MFOHome About Commentary Discussions Funds The Best Resources Support Us!

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Categories

In this Discussion

Here's a statement of the obvious: The opinions expressed here are those of the participants, not those of the Mutual Fund Observer. We cannot vouch for the accuracy or appropriateness of any of it, though we do encourage civility and good humor.

    Support MFO

  • Donate through PayPal

Security issues (MFA and more)

msf
in Other Investing
There have been other posts on aspects of security when investing, esp. online. My turn now - I've been hit from a few different directions in the past few days. Fortunately nothing serious.

The institutions below may be supporting multiple systems beyond the ones I'm mentioning.

Fidelity is phasing out Symantec VIP access. They sent me an email saying that while you can still use this system if you've already registered it with them, they will no longer accept new VIP access registrations. So if you lose your hardware key or your device running the software version gets lost or junked, you'll have to move to some other system. (Schwab supports VIP access and doesn't seem to be changing that.)

Vanguard supports FIDO2 . I recently picked up a YubiKey (FIDO2 hardware key), though not for Vanguard (I left them last year). Rather, the university where I'm auditing classes started requiring 2FA. From my perspective as an auditor, this is more trouble than it's worth. Sometimes enhanced security is overkill.

A few days ago Merrill generated a deposit and a withdrawal transaction into and out of my Fidelity account. It looked like a micro deposit verification, but there was no dollar (penny) amount. And I had not initiated a new linking of accounts. Apparently Merrill generates these transactions periodically to check whether existing links are still live. So unrecognized transactions (especially for $0.00) don't necessarily mean that your account's been compromised.

Not directly related to investing, we recently received a letter purporting to be from a Utah-based lab with genetic test results. I couldn't find any record of such a lab or the domain name they gave. And we were not in the US on the date they said the swab was taken. But they did have SO's correct name, address, date of birth. (All of these can be easily found.) We reported this to the police who tried calling the phone number. Apparently a real number, but seemed like a scam. We were given the usual advice - don't reveal SSNs, bank numbers; don't send money. And don't worry about this.

All inside a week. When it rains, it pours.

Comments

  • yogibearbullyogibearbull
    I use Google Authenticator for many sites - Google, Login.gov (Social Security), social-media.

    I continue to use Symantec VIP Access for Schwab and 2FA for several sites.
  • msf
    Unfortunately, unlike VIP Access I don't find official support for Google Authenticator on PCs.
Sign In or Register to comment.