[USER]

How do you keep your Vanguard/Fidelity Accounts safe & protected from being hacked? Any security precautions?

I’ve recently learned about sim swapping which has freaked me out since I use two 2-factor authentication on my phone.

[Chuck]

Don’t use the same credentials you use elsewhere.
Stop saying online which companies you use.
Change the password from time to time.
Use a complex password.

[Jeff]

The most secure method is a physical security key. Sadly vanguard has piss poor implementation.

Write vanguard a letter about how crap their security key implementation is.

The whole point of a physical security key is it’s very hard to get around.

Yet when you log on via mobile browser boom back to text.

Absolutely embarrassing.

[Howie]

There isn’t a surefire way to stop it. But you can do a much as you can to prevent it.

Don’t fall for any phishing links.
Don’t let the keylogger be installed on your machine.
Avoid porn/or other stuff on the web to be viewed/downloaded.

Ask your phone company for higher security to avoid SIM swapping (SIM replacement cannot be done over the phone; it must be done in person).

Consider looking into not using your primary phone as the 2FA reset method. Other devices have a phone number.

The next layer is not using it in your name or your spouse’s name. (but swapping with other family members/cousins for this purpose).

If you have a digital asset, move into a hardware wallet and don’t use any service with 2FA for this reason.

Keep in keys in 2 safe deposit boxes with two different banks (splitting the keys up).

[Eric]

Password Length is more important than complexity, but you need both.
Don’t use the password you use for Fidelity on any other account. Change it probably at least once a year.

Use an MFA app like Authy or just the Fidelity app for MFA.

[Bailey]

You can usually ask your cellphone carrier to add a sim block feature on your lines so that your SIM card cannot be changed without the feature being removed.

Typically to remove the feature they make you show your ID at a store.

Not sure if every carrier does it but I recommend calling and seeing what safety features they offer to prevent sim swap fraud.

[Matthew]

I called my cell company yesterday and added security precautions to prevent sim swap. While 2FA on your investment account will help, go to the source of the issue.

I removed my cell number from my 2FA on the cell company account, added a pin and security question as well.

The 2FA is done on an email account not associated or installed on my phone.

I told them I’ll never get a new phone by calling or online, and when I go in person they’ll ask for the last 4 digits of my company TIN.

(It’s a business account).

Sounds like overkill putting it in writing, but there you go. Lol.

[Ebony]

Some very good points here. I work in the field of economic crimes. A few months back, a guy tried to cash a cashiers check for 101,000 at a check cashing store.

Long story short, that guy was arrested with others after it was determined they hacked into an older gentleman’s cell phone through sim swapping and got access to all of his banking information and personal information.

They made a fake ID and went to Wells Fargo and cleared the guys account out.

[Tyler]

2 factor is the best thing you can do, even in case of a data breach, your account will remain safe.

[Jai]

Get a phone or computer that you only do money stuff with. No calls, texting or online browsing except to log into those financial apps and sites.

Keep that phone in a safe or near it so it doesn’t become a default phone to play with.

[Joe]

Lock down the three credit approval agencies so that any activity to open new or extend has to have your permission.

Not directly answering about portfolio but something everyone should do nonetheless as another safeguard layer generally.

[Bo]

Another reason why I don’t perform these types of transactions on my phone. I don’t even log in with my phone.

Set your account up so any withdrawals need to be done in person.

[Kathy]

For those using your phone for MFA, it may not be a bad idea to add a PIN/passcode to your mobile account.

That way, no one can go to a store with a fake ID to impersonate you and report your phone lost (with the goal of transferring your mobile # to another device).

[Robert]

Easy. I don’t have my accounts on my phone. Call me old-fashioned, (and I’ll be 62 at the end of November) but I just don’t do any banking or any financial transactions on my phone.

But I still can do everything I need to do financially.

But I will not put those apps on my phone.

[Author]

Posts