun Jun 14, 2015 6:46 am

Re: What specific changes have you made post-Equifax?

Post by Cheyenne » Tue Oct 10, 2017 2:34 pm

Yes, for the GV Gmail account I use Google Authenticator for 2FA. If I lose my cell phone - which is connected to the Google Authenticator - I have 10 backup emergency codes from Gmail that I have stored in several safe places.
So even if your cell phone was compromised and they gained access to the special gmail account, there wouldn't be anything of value to them there. Now I understand it. I might do that too.

ztn
Posts: 27
Joined: Sat Mar 25, 2017 9:13 pm

Re: What specific changes have you made post-Equifax?

Post by ztn » Tue Oct 10, 2017 2:53 pm

Cheyenne wrote:
Tue Oct 10, 2017 2:34 pm
Yes, for the GV Gmail account I use Google Authenticator for 2FA. If I lose my cell phone - which is connected to the Google Authenticator - I have 10 backup emergency codes from Gmail that I have stored in several safe places.
So even if your cell phone was compromised and they gained access to the special gmail account, there wouldn't be anything of value to them there. Now I understand it. I might do that too.
I don't see how a cell phone thief would gain access to my Gmail account - I don't connect to it using my cell phone. I believe the risk to my Gmail account is very limited if I lose my cell phone: the only connection is the Google Authentcator app. The app lists my Gmail account but doesn't indicate the Google Voice number associated with the Gmail account or even if there is a GV number associated with the Gmail account. If my physical cell phone is compromised, and assuming that the thief was able to get past the security features on my cell phone, even if he opens the Google Authenticator app it will only list the accounts I use the app with. The cell phone or Authenticator app don't provide any pw's or an ability to redirect the Gmail account to the cell phone. If I lose my cell phone, I'd use one of the Gmail emergency codes to connect without the Google Authenticator app and I'd then disable the Google Authenticator app from the Gmail account.

skjoldur
Posts: 126
Joined: Thu Sep 25, 2014 3:11 pm

Re: What specific changes have you made post-Equifax?

Post by skjoldur » Tue Oct 10, 2017 3:27 pm

ztn wrote:
Tue Oct 10, 2017 2:53 pm
even if he opens the Google Authenticator app it will only list the accounts I use the app with.
FWIW, you can edit the account names in Google Authenticator. It seems to me like a bad idea to have it actually list the full name of the account.

ztn
Posts: 27
Joined: Sat Mar 25, 2017 9:13 pm

Re: What specific changes have you made post-Equifax?

Post by ztn » Tue Oct 10, 2017 3:39 pm

skjoldur wrote:
Tue Oct 10, 2017 3:27 pm
ztn wrote:
Tue Oct 10, 2017 2:53 pm
even if he opens the Google Authenticator app it will only list the accounts I use the app with.
FWIW, you can edit the account names in Google Authenticator. It seems to me like a bad idea to have it actually list the full name of the account.
Thanks - I just renamed each of the account names in the app! This greatly helps in masking the accounts in case I lose the phone!

Cheyenne
Posts: 277
Joined: Sun Jun 14, 2015 6:46 am

Re: What specific changes have you made post-Equifax?

Post by Cheyenne » Tue Oct 10, 2017 3:51 pm

I just renamed each of the account names in the app!
Me too, thanks.

letsgobobby
Posts: 10697
Joined: Fri Sep 18, 2009 1:10 am

Re: What specific changes have you made post-Equifax?

Post by letsgobobby » Tue Oct 10, 2017 3:54 pm

ryuns wrote:
Tue Oct 10, 2017 1:38 pm
DiggleRex wrote:
Tue Oct 10, 2017 6:23 am
letsgobobby wrote:
Mon Oct 09, 2017 5:44 pm
- all passwords long and random using password manager, which exists only on my desktop
Just curious, which password manager, and how to ensure it exists only on desktop?
If it's something like LastPass, I assume the OP was referring to only installing the extension/app or only using the website from one computer exclusively. As far as the password, it does exist in the cloud somewhere as a hashed or coded version of itself. Folks who know more than I do seem to hold LastPass's security features in pretty high esteem, and it's certainly better than my previous habit of using the same password on multiple accounts and failing to change the password regularly.
Yes, that's what I meant. I use Dashlane, but the free version so I don't have it installed anywhere but my desktop.

I'll have to look more into Google voice and authenticator. I don't understand what they are.

