Page 1 of 2

Re: Treasury Direct account security discussion at Bogleheads

Posted: Thu Mar 07, 2019 4:46 pm
by jhogue
I am not ready to hit the panic button over Treasury Direct’s annoying inability to assume full responsibility for the security of transactions in its electronic accounts. Their klunky written responses to the boglehead investor [above] remind me of why people hate dealing with august institutions like the US Postal Service or you local Department of Motor Vehicles.

That said, US savings bonds are US Treasury-issued debt instruments. With trillions held by the USA’s trading partners, and trillions more held domestically by individuals, banks, insurance companies, and corporations, I can’t see a credible scenario in which a Treasury Secretary would do anything that jeopardizes global perceptions of their safety, liquidity, and yield.

Re: Treasury Direct account security discussion at Bogleheads

Posted: Thu Mar 07, 2019 5:51 pm
by ochotona
Maybe if I want to write my Letter to an Important Person, I'd ask that I-Bonds be transferable to a brokerage account. Not that they be made sellable on the secondary market, but just that thy could be sent out of TD.

Re: Treasury Direct account security discussion at Bogleheads

Posted: Thu Mar 07, 2019 6:11 pm
by jhogue
Your post prompts a good question:

Why can't Treasury outsource the management of Treasury Direct to one or more brokerage firms?

Re: Treasury Direct account security discussion at Bogleheads

Posted: Fri Mar 08, 2019 5:17 am
by ochotona
Love the spellign.


Hello Peter,

Thank you for your recommendation towards improvements to TreasurDirect.

We appreciate your investment in TreasuryDirect.

Treasury Services

Re: Treasury Direct account security discussion at Bogleheads

Posted: Fri May 17, 2019 1:55 pm
by ppnewbie
This discussion is very helpful as I am trying to figure out where to park my treasury bonds and bills.

Re: Treasury Direct account security discussion at Bogleheads

Posted: Sat Oct 19, 2019 6:39 pm
by Libertarian666
jhogue wrote:
Wed Feb 13, 2019 3:57 pm
As far as I can tell, no one has lost so much as a dime from a hacked Treasury Direct account.

The historical record of the U.S. Treasury is simple and clear: in roughly two hundred years of operation, it has never failed to return principal and interest on its bonds.
Except for the minor breach of not repaying people in dollars equivalent to gold of the weight and fineness applicable at the time they bought the bonds.

But that was only about a 40% loss, so no big deal.

Re: Treasury Direct account security discussion at Bogleheads

Posted: Sun Oct 20, 2019 7:25 am
by ochotona
Treasury Direct de Venezuela

Re: Treasury Direct account security discussion at Bogleheads

Posted: Sun Oct 20, 2019 3:57 pm
by jacksonm2
I used to buy the maximum amount of allowable I-bonds at Treasury Direct for both me and my wife but I quit doing it and even cashed them all out a few years ago.

Although they did seem to have good security when it came to authenticating the website seemed very unsophisticated.

Eventually I decided it was too risky and cashed out everything, moving it to Fidelity and Vanguard.

The reason - those two institutions have to please their customers to stay in business. If you've never had a bad experience dealing with a government bureaucrat maybe you won't feel the same way but it's hard to imagine getting the same kind of service from government employees if something does go terribly wrong.

Re: Treasury Direct account security discussion at Bogleheads

Posted: Mon Oct 21, 2019 8:47 am
by jhogue
What makes you think that Fidelity and Vanguard are somehow safer than the U.S. Treasury?

Re: Treasury Direct account security discussion at Bogleheads

Posted: Mon Oct 21, 2019 3:58 pm
by jacksonm2
jhogue wrote:
Mon Oct 21, 2019 8:47 am
What makes you think that Fidelity and Vanguard are somehow safer than the U.S. Treasury?
If this question is directed at me I thought I gave the reason in my post. I have no idea which of those three are the most or least hackable. I just believe that if I was hacked I would rather deal with Fidelity or Vanguard than the U.S. Treasury.

