Treasurydirect.gov and terms of service - risky?

[BP]

I read the treasurydirect.gov terms of service and noticed the following:

5. YOUR ACCOUNT

If you use this site, you are responsible for maintaining the confidentiality of your account, password and for restricting access to your computer. You also agree to assume responsibility for all activities that occur under any account or password that you maintain for electronic commerce with Treasury or BPD. TreasuryDirect.gov, publicdebt.treas.gov and all other websites operated by BPD do not sell products to minors. If you are under 18, you may use TreasuryDirect.gov only with involvement of a parent or guardian. TreasuryDirect.gov, publicdebt.treas.gov, and all other websites operated by BPD reserve the right to refuse service, terminate accounts, remove or edit content, or cancel purchases in their sole discretion.

https://www.treasurydirect.gov/terms.htm

One wonders what this means in practical terms.  Who is responsible if your account is hacked?  What recourse would you have if your account was liquidated by a third party without your permission?

[Pointedstick]

This is one reason I don't have a TD account. I figure I'd be trading the counterparty risk of a broker for the risk that because it's a website run by the government, it will be inflexible and unhelpful in the event anything goes wrong. I could be waiting months to get my money anyway. I doubt there are really a large number of TD users, which equates to small number of voters, which equates to congress not caring about you if you get screwed.

IMHO.

[AdamA]

Like with any asset, it's a good idea to hold cash a few different ways.  So TD is fine for some, but maybe use a treasury only money market and/or an etf for the rest.

[BearBones]

If your password were hacked, the hacking person could move in and out of your zero interest account at TD and transfer money in and out of YOUR bank account. It is a PITA to set up a bank account with TD, so it would be unlikely someone would/could transfer to another account. Anyone disagree?

[rickb]

If your password were hacked, the hacking person could move in and out of your zero interest account at TD and transfer money in and out of YOUR bank account. It is a PITA to set up a bank account with TD, so it would be unlikely someone would/could transfer to another account. Anyone disagree?

Agree.

And, unlike most websites, if you log into TD on a computer that has been hacked and has a keystroke monitor installed, when you log in your password is not compromised since you enter it with mouse clicks on a virtual keyboard.  The possibility of keystroke monitoring is actually a damn good reason to never log into any financial website from any sort of public kiosk computer.

[melveyr]

TD's security seems better than any other financial institution I have had experience with. If anything the hoops they make you jump through are a little bit annoying, making it almost too secure 

[dualstow]

I hate TreasuryDirect and haven't bothered to unlock my account after a password problem in 2005.
I also have not bought I-Bonds since about 2005. (I buy treasuries at Vanguard and Fidelity).

For those of you who don't use TreasuryDirect but do buy I-Bonds, where do you get them? From a bank?

[smurff]

The only place to get IBonds outside of TD is from the IRS.  As of January 2012, if the IRS owes you a refund, you can elect to have all or part of it paid to you via paper IBonds, but the maximum is $5000 per year.  I am not certain whether that is per tax return, or per person, i.e., whether the married couple on a joint return can get a total of $10,000 or if any can be put in the names of their children.

[dualstow]

Ah, thanks.

[MachineGhost]

And, unlike most websites, if you log into TD on a computer that has been hacked and has a keystroke monitor installed, when you log in your password is not compromised since you enter it with mouse clicks on a virtual keyboard.  The possibility of keystroke monitoring is actually a damn good reason to never log into any financial website from any sort of public kiosk computer.

Only if Javascript is enabled.  They also used to require a passcard for 2-factor authentication.