Achelois
Posts: 118
Joined: Sun Jul 10, 2011 12:50 pm

Re: What specific changes have you made post-Equifax?

Post by Achelois » Tue Oct 10, 2017 4:01 pm

azurekep wrote:
Tue Oct 10, 2017 11:31 am
Achelois wrote:
Tue Oct 10, 2017 10:20 am
Thank you very much for your reply. I am going to look into these suggestions, especially at my bank. Also, I will try reading more threads on this site related to this matter. It would be much easier if I didn’t have to check my accounts or change my passwords so often—so if it is doing no good or is potentially harmful, I will stop doing it. It had not occurred to me that I might be at more risk by doing this.
It's one of those paradoxes. :) The specific risk of checking your balance every day is the possibility of picking up a keystroke logger. You are now indicating you have a dedicated laptop for financial matters, so you're already doing the right thing there. Daily checking of the balances is less harmful in that case, but I would argue it's not particularly helpful.

The overarching thing is to understand what your liability as a customer is. It wouldn't hurt to call up your banker or broker and have a conversation about security. They can make sure you're taking advantage of all the security features they offer and can give assurances on what conditions you will be made whole. The latter generally just means ensuring you don't share your logon credentials or leave them around to be stolen.

Today I did get get online with the bank and enable alert for any transfers and balance alerts. I do have the dedicated laptop now, (I did not until this year when I had to get a new one)but cannot take credit for knowing to do this. There is a poster who I believe is on this site who stressed having one and connecting via cable not wifi, and I thought it seemed a good idea even though my wifi is locked/requires a password. Unfortunately, I do not recall his or her name to assign credit. But I appreciate that idea from whoever it was.

DiggleRex
Posts: 168
Joined: Fri Sep 29, 2017 7:17 am

Re: What specific changes have you made post-Equifax?

Post by DiggleRex » Tue Oct 10, 2017 4:44 pm

skjoldur wrote:
Tue Oct 10, 2017 3:27 pm
FWIW, you can edit the account names in Google Authenticator. It seems to me like a bad idea to have it actually list the full name of the account.
How?? I have it installed on an android phone and see no way to do this. Thanks.

Edit* I just figured it out! I didn't even know it's possible, thank you.

ztn
Posts: 27
Joined: Sat Mar 25, 2017 9:13 pm

Re: What specific changes have you made post-Equifax?

Post by ztn » Tue Oct 10, 2017 4:47 pm

DiggleRex wrote:
Tue Oct 10, 2017 4:44 pm
skjoldur wrote:
Tue Oct 10, 2017 3:27 pm
FWIW, you can edit the account names in Google Authenticator. It seems to me like a bad idea to have it actually list the full name of the account.
How?? I have it installed on an android phone and see no way to do this. Thanks.
I just did it myself: Go into the app. The screen will list the different accounts. Press and hold any account. You will now see an edit icon on the bar - top right. Edit the name of the account. Repeat for each account listed.

azurekep
Posts: 1013
Joined: Tue Jun 16, 2015 7:16 pm

Re: What specific changes have you made post-Equifax?

Post by azurekep » Tue Oct 10, 2017 8:12 pm

Achelois wrote:
Tue Oct 10, 2017 4:01 pm
Today I did get get online with the bank and enable alert for any transfers and balance alerts.
Good to hear.
I do have the dedicated laptop now, (I did not until this year when I had to get a new one)but cannot take credit for knowing to do this. There is a poster who I believe is on this site who stressed having one and connecting via cable not wifi, and I thought it seemed a good idea even though my wifi is locked/requires a password. Unfortunately, I do not recall his or her name to assign credit. But I appreciate that idea from whoever it was.
Ironically, I once started a thread about wifi vs wired for home computing (I prefer wired). I kind of got shot down as being a little too paranoid. But I'm more comfortable with wired and have maintained that practice. I have seen too many misconfigured wifi routers.

BTW, going back to an earlier topic, security expert Bruce Schneier just posted an article about Password Best Practices.

https://www.schneier.com/blog/archives/ ... _pass.html

I haven't read the embedded links in the article yet, but one thing I do remember from previous BH conversations, is that people usually put the most effort into their first password. When required to change it, they get lazy and just append 123 or something similar. It makes more sense to put a lot of thought into creating one strong password (per site) along with jibberish-type security question/answers, than just routinely changing the password and/or security questions. Of course, the one thing that will never change is to never use the same password at more than one site.

