Welcome to Tesla Motors Club
Discuss Tesla's Model S, Model 3, Model X, Model Y, Cybertruck, Roadster and More.
Register

Securing investment accounts

This site may earn commission on affiliate links.
anticitizen13.7

anticitizen13.7

Not posting at TMC after 9/17/2018
Dec 22, 2012
3,638
5,870
United States
#1
I saw in one of the short-term threads that a security researcher warned that Model S was not secure enough over Internet. One response was that brokerage accounts are also one password away from being compromised.

I'm sure many people have brokerage and retirement accounts that are worth much more than their car. What are good ways to ensure the security of those accounts?

Keeping software and antivirus up to date are the obvious steps to take. However, I think it's a given that large software systems are going to have security bugs. The only thing I can think of is to constantly monitor accounts for unusual activity.
 
#2
Use a strong password - at least 8 characters long, combination of upper case, lower case, special characters (punctuation), and numbers. AND, this is important, make sure it isn't one you use on any other site. It needs to be unique to your brokerage account.

Also, enable trade-confirmations via email and SMS text message if your broker offers it. Most likely you don't have large amounts of cash sitting in your investment accounts - most is hopefully in stocks, ETFs, mutual funds, bonds, etc - so anyone that got in and wanted to transfer out any money would first have to sell some funds, which would trigger an email/SMS to you giving you some notification something was up.

Also, most brokerages require additional verification for large withdrawals and transfers, so even if someone got in through a password guess alone it's unlikely they could get any money out without knowing a lot more about you.
 
#3
I recommend using 1Password. It's a great password management tool. I remembers all your passwords and logs in for you. It automatically generates really strong passwords so every account can have a different password that looks something like this: 4@L,C[udF@/@w^67A2JR42U.vjwRYr

I use 1Password to store all my credentials, secure documents, digital images of passports, licenses etc. It has all my credit card info, bank info etc.

You only have to remember the 1 password to get into the tool and it does the rest for you. They have clients for Mac, Windows, iOS devices and Android.

https://agilebits.com
 
#4
40percent said:
I use 1Password to store all my credentials, secure documents, digital images of passports, licenses etc. It has all my credit card info, bank info etc.

You only have to remember the 1 password to get into the tool and it does the rest for you. They have clients for Mac, Windows, iOS devices and Android.
Click to expand...
If you think about it, this rather defeats the purpose of having different and super-complex passwords for everything if it's all unlocked with one. Super-convenient for you, and anyone else who manages to get in.

This functionality (auto-generated and/or retained/entered for you) is now built-in to the Mac OS and iOS. Very convenient for miscellaneous non-critical online accounts, forums, stores, etc. but I recommend never using any such system for things that you *really* don't want anyone else in, like financial accounts. I think it's worth keeping such critical logins only in your head. (Though I do also keep an encrypted file that has just enough of each password to jog my memory in case I find myself struggling to remember.)
 
Last edited:
#5
EarlyAdopter said:
Use a strong password - at least 8 characters long, combination of upper case, lower case, special characters (punctuation), and numbers. AND, this is important, make sure it isn't one you use on any other site. It needs to be unique to your brokerage account.
Click to expand...

On Password Security and Password Strength, I highly recommend this XKCD here:
https://xkcd.com/936/

Don't be fooled by the comic style explanation, Randall Munroe knows a thing or two about math...

Aside from that, yes, use 2 factor authentication where possible, make sure that your email account is with a secure provider (most of the time hacks don't happen directly but target your email account at which point you are down to a 'reset password' level of complexity for taking over your account).
 
#6
anticitizen13.7 said:
I saw in one of the short-term threads that a security researcher warned that Model S was not secure enough over Internet. One response was that brokerage accounts are also one password away from being compromised.

I'm sure many people have brokerage and retirement accounts that are worth much more than their car. What are good ways to ensure the security of those accounts?

Keeping software and antivirus up to date are the obvious steps to take. However, I think it's a given that large software systems are going to have security bugs. The only thing I can think of is to constantly monitor accounts for unusual activity.
Click to expand...

I take it very seriously. strong passwords and a separate computer that is used for nothing else. does not go over the web, etc. my brokerage will not wire any funds without confirmation as well. one thing that does bother me is the brokerage uses security questions tat are crazy. everyone in my family knows my mothers maiden name etc. I will frequently setp false answers their questions to avoid people knowing me well enough to get in on their questions. paranoid....yes I am.
 
#7
anticitizen13.7 said:
I'm sure many people have brokerage and retirement accounts that are worth much more than their car. What are good ways to ensure the security of those accounts?
Click to expand...

I have an E*TRADE account, and they sent me a keychain dongle that spits out a new 6-digit code every minute. The only way to log into my account is with my password with the current 6-digit number the dongle shows added onto that. Even if someone was keylogging my PC they'd have only seconds to enter the same password+digits to log in.
 
