Treasury Direct account security discussion at Bogleheads

Discussion of the Cash portion of the Permanent Portfolio

Moderator: Global Moderator

User avatar
vnatale
Executive Member
Executive Member
Posts: 9422
Joined: Fri Apr 12, 2019 8:56 pm
Location: Massachusetts
Contact:

Re: Treasury Direct account security discussion at Bogleheads

Post by vnatale » Thu Apr 23, 2020 6:50 pm

ochotona wrote:
Thu Apr 23, 2020 6:27 pm
vnatale wrote:
Thu Apr 23, 2020 6:06 pm

Is it possible for you to further elaborate on the above?

Vinny

TD sends you an email if you try to login. But that's only as good as your email security. So my email has strong two-factor authentication as well, using a phone app. Text is a weaker form of two-factor auth, because you can get your phone number stolen ("SIM hacking").
How about a phone call where you get a code that you need to input. How do you rank that? That is what banks will do (and, Vanguard).

But still trying to get the details on your email.

TD sends this email to an email address. I'm still not following..."So my email has strong two-factor authentication as well, using a phone app." And, I don't know if you cannot elaborate because then that gives someone some knowledge of how to get into your account.

Are you saying this email address is only for this login which has the strong two-factor authentication? Or, all your email? I'm suspecting it is the former.

I can only imagine that the email is sent to an email address which you only use for this? And, that requires you to enter the email address and password via a browser? Or, it comes directly to you via your regular email programs? Just not seeing what the phone app is doing. Are you able to disclose the phone app? Or, would doing so compromise your security?

Vinny

Vinny
Above provided by: Vinny, who always says: "I only regret that I have but one lap to give to my cats." AND "I'm a more-is-more person."
User avatar
ochotona
Executive Member
Executive Member
Posts: 3353
Joined: Fri Jan 30, 2015 5:54 am

Re: Treasury Direct account security discussion at Bogleheads

Post by ochotona » Thu Apr 23, 2020 7:50 pm

I use Hotmail for financial matters, which is Microsoft. I can't possibly make a good explanation of MS security, you may read it here:

https://support.microsoft.com/en-us/hel ... rification

Security of whatever communications channel you are using for 2FA is paramount.
Post Reply