BTW, Schneier's site is a good one to follow along with Brian Kreb's site (https://krebsonsecurity.com).

S&L1940
Posts: 1540
Joined: Fri Nov 02, 2007 11:19 pm
Location: South Florida

Re: What specific changes have you made post-Equifax?

Post by S&L1940 » Tue Oct 10, 2017 8:26 pm

livesoft wrote:
Mon Oct 09, 2017 5:57 pm
Nothing. We've made absolutely no changes.
already use two factor where available, change passwords (click on forgot password) - a pain - almost once a month where two factor not available.
Don't it always seem to go * That you don't know what you've got * Till it's gone

User avatar
VictoriaF
Posts: 17582
Joined: Tue Feb 27, 2007 7:27 am
Location: Black Swan Lake

Re: What specific changes have you made post-Equifax?

Post by VictoriaF » Tue Oct 10, 2017 9:53 pm

azurekep wrote:
Tue Oct 10, 2017 8:12 pm
BTW, Schneier's site is a good one to follow along with Brian Kreb's site (https://krebsonsecurity.com).
Earlier today, I was bragging that I've met Taleb. You are giving me an opportunity to brag that I've met Bruce Schneier at WEISes, Workshops on the Economics of Information Security. I have been receiving Schneier's newsletter on the 15th of every month for many years.

Victoria
WINNER of the 2015 Boglehead Contest. | Every joke has a bit of a joke. ... The rest is the truth. (Marat F)

Achelois
Posts: 118
Joined: Sun Jul 10, 2011 12:50 pm

Re: What specific changes have you made post-Equifax?

Post by Achelois » Tue Oct 10, 2017 10:59 pm

azurekep wrote:
Tue Oct 10, 2017 8:12 pm
Achelois wrote:
Tue Oct 10, 2017 4:01 pm
Today I did get get online with the bank and enable alert for any transfers and balance alerts.
Good to hear.
I do have the dedicated laptop now, (I did not until this year when I had to get a new one)but cannot take credit for knowing to do this. There is a poster who I believe is on this site who stressed having one and connecting via cable not wifi, and I thought it seemed a good idea even though my wifi is locked/requires a password. Unfortunately, I do not recall his or her name to assign credit. But I appreciate that idea from whoever it was.
Ironically, I once started a thread about wifi vs wired for home computing (I prefer wired). I kind of got shot down as being a little too paranoid. But I'm more comfortable with wired and have maintained that practice. I have seen too many misconfigured wifi routers.

BTW, going back to an earlier topic, security expert Bruce Schneier just posted an article about Password Best Practices.

https://www.schneier.com/blog/archives/ ... _pass.html

I haven't read the embedded links in the article yet, but one thing I do remember from previous BH conversations, is that people usually put the most effort into their first password. When required to change it, they get lazy and just append 123 or something similar. It makes more sense to put a lot of thought into creating one strong password (per site) along with jibberish-type security question/answers, than just routinely changing the password and/or security questions. Of course, the one thing that will never change is to never use the same password at more than one site.

BTW, Schneier's site is a good one to follow along with Brian Kreb's site (https://krebsonsecurity.com).

Perhaps that poster was you! I wish I could recall. It doesn’t seem possible to be too paranoid these days. A lot of the material on the link was over my head, but it does seem unnecessary to change passwords so frequently as I was doing. That’s a relief. I am fairly paranoid myself—I don’t have Facebook, Twitter, Snapchat, Instagram or anything like that. I don’t use Siri or Cortana or connect with any device via Bluetooth.

I still need to look into the Kreb’s site, but will do that in the morning. Appreciate your input.

User avatar
tetractys
Posts: 4587
Joined: Sat Mar 17, 2007 3:30 pm
Location: Along the Salish Sea

Re: What specific changes have you made post-Equifax?

Post by tetractys » Wed Oct 11, 2017 12:16 am

Totally unconcerned. — Tet

letsgobobby
Posts: 10697
Joined: Fri Sep 18, 2009 1:10 am

Re: What specific changes have you made post-Equifax?

Post by letsgobobby » Wed Oct 11, 2017 12:31 am

tetractys wrote:
Wed Oct 11, 2017 12:16 am
Totally unconcerned. — Tet
can you say more about why not?