Re: Treasury Direct account security discussion at Bogleheads

Posted: Wed Oct 23, 2019 8:36 am
by grapesofwrath
I would think Treasury Direct is safer than Vanguard/Schwab/Fidelity because it has virtually no customer service.

Re: Treasury Direct account security discussion at Bogleheads

Posted: Wed Oct 23, 2019 5:21 pm
by ochotona
grapesofwrath wrote:
Wed Oct 23, 2019 8:36 am
I would think Treasury Direct is safer than Vanguard/Schwab/Fidelity because it has virtually no customer service.
Interesting perspective. I've gone round and round in my head on this matter, and I think if you use the 2FA (I send 2FA emails to Hotmail), and if you vigorously defend said 2FA channel (I use 2FA on my 2FA, and it ain't a phone, it's an authenticator app), and if you change the password every once in a while (16 characters for me, upper / lower / numbers /symbols), and if you print out proof of ownership, you won't have problems.

Re: Treasury Direct account security discussion at Bogleheads

Posted: Fri Oct 25, 2019 2:35 pm
by jacksonm2
grapesofwrath wrote:
Wed Oct 23, 2019 8:36 am
I would think Treasury Direct is safer than Vanguard/Schwab/Fidelity because it has virtually no customer service.
Exactly my point but we apparently see things in reverse as to whether or not that is a good thing.

Re: Treasury Direct account security discussion at Bogleheads

Posted: Fri Oct 25, 2019 3:00 pm
by ochotona
jacksonm2 wrote:
Fri Oct 25, 2019 2:35 pm
grapesofwrath wrote:
Wed Oct 23, 2019 8:36 am
I would think Treasury Direct is safer than Vanguard/Schwab/Fidelity because it has virtually no customer service.
Exactly my point but we apparently see things in reverse as to whether or not that is a good thing.
Each way to keep cash has different risk. Money in the bank, money in T-Bills is exposed to negative interest rate risk! And risk of bank default and FDIC is not sufficiently funded.

It's wise to spread your risks around. Don't avoid I-Bonds because they have some risk, use them because they have risk which aren't like the risks you face in other places.

Re: Treasury Direct account security discussion at Bogleheads

Posted: Fri Oct 25, 2019 6:22 pm
by jhogue
Exactly.
Just as in the Lehman Brothers bankruptcy in 2008, it will be impossible in advance to predict where, when, and how the next liquidity crisis will strike. The point of holding T-bills in a brokerage, I bonds in a safe deposit box or TreasuryDirect account, and a stash of greenbacks somewhere nearby is to diversify your Cash holdings before that moment comes when liquidity seems to be evaporating everywhere.

I sleep better at night knowing I have spread the risk around.

Re: Treasury Direct account security discussion at Bogleheads

Posted: Mon Dec 16, 2019 6:58 pm
by vnatale
ochotona wrote:
Wed Oct 23, 2019 5:21 pm
grapesofwrath wrote:
Wed Oct 23, 2019 8:36 am
I would think Treasury Direct is safer than Vanguard/Schwab/Fidelity because it has virtually no customer service.
Interesting perspective. I've gone round and round in my head on this matter, and I think if you use the 2FA (I send 2FA emails to Hotmail), and if you vigorously defend said 2FA channel (I use 2FA on my 2FA, and it ain't a phone, it's an authenticator app), and if you change the password every once in a while (16 characters for me, upper / lower / numbers /symbols), and if you print out proof of ownership, you won't have problems.
1. I assume that you'd consider printing to a PDF and saving it would be equivalent to "proof of ownership"?
2. If so, Is it impossible for someone to create a fake document that looks real? If possible then that reason could make all documents not acceptable as proof of ownership? Also, how can you prove that no activity on your part had not occurred subsequent to the date of your document?