#9
AndreN said:
I have an E*TRADE account, and they sent me a keychain dongle that spits out a new 6-digit code every minute. The only way to log into my account is with my password with the current 6-digit number the dongle shows added onto that. Even if someone was keylogging my PC they'd have only seconds to enter the same password+digits to log in.
Click to expand...


Good thread guys. I am really impressed at E-Trades ability to do this, just like in corporate remote security. I don't think tradeking has this but I would request it in a heartbeat. I used this website to create new passwords a while ago: How Secure Is My Password?. I mixed some latin and numbers together that I can remember easily and got it to 23 trillion years.
 
#10
Incredulocious said:
If you think about it, this rather defeats the purpose of having different and super-complex passwords for everything if it's all unlocked with one. Super-convenient for you, and anyone else who manages to get in.

This functionality (auto-generated and/or retained/entered for you) is now built-in to the Mac OS and iOS. Very convenient for miscellaneous non-critical online accounts, forums, stores, etc. but I recommend never using any such system for things that you *really* don't want anyone else in, like financial accounts. I think it's worth keeping such critical logins only in your head. (Though I do also keep an encrypted file that has just enough of each password to jog my memory in case I find myself struggling to remember.)
Click to expand...

I use a mental encryption scheme for now. But plan on writing a GUI program to automated it. 1Password's failure point is that 1Password could be compromised, and a trojan can gain access to your 1Password runtime. When securing small fortune 1Password is enough, but I think above 50k, the hacker has an incentive to break your defenses.
 
#11
I too recommend that people not stick to the old crappy minimum 8 characters scheme. Even with addition of symbols and numbers the passwords are way too easy to offline hack. A sample: Pa5sW)%$ takes an average PC ~3 days to crack. Using just a couple of words: "Keep my dough secure" yields 83 quintillion years. Of course using plain words may yield dictionary attacks, but it's still a few orders of magnitude more secure. Going outside the english language immediately increases the security by a few orders of magnitude. A simple google translate would be enough, but you'd have to remember it too ;) Also those passwords are easier to type and remember and are also more tablet etc friendly.
 
#12
Great to read everyone's perspectives!

Chickenlittle said:
I take it very seriously. strong passwords and a separate computer that is used for nothing else. does not go over the web, etc. my brokerage will not wire any funds without confirmation as well.
Click to expand...

How do you avoid the web to access your brokerage online? Or do you mean not using websites other than financial ones? I access my brokerage via a web page.

I've seen people access via iPad app. That's the only thing I can think of to avoid the web.

AndreN said:
I have an E*TRADE account, and they sent me a keychain dongle that spits out a new 6-digit code every minute. The only way to log into my account is with my password with the current 6-digit number the dongle shows added onto that. Even if someone was keylogging my PC they'd have only seconds to enter the same password+digits to log in.
Click to expand...

I've seen people use those code generators for VPN'ing into their workplace. Anyone know what other brokerages use this?

I really only have 1 low-tech idea to add, about one thing to do if one's account is hacked: if your financial institution has physical/brick&mortar offices nearby, go there with passport/ID and have everything reset in person.

Also, knowing someone at the institution could help, but turnover at banks and brokerages can be high. Many people don't go to the bank often enough to know a person there.
 
#13
anticitizen13.7 said:
Great to read everyone's perspectives!



How do you avoid the web to access your brokerage online? Or do you mean not using websites other than financial ones? I access my brokerage via a web page.

I've seen people access via iPad app. That's the only thing I can think of to avoid .
Click to expand...
What I mean is that a single computer with only destinations on the web are my broker accounts. All research and browsing done on another computer. I don't even have e mail on it. We actually have 3 computers. The one I mention above, the second level security one that we access our banking email and bill paying on and a third I will browse on without fear.
 
You must log in or register to reply here.

Similar threads

AudubonB
  • Locked
Tesla, TSLA & the Investment World: the Perpetual Investors' Roundtable
Replies
0
Views
6K
TSLA Investor Discussions
AudubonB
AudubonB
Tesery
Vendor A Must-Have Guide for Tesla Model 3 Highland Owners: Tips for Efficiently Selecting Accessories
Replies
1
Views
719
Model 3
Tesery
Tesery
Olle
  • Article
Vision for the Robotaxi Charging Network
Replies
7
Views
1K
Supercharging & Charging Infrastructure
moa999
M
Mr. Big
False Security Alarm and Hood Open Warning
Replies
4
Views
1K
Model 3
skygraff
S
tps5352
Possible Opportunity to Participate in a Multi-Cancer Early Detection Test Study
Replies
2
Views
833
Off Topic
tps5352
tps5352
Top
Back
Blog
New
Forum list
Marketplace
Menu