NEW YORK - Is the money in your 401(k) and other investment funds safe? You may run into a shocking security issue when you try to access those financial accounts online. Susan Antilla at TheStreet Foundation brought this issue to our attention and it's a big one. You know those security questions you answer to access your accounts online? Some financial companies will let you into your account, even if you get those answers wrong.
Antilla says you can put typographical errors of one or two characters when responding to personal security questions like "what street did you grow up on?" and still get access. It's just one security problem a Vanguard employee reported to the Securities and Exchange Commission this year. Another issue came from a client who was trying to set up the voice verification system on his Vanguard account. Antilla says the man wanted to be sure he couldn't be hacked, so he asked his son to call in and try to sound like him. The son was able to get right into the account. Antilla details these security issues in an article on TheStreet.com.
Don't believe that you can get into your financial accounts by giving incorrect information? Give it a shot. Try putting typographical errors when you answer your security questions. Antilla tried it with her Charles Schwab account and got right in.
Both Schwab and Vanguard are big companies with excellent reputations. Vanguard manages over $3 trillion, and has more than 20 million customers.
Wherever your money is invested, make sure you know the company's security and fraud policy or you could lose money. For example, Vanguard says your passwords should be at least 8 characters and can't be passwords you use anywhere else. If you violate that policy and unauthorized money is taken out of your account, Vanguard isn't obligated to reimburse you. That doesn't mean that they won't, but they don't have to.
So be sure to pick not only a complex, but also an original password that isn't a word in the dictionary. Hackers who try to crack passwords often use computer programs that run through the entire dictionary, hoping to hit on one of those words.
Vanguard told Fox 5 that it gives leeway for typos in answers to security questions, but that user IDs and passwords must be exact to log into the site. Vanguard has also introduced a two-step verification process for logging on. The company said clients' assets and confidential information are safe and secure.
Meanwhile, Charles Schwab also upped its security game this summer, allowing its customers to have longer and more complex passwords to help thwart hackers.