Vinny

Re: Treasury Direct account security discussion at Bogleheads

Posted: Tue Dec 17, 2019 7:48 am
by Libertarian666
jhogue wrote:
Fri Oct 25, 2019 6:22 pm
Exactly.
Just as in the Lehman Brothers bankruptcy in 2008, it will be impossible in advance to predict where, when, and how the next liquidity crisis will strike. The point of holding T-bills in a brokerage, I bonds in a safe deposit box or TreasuryDirect account, and a stash of greenbacks somewhere nearby is to diversify your Cash holdings before that moment comes when liquidity seems to be evaporating everywhere.

I sleep better at night knowing I have spread the risk around.
That's great except that you don't mention gold, which is actually a form of cash too.

Re: Treasury Direct account security discussion at Bogleheads

Posted: Tue Dec 17, 2019 11:05 am
by ochotona
vnatale wrote:
Mon Dec 16, 2019 6:58 pm
ochotona wrote:
Wed Oct 23, 2019 5:21 pm
Interesting perspective. I've gone round and round in my head on this matter, and I think if you use the 2FA (I send 2FA emails to Hotmail), and if you vigorously defend said 2FA channel (I use 2FA on my 2FA, and it ain't a phone, it's an authenticator app), and if you change the password every once in a while (16 characters for me, upper / lower / numbers /symbols), and if you print out proof of ownership, you won't have problems.
1. I assume that you'd consider printing to a PDF and saving it would be equivalent to "proof of ownership"?
2. If so, Is it impossible for someone to create a fake document that looks real? If possible then that reason could make all documents not acceptable as proof of ownership? Also, how can you prove that no activity on your part had not occurred subsequent to the date of your document?

Vinny

The PDF is just the best any of us can do. Of course I have no way of knowing if the Treasury Department would accept it. These are unknowables.

Re: Treasury Direct account security discussion at Bogleheads

Posted: Wed Dec 18, 2019 9:50 am
by jhogue
Libertarian666 wrote:
Tue Dec 17, 2019 7:48 am
jhogue wrote:
Fri Oct 25, 2019 6:22 pm
Exactly.
Just as in the Lehman Brothers bankruptcy in 2008, it will be impossible in advance to predict where, when, and how the next liquidity crisis will strike. The point of holding T-bills in a brokerage, I bonds in a safe deposit box or TreasuryDirect account, and a stash of greenbacks somewhere nearby is to diversify your Cash holdings before that moment comes when liquidity seems to be evaporating everywhere.

I sleep better at night knowing I have spread the risk around.
That's great except that you don't mention gold, which is actually a form of cash too.
I would agree that gold can be a medium of exchange and remains a store of wealth without peer in global history. That certainly makes it similar in some respects to the STTs under discussion above.

But the gold in your avatar is certainly not Treasury-issued debt, nor does it bear a fixed nominal rate of interest, nor does it come with a “full faith and credit” guarantee from the US government. That doesn’t make gold bad—just a different kind of asset.

Re: Treasury Direct account security discussion at Bogleheads

Posted: Mon Feb 17, 2020 4:23 pm
by vnatale
ochotona wrote:
Sun Feb 10, 2019 4:17 pm
This is not good. Not at all. I-Bonds are cool, but I can do without them at the end of the day. I have too many accounts, would be helpful to get rid of one.

Here I am, with Schwab and Fidelity accounts that use reasonably modern continuously rotating six-digit additional security codes, and 2FA, and nice security guarantees, and there's just no excuse for putting up with TreasuryDirect's sub-standard customer service. Even if they have cool little security (::: cry :::).
How do they get these codes to you? And, are they separate or part of the two factor authorization?

When I log into Vanguard I get a phone call from them giving me each time a different six-digit code which I then use as part of my two factor authorization.

As part of my job in doing online business with one of our banks they have supplied ne with a fob with a rotating eight-digit code (that I add the same four more digits to) whenever I log in. And, then it immediately sends back to me on that fob a four digit verification code. I'm sure the device does not draw much power but the battery is quite long lived as I've been using it for at least two years, maybe three with no battery replacement.

Vinny

Re: Treasury Direct account security discussion at Bogleheads

Posted: Sat Feb 29, 2020 9:58 am
by ppnewbie
I’ll add my own experience in this thread. I have I bonds in treasury direct. The site and opacity of the support does make me nervous.