I do not worry about credit card accounts opened in my name, but I do worry about investment accounts being pilfered and, to a lesser extent, tax refunds being claimed under my name.

livesoft
Posts: 57283
Joined: Thu Mar 01, 2007 8:00 pm

Re: What specific changes have you made post-Equifax?

Post by livesoft » Wed Oct 11, 2017 5:27 am

Speaking of tax returns ... we filed our 2016 tax return last week, so I guess that's something we did post-Equifax. We filed last week not because of concern about theft, but because the deadline is coming up. And our refund has already been deposited into our checking account, too. It seems that the IRS is faster about things this time of year.
This signature message sponsored by sscritic: Learn to fish.

Yukon
Posts: 123
Joined: Wed Jan 23, 2008 8:10 am

Re: What specific changes have you made post-Equifax?

Post by Yukon » Wed Oct 11, 2017 5:43 am

letsgobobby wrote:
Wed Oct 11, 2017 12:31 am
tetractys wrote:
Wed Oct 11, 2017 12:16 am
Totally unconcerned. — Tet
can you say more about why not?

I do not worry about credit card accounts opened in my name, but I do worry about investment accounts being pilfered and, to a lesser extent, tax refunds being claimed under my name.
Why no worry about credit card accounts? I, too, wonder where someone like Tet is totally unconcerned.
Don't Work Forever.

tampaite
Posts: 428
Joined: Wed Feb 18, 2015 9:29 pm

Re: What specific changes have you made post-Equifax?

Post by tampaite » Wed Oct 11, 2017 7:54 am

I have made none. if my details are floating in the dark-web then, potentially anyone can use that data during my lifetime.

You have everything set-up in your desktop, which everyone does too - what if your PC is hacked or infected by ransomware?

I've had issues with 2-factor authentication esp whem am away from my desktop during travel(local and international) and I've needed access to my email and text to authenticate myself. sometimes, they don't work well. Also, what if your email gets hacked? what if you lose your phone?

User avatar
tetractys
Posts: 4587
Joined: Sat Mar 17, 2007 3:30 pm
Location: Along the Salish Sea

Re: What specific changes have you made post-Equifax?

Post by tetractys » Wed Oct 11, 2017 10:49 am

letsgobobby wrote:
Wed Oct 11, 2017 12:31 am
tetractys wrote:
Wed Oct 11, 2017 12:16 am
Totally unconcerned. — Tet
can you say more about why not?

I do not worry about credit card accounts opened in my name, but I do worry about investment accounts being pilfered and, to a lesser extent, tax refunds being claimed under my name.
I have always assumed that for the most part supposed secret information is already available. Most of us care about and protect each other; but there are also those who will roast their neighbors babies for thanksgiving dinner if they can get away with it. So for me the Equifax news is no news.

And historically, when one day people are rich, the next day they have nothing, and vis-à-vis. The cycle has been continuous and unpredictable.

We should be steady with our prudent actions and awake; but not surprised.

Be happy. — Tet

Yukon
Posts: 123
Joined: Wed Jan 23, 2008 8:10 am

Re: What specific changes have you made post-Equifax?

Post by Yukon » Wed Oct 11, 2017 1:07 pm

tetractys wrote:
Wed Oct 11, 2017 10:49 am
letsgobobby wrote:
Wed Oct 11, 2017 12:31 am
tetractys wrote:
Wed Oct 11, 2017 12:16 am
Totally unconcerned. — Tet

We should be steady with our prudent actions and awake; but not surprised.

Be happy. — Tet
So what prudent actions would you suggest?
Don't Work Forever.

User avatar
tetractys
Posts: 4587
Joined: Sat Mar 17, 2007 3:30 pm
Location: Along the Salish Sea

Re: What specific changes have you made post-Equifax?

Post by tetractys » Wed Oct 11, 2017 1:40 pm

Yukon wrote:
Wed Oct 11, 2017 1:07 pm
tetractys wrote:
Wed Oct 11, 2017 10:49 am
letsgobobby wrote:
Wed Oct 11, 2017 12:31 am
tetractys wrote:
Wed Oct 11, 2017 12:16 am
Totally unconcerned. — Tet

We should be steady with our prudent actions and awake; but not surprised.

Be happy. — Tet
So what prudent actions would you suggest?
Ha ha ha. Just the usual ones that have been around for awhile now. They’ve been mentioned above, have they not? — Tet

Post Reply