Message Font: Serif | Sans-Serif
No. of Recommendations: 3

My wife recently retired from the Navy. We've been contributing to her TSP since they first offered it to active duty folks.

Now that she's retired, I've considered moving her TSP into a traditional IRA. Unfortunately the F-fund has lower fees than the comparable bond ETF AGG that I would be buying.

I say unfortunately because the website security at TSP horrifies me. It is an invitation to hackers for two reasons:
-Your Id is your SSN. Incredibly easy to find.
-Your pin is a 4 DIGIT NUMBER. In an era where everyone is moving to stronger authentication such as one-time-passwords (E*trade), I cannot believe our government is so irresponsible.

I am not at all surprised to see the following on the login splash screen:

We were able to identify approximately two dozen participants who had relatively small amounts withdrawn from their accounts and electronically forwarded to fraudulent accounts. Although we are working with the financial companies involved for the return of the funds, the total amount of loss involved is approximately $35,000. All affected participants have been notified.

We emphasize that the account information for these participants was not improperly obtained from the TSP record keeping system. External penetration testing has demonstrated that our system has not been breached. There is no evidence of any successful attacks against the system to identify a PIN and thus obtain access.

We have concluded that the personal information was compromised when keyloggers monitored each keystroke made by these participants while they entered their TSP information into their own computer. We are working with the U.S. Secret Service, which has found that such personal information is increasingly available on keylogger lists that are for sale through criminal networks.


This would not happen with my E*trade account.


The TSP is not responsible for losses resulting from use of a compromised computer.
Can I translate? "You're on your own"

Of course if they were taking the same measures as corporate america, I could forgive them. They are not.

Fortunately I don't plan on logging into the web site any more. For those of you who are stuck with the system, I would suggest changing your password regularly, using the website sparingly and absolutely only from a computer with upgraded firewall and virus scanning software. Only login from a computer which you and your family can access. Close all browser windows immediately after concluding your session. If you need to check your account status, do so via the quarterly paper statements.
Print the post  


When Life Gives You Lemons
We all have had hardships and made poor decisions. The important thing is how we respond and grow. Read the story of a Fool who started from nothing, and looks to gain everything.
Contact Us
Contact Customer Service and other Fool departments here.
Work for Fools?
Winner of the Washingtonian great places to work, and Glassdoor #1 Company to Work For 2015! Have access to all of TMF's online and email products for FREE, and be paid for your contributions to TMF! Click the link and start your Fool career.