Go | New | Find | Notify | Tools | Reply | |
| Member |
Had a recent scare when my elderly dad gave the MS scammers access to his computer. Fun times cleaning that up with the various financial institutions. When talking to Fidelity they recommend their two part authentication via the Symantec application vs their two authentication that comes to your e-mail or text. They say if phone or email is compromised you are at risk. Having trouble understanding how the "application" that sends the code back to the computer is superior . Anyone have practical experience on the subject? | ||
|
Optimistic Cynic |
I use USAA checking to pay bills. A while back, they went to 2FA, after entering your username and password, they send a random one-time-use six-digit number to either your SMS-capable device (e.g. a cell phone), or e-mail which you then have to enter to proceed. The phone number or e-mail address are those previously associated with your account record. It isn't usually terribly inconvenient, but I am not the guy who has his cell phone at hand all the time. I think availability of the e-mail verification option is flawed from a security perspective if only that compromise of a user's computer usually enables access to their e-mail accounts. SunTrust/Truist and TD Ameritrade/Schwab does their 2FA the same way (except that they made it possible to opt out), I imagine Fidelity is similar. | |||
|
| Member |
The Symantec application is tied to the computer. It uses a timed key that rotates on a regular basis (usually around 30-60 seconds). Your computer is less likely to be compromised for this than a cell phone or email. You still have to log in to your account - the 2FA is a second validation. As long as others don't have the initial password, then the 2FA isn't enough to get into the account. If the computer IS stolen, you would call your provider to disable that 2FA as well as immediately change the password. | |||
|
| Member |
The sheer number of scams and frauds targeting elderly is staggering. My mom gave her debit card number to someone promising a "free" $100 gift card for WalMart and then at their instruction called the bank to authorize an international charge for shipping. The bank flagged it as likely fraud, cancelled the card and issued a new trigger, triggering an email to me since I set up the internet access to her account using my email. She does not have a computer or smart phone. From that point on I took over the finances, had her trust and POA's updated, and changed her address to mine for all mail (she lives at an assisted living place). Hard to believe all the junk mail looking to take her money. And now the scam calls about SSN's being compromised. She got one of those but luckily did not give any info. You almost have to lock your elderly parents up and take away all communication methods to prevent them from getting scammed. | |||
|
I Deal In Lead |
I just had an experience with using the app for authentication yesterday afternoon. Got one of my credit cards hacked by somebody, I talked to a Capital One person and we did the usual authentication, last 4 digits of my SS number, text and then they asked me to open the Capital One Application on my cell phone and answer the question I'd find there. Opened it and it brought up a full screen thing asking if I was talking to their rep at that exact moment in time with a big yes and no button. Hit yes, and she was happy and we took care of the hacked card. Seemed odd until I read this thread. | |||
|
| Member |
Thanks. That helps me get my head around it. | |||
|
| Member |
The really frustrating thing is that we (wife, sister and I) have constantly educated him and my mom on the scams and how they work. My wife does presentations to Seniors on fraud prevention in her job. Yet every time the phone rings they HAVE to answer it. Begging them to let it go to vm if they don't know the number doesn't work about 50% of the time. When sister was there changing bank passwords etc. The phone is ringing with bogus calls and mom is picking up. I set up a mirror of his accounts in Morningstar so he can track it daily without logging into the account at Fidelity. So no link to the actual account. Doing the bills, looking at his accounts and reading emails is about all he does any more. There's a special place in Hell for those who take advantage of the elderly. | |||
|
His Royal Hiney |
Unfortunately, you're going to have to come up with a back up plan because they're not going to learn. And that's no slam on your parents, most people in that generation can't help it. I don't know if your situation is further complicated by their attitude that you're their son and they're the parents and you're not going to teach them anything. "It did not really matter what we expected from life, but rather what life expected from us. We needed to stop asking about the meaning of life, and instead to think of ourselves as those who were being questioned by life – daily and hourly. Our answer must consist not in talk and meditation, but in right action and in right conduct. Life ultimately means taking the responsibility to find the right answer to its problems and to fulfill the tasks which it constantly sets for each individual." Viktor Frankl, Man's Search for Meaning, 1946. | |||
|
| Member |
Backup plans are being implemented. There's a little bit of "teenage defiance" from mom. In her mind she's smarter than the scammers and is going to show them so. | |||
|
| Member |
I have a brokerage account, but only a small checking type account is accessible via computer, and then at a dollar value limit. If I want to move money around, even internally, I have to visit my broker in person and give written authorization. It's slightly inconvenient, but very secure. Anyway, she has great coffee. | |||
|
| Partial dichotomy |
I have Fidelity and use the two part authentication back to my phone via text. No problems so far... SIGforum: For all your needs! Imagine our influence if every gun owner in America was an NRA member! Click the box>>>  | |||
|
| Member |
USAA also. I work through the phone app. The phone app ties itself into the Symantec app on the phone, so the mfa is handled for you. Still use a pin or fingerprint to get into the app itself. If using a browser, the login changes from username/password to username/pin+mfa number. -- I always prefer reality when I can figure out what it is. JALLEN 10/18/18 https://sigforum.com/eve/forum...610094844#7610094844 | |||
|
| Member |
That's what I've been using. But again, when on the phone with Fidelity Fraud prevention they recommended the VIP dual authentication. Saying that if email or phone is compromised you are at risk. Less so with the VIP. | |||
|
| Powered by Social Strata |
 | Please Wait. Your request is being processed... |
|
© SIGforum 2024