UnThreaded | Threaded | Whole Thread (6) | Ignore Thread Prev | Next
Author: kdewalt Three stars, 500 posts Add to my Favorite Fools Ignore this person (you won't see their posts anymore) Number: of 83  
Subject: TSP Website security Date: 2/24/2007 7:06 AM
Post New | Post Reply | Reply Later | Create Poll Report this Post | Recommend it!
Recommendations: 3
All,

My wife recently retired from the Navy. We've been contributing to her TSP since they first offered it to active duty folks.

Now that she's retired, I've considered moving her TSP into a traditional IRA. Unfortunately the F-fund has lower fees than the comparable bond ETF AGG that I would be buying.

I say unfortunately because the website security at TSP horrifies me. It is an invitation to hackers for two reasons:
-Your Id is your SSN. Incredibly easy to find.
-Your pin is a 4 DIGIT NUMBER. In an era where everyone is moving to stronger authentication such as one-time-passwords (E*trade), I cannot believe our government is so irresponsible.

I am not at all surprised to see the following on the login splash screen:
----
...

We were able to identify approximately two dozen participants who had relatively small amounts withdrawn from their accounts and electronically forwarded to fraudulent accounts. Although we are working with the financial companies involved for the return of the funds, the total amount of loss involved is approximately $35,000. All affected participants have been notified.

We emphasize that the account information for these participants was not improperly obtained from the TSP record keeping system. External penetration testing has demonstrated that our system has not been breached. There is no evidence of any successful attacks against the system to identify a PIN and thus obtain access.

We have concluded that the personal information was compromised when keyloggers monitored each keystroke made by these participants while they entered their TSP information into their own computer. We are working with the U.S. Secret Service, which has found that such personal information is increasingly available on keylogger lists that are for sale through criminal networks.

...
---
WHAT???!!! This is horribly irresponsible of them. IF THEY HAD STRONGER SECURITY YOU WOULDN'T BE ABLE TO GUESS AND REUSE THE PASSWORDS.

This would not happen with my E*trade account.

and

---
...
The TSP is not responsible for losses resulting from use of a compromised computer.
...
---
Can I translate? "You're on your own"

Of course if they were taking the same measures as corporate america, I could forgive them. They are not.

Fortunately I don't plan on logging into the web site any more. For those of you who are stuck with the system, I would suggest changing your password regularly, using the website sparingly and absolutely only from a computer with upgraded firewall and virus scanning software. Only login from a computer which you and your family can access. Close all browser windows immediately after concluding your session. If you need to check your account status, do so via the quarterly paper statements.
Post New | Post Reply | Reply Later | Create Poll Report this Post | Recommend it!
Print the post  
UnThreaded | Threaded | Whole Thread (6) | Ignore Thread Prev | Next

Announcements

Pencils of Promise - Back to School Drive
"Pencils of Promise works with communities across the globe to build schools and create programs that provide education opportunities for children."
Post of the Day:
Apple

Wal-Mart Nixes Apple Pay
What was Your Dumbest Investment?
Share it with us -- and learn from others' stories of flubs.
When Life Gives You Lemons
We all have had hardships and made poor decisions. The important thing is how we respond and grow. Read the story of a Fool who started from nothing, and looks to gain everything.
Community Home
Speak Your Mind, Start Your Blog, Rate Your Stocks

Community Team Fools - who are those TMF's?
Contact Us
Contact Customer Service and other Fool departments here.
Work for Fools?
Winner of the Washingtonian great places to work, and "#1 Media Company to Work For" (BusinessInsider 2011)! Have access to all of TMF's online and email products for FREE, and be paid for your contributions to TMF! Click the link and start your Fool career.
Advertisement