Announcement

Collapse
No announcement yet.

2-factor Authentication: Does this prevent Personal Capital from accessing?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • nachos31
    replied
    I have always wondered why financial institutions don't make a "read-only" limited access dummy login of sorts that consumers can give to these data aggregators and even if hacked/stolen they would only show what's in the account (without access to SSN, full bank acct #s) and allow no action to be taken. Not sure if this is possible or other ramifications entailed, but seems like something that might have promise.

    Leave a comment:


  • ACN
    replied
    When you use two step authentication, your personal capital will have an issue everytime you login to update the data.  It will give you a red ! point next to the account.  You click it and it will ask for the two step auth ## that vanguard will send.  So, it requires an extra step.

    Even if Personal Capital gets hacked, their encryption key leaked, the hackers will still need two step auth to get into my account.

     

    Furthermore, everyone should use two step auth for all your accounts (yes, hackers can intercept texts and re-route them), but you'll probably be safer then 99% of everyone else out there.  You should get yourself a password generator (like Lastpass).  I actually have no clue what any of my gmail, vanguard, etc passwords are.  Also, longer passwords are better than shorter ones (and length is the most important aspect that makes it hard to hack).  I have my passwords set to 24 (some websites will limit length).

    Below HSIMP (https://howsecureismypassword.net/) is a brute force password hacking.  Basically guessing.

    "Passfautl Analyzer (http://passfault.com/) uses all sorts of methods for determining how secure your password is. This might include dictionary insertion, dictionary substitution, dictionary misspelling, repeated patterns, keyboard patterns, and more. So the Passfault Analyzer tool will usually calculate a lower time since it takes into account more than brute-force when analyzing your password."

    Notice longer is better, then adding in random characters.

     






































    Type Password Time (HSIMP) Time (PA) Security Level
    8 character common word required 52 seconds <1 day Useless
    8 random characters qkcrmztd 52 seconds <1 day Useless
    8 random chars w/numbers kqwbv832 11 minutes <1 day Useless
    8 random chars w/mixed
    case, symbols, & numbers
    J5bZ>9p! 20 days <1 day Risky

     































    Type Password Time (HSIMP) Time (PA) Security Level
    Passphrase 1 i own 2 dogs and 1 cat 1 sextillion years 330130 centuries Secure forever
    Passphrase 2 I own 2 dogs and 1 cat! 30 octillion years 8594846 centuries Secure forever
    Passphrase 3 #I own 2 dogs and 1 cat!? 285 nonillion years 1220882818 centuries Secure forever

    Leave a comment:


  • AR
    replied




    Perhaps I am overly cautious, but I do not trust the aggregators (like Personal Capital, Mint, etc.) to maintain the security that they claim they do and have not used them for several years. The information that they provide is outweighed, in my mind, by the risk of creating an unnecessary portal to enter my accounts.
    Click to expand...


    Agree.  I never used them for exactly this reason.

    Leave a comment:


  • VagabondMD
    replied
    Perhaps I am overly cautious, but I do not trust the aggregators (like Personal Capital, Mint, etc.) to maintain the security that they claim they do and have not used them for several years. The information that they provide is outweighed, in my mind, by the risk of creating an unnecessary portal to enter my accounts.

    Leave a comment:


  • AdamMGrossman
    replied
    In my view, it doesn't matter if two-factor authentication makes it harder for other services to aggregate your data.  Two-factor authentication is extremely important, and I believe it is worth giving up some convenience for the added security.

    Note that the most important thing to secure with two-factor authentication is your email account.  That's because most services will send you an email as part of their password reset process.  If someone gets into your email, that could result in much bigger hassles.  That's why your email security needs to be absolutely solid, with a long, hard-to-guess password and 2-factor authentication.

    Leave a comment:


  • 2-factor Authentication: Does this prevent Personal Capital from accessing?

    In light of the recent Equifax breach, I decided to turn on 2-factor authentication for all my financial accounts.

    When I did this with Vanguard, I was alerted that turning on 2-factor authentication could make it impossible for Personal Capital to access my account information.

    Does anyone have any experience with this?
Working...
X