UnThreaded | Threaded | Whole Thread (6) | Ignore Thread Prev Thread | Next Thread
Author: kdewalt Three stars, 500 posts Add to my Favorite Fools Ignore this person (you won't see their posts anymore) Number: of 83  
Subject: TSP Website security Date: 2/24/2007 7:06 AM
Post New | Post Reply | Reply Later | Create Poll . Report this Post | Recommend it!
Recommendations: 3
All,

My wife recently retired from the Navy. We've been contributing to her TSP since they first offered it to active duty folks.

Now that she's retired, I've considered moving her TSP into a traditional IRA. Unfortunately the F-fund has lower fees than the comparable bond ETF AGG that I would be buying.

I say unfortunately because the website security at TSP horrifies me. It is an invitation to hackers for two reasons:
-Your Id is your SSN. Incredibly easy to find.
-Your pin is a 4 DIGIT NUMBER. In an era where everyone is moving to stronger authentication such as one-time-passwords (E*trade), I cannot believe our government is so irresponsible.

I am not at all surprised to see the following on the login splash screen:
----
...

We were able to identify approximately two dozen participants who had relatively small amounts withdrawn from their accounts and electronically forwarded to fraudulent accounts. Although we are working with the financial companies involved for the return of the funds, the total amount of loss involved is approximately $35,000. All affected participants have been notified.

We emphasize that the account information for these participants was not improperly obtained from the TSP record keeping system. External penetration testing has demonstrated that our system has not been breached. There is no evidence of any successful attacks against the system to identify a PIN and thus obtain access.

We have concluded that the personal information was compromised when keyloggers monitored each keystroke made by these participants while they entered their TSP information into their own computer. We are working with the U.S. Secret Service, which has found that such personal information is increasingly available on keylogger lists that are for sale through criminal networks.

...
---
WHAT???!!! This is horribly irresponsible of them. IF THEY HAD STRONGER SECURITY YOU WOULDN'T BE ABLE TO GUESS AND REUSE THE PASSWORDS.

This would not happen with my E*trade account.

and

---
...
The TSP is not responsible for losses resulting from use of a compromised computer.
...
---
Can I translate? "You're on your own"

Of course if they were taking the same measures as corporate america, I could forgive them. They are not.

Fortunately I don't plan on logging into the web site any more. For those of you who are stuck with the system, I would suggest changing your password regularly, using the website sparingly and absolutely only from a computer with upgraded firewall and virus scanning software. Only login from a computer which you and your family can access. Close all browser windows immediately after concluding your session. If you need to check your account status, do so via the quarterly paper statements.
Post New | Post Reply | Reply Later | Create Poll . Report this Post | Recommend it!
Print the post Back To Top
Author: KudieM Big red star, 1000 posts Old School Fool Add to my Favorite Fools Ignore this person (you won't see their posts anymore) Number: 41 of 83
Subject: Re: TSP Website security Date: 2/24/2007 11:42 AM
Post New | Post Reply | Reply Later | Create Poll . Report this Post | Recommend it!
Recommendations: 0
It's too bad, I would give you 100 recs if I were able! Creeps. Supposedly, though, they are working on upgrading the security so eventually (how long that is in Uncle's timeline, though, is murkier) you will have full encryption. I thought it was a bad idea when they started the direct deposit option a few years ago with such minimal security-just an invitation to scammers to clean you out. And after all that, they have the nerve to say "Oh, well, sorry you lost it all, we're not responsible, have a nice day."

Isn't that pretty much exactly how Uncle Sam operates on just about everything he does?

I wish they'd close the TSP down and just do like the private sector does and deposit into the IRA of our choice. I know, I know, the fees are lower, but this is what you're getting for it. Bad security, a sorry attitude of indifference when there are problems, and if