Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News Editorials & Other Articles General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

question everything

(48,797 posts)
Mon Feb 15, 2021, 02:28 PM Feb 2021

Retirement Planning Gives Bigger Role to Theft Prevention as Risks Lurk Online

(snip)

Record-keepers typically have policies that promise reimbursement as a result of unauthorized activity in 401(k) accounts. But such coverage might be contingent on account owners having taken certain steps. Vanguard Group Inc., for example, says “if there’s evidence you neglected to reasonably safeguard your account, further investigation may be necessary to determine whether we can issue a reimbursement.”

Recent court cases highlight the risks for account owners. In one such case, filed last April, Heide Bartnett alleges that Abbott Laboratories, where she worked in sales from 2002 to 2012, and its 401(k) plan record-keeper, Alight Solutions LLC, violated Erisa by allowing money to be stolen from her account. Ms. Bartnett, 60 years old, said she was shocked to receive letters from Abbott on Jan. 14, 2019, notifying her that her 401(k) account password had been changed and a $245,000 distribution made to a bank account that wasn’t hers. With 68% of her $362,000 balance gone, “I thought, ‘This cannot be happening,’ ” said the Darien, Ill., resident. She has since recovered about $108,000.

According to the lawsuit, the perpetrator changed Ms. Bartnett’s 401(k) account password by using the “forgot password” option and a one-time code sent to her email address—an email Ms. Bartnett said she has no record of receiving. The thief also successfully impersonated her in calls to the plan’s call center.

(snip)

On Feb. 8, U.S. District Judge Thomas Durkin in the Northern District of Illinois dismissed Ms. Bartnett’s case against Abbott, but not against Alight. In a statement, Alight declined to comment on the litigation and said: “We continually evaluate our security measures to ensure they meet and exceed industry best practices.”

Here are steps 401(k) record-keepers and others recommend taking to safeguard your retirement accounts:

Have an online account. Mr. Taylor recommends setting up online access to your account even if you prefer paper statements, because “unclaimed online accounts are easier for impersonators to take control of.”
Check in regularly. Check your 401(k) account, including your email and street addresses, at least monthly. Sign up for text alerts that notify you of changes or transactions and use multifactor authentication, which verifies your identity by sending codes to multiple devices.
Practice good internet hygiene. Avoid public Wi-Fi and never click on emails or texts seeking personal information, including passwords. Promptly install software updates.
Create good passwords.Choose a unique password you keep confidential. Providing passwords to third-party services that aggregate passwords or financial-account data could be grounds for denying reimbursement if “our investigation determines that a fraud event is traceable” to that service, Alight said.

https://www.wsj.com/articles/retirement-planning-gives-bigger-role-to-theft-prevention-as-risks-lurk-online-11613125801 (subscription)

5 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
Retirement Planning Gives Bigger Role to Theft Prevention as Risks Lurk Online (Original Post) question everything Feb 2021 OP
So for example if one has a password manager like LastPass and 1Password progree Feb 2021 #1
Speaking for myself Pobeka Feb 2021 #2
I'm also afraid that if they go broke or decide they're not in the password business anymore progree Feb 2021 #3
I use a password manager on my local machine with a caveat. Pobeka Feb 2021 #4
thanks for the OP bucolic_frolic Feb 2021 #5

progree

(11,463 posts)
1. So for example if one has a password manager like LastPass and 1Password
Mon Feb 15, 2021, 02:49 PM
Feb 2021

and they got hacked, then one would be screwed?

Providing passwords to third-party services that aggregate passwords or financial-account data could be grounds for denying reimbursement if “our investigation determines that a fraud event is traceable” to that service, Alight said.


I check my accounts every week, just comparing the number of shares of each holding to what I had written down before.

Pobeka

(4,999 posts)
2. Speaking for myself
Mon Feb 15, 2021, 05:26 PM
Feb 2021

I would never, ever, ever give such passwords to another entity. Despite all the re-assuring words, and legalise, passwords given to another entity are out of your control, and those single site based databases become a *HUGE* target to be hacked.

The only way to keep secret, is never to share the secret...

progree

(11,463 posts)
3. I'm also afraid that if they go broke or decide they're not in the password business anymore
Mon Feb 15, 2021, 05:41 PM
Feb 2021

and just leave people high and dry. I suppose then it's just a matter of doing the "Forgot My Password" reset thing, but still.

I've thought of using a password manager for the many many many accounts (non-financial) that aren't all that important, but still use the old-fashioned way for the really important accounts.

But even for an account that isn't important, well, still if someone got into it and therefore into my profile, they'd have my email address, and maybe, on some accounts, the answer to security questions like the name of my first pet and so on. That would be awful.

Pobeka

(4,999 posts)
4. I use a password manager on my local machine with a caveat.
Mon Feb 15, 2021, 05:55 PM
Feb 2021

I am a programmer -- and review the source code, compile it myself (on linux).

I totally get the convenience of passwword managers.

The one I use is keepass (https://keepass.info)

It's open source, free and there are versions for linux, windows, android. I keep a copy of the database on my phone, so if the house burns down (God forbid!!) I have access to all my sites, usernames and passwords.

It's pretty much guaranteed this wll always be around.

bucolic_frolic

(46,973 posts)
5. thanks for the OP
Thu Feb 18, 2021, 07:21 PM
Feb 2021

it's on my spring calendar to revisit some of these issues, because companies have not been cooperative. Makes me want to focus on 2 or 3 accounts only, and go local with the best of them.

There are people who say debit cards aren't safe either. Once they're empty, your out of luck. I have no idea what would happen if I cancel my debit card. You can't even visit a bank anymore for customer service, it's all done at the drive through. The lack of a debit card leaves you without cash, or credit card cash advances which I think there is a fee for that.

Then there's paypal. I'd like to close that too. It of course is hooked up to bank and credit accounts. Access opens your credit line.

My bank was not helpful with all this. There answer was to access your account each day. Great, each account each day, like there went 30 minutes.

Latest Discussions»Culture Forums»Personal Finance and Investing»Retirement Planning Gives...