I am going to take the suggestion on this thread to capture images and build spreadsheets of all the bonds I currently own.

From my perspective - they are the equivalent of cash, since I believe you can sell them any time, even before the one year period. Your only penalty is that you lose the interest.

Please correct me if I am off base on that. Also - I don’t quite understand EE bonds. I’ll research that before my next purchase.

One question I had is - Are I bonds considered as safe as t-bills in case of a zombie apocalypse?

Re: Treasury Direct account security discussion at Bogleheads

Posted: Sat Feb 29, 2020 10:30 am
by jhogue
Dear ppnewbie,
Welcome to the forum.

1. It is always a good idea to make a spreadsheet with a list of your I bonds.

2. I bonds cannot be cashed until they are one year old. After that, you can cash them any time. From one year to five years there is a 3 month interest rate penalty. After that there is no penalty to cash them.

3. EE bonds protect your cash from deflation, similar to how I bonds protect your cash from inflation. Their current rate is minimal, but if you hold them for 20 years they will automatically double in value. EE bonds work best for long term liability matching, like paying for college or financing early retirement.

4. Both I bonds and EE bonds have the same "full faith and credit" backing of the US Treasury as T bills, so, yes, your principal is considered risk free. Nobody has ever seen a real zombie apocalypse, but US savings bonds have survived every possible economic condition since they were created in the 1930s.

Re: Treasury Direct account security discussion at Bogleheads

Posted: Thu Apr 23, 2020 6:06 pm
by vnatale
ochotona wrote:
Wed Oct 23, 2019 5:21 pm
grapesofwrath wrote:
Wed Oct 23, 2019 8:36 am
I would think Treasury Direct is safer than Vanguard/Schwab/Fidelity because it has virtually no customer service.
Interesting perspective. I've gone round and round in my head on this matter, and I think if you use the 2FA (I send 2FA emails to Hotmail), and if you vigorously defend said 2FA channel (I use 2FA on my 2FA, and it ain't a phone, it's an authenticator app), and if you change the password every once in a while (16 characters for me, upper / lower / numbers /symbols), and if you print out proof of ownership, you won't have problems.
Is it possible for you to further elaborate on the above?

Vinny

Re: Treasury Direct account security discussion at Bogleheads

Posted: Thu Apr 23, 2020 6:27 pm
by ochotona
vnatale wrote:
Thu Apr 23, 2020 6:06 pm

Is it possible for you to further elaborate on the above?

Vinny

TD sends you an email if you try to login. But that's only as good as your email security. So my email has strong two-factor authentication as well, using a phone app. Text is a weaker form of two-factor auth, because you can get your phone number stolen ("SIM hacking").

Re: Treasury Direct account security discussion at Bogleheads

Posted: Thu Apr 23, 2020 6:50 pm
by vnatale
ochotona wrote:
Thu Apr 23, 2020 6:27 pm
vnatale wrote:
Thu Apr 23, 2020 6:06 pm

Is it possible for you to further elaborate on the above?

Vinny

TD sends you an email if you try to login. But that's only as good as your email security. So my email has strong two-factor authentication as well, using a phone app. Text is a weaker form of two-factor auth, because you can get your phone number stolen ("SIM hacking").
How about a phone call where you get a code that you need to input. How do you rank that? That is what banks will do (and, Vanguard).

But still trying to get the details on your email.

TD sends this email to an email address. I'm still not following..."So my email has strong two-factor authentication as well, using a phone app." And, I don't know if you cannot elaborate because then that gives someone some knowledge of how to get into your account.

Are you saying this email address is only for this login which has the strong two-factor authentication? Or, all your email? I'm suspecting it is the former.

I can only imagine that the email is sent to an email address which you only use for this? And, that requires you to enter the email address and password via a browser? Or, it comes directly to you via your regular email programs? Just not seeing what the phone app is doing. Are you able to disclose the phone app? Or, would doing so compromise your security?

Vinny

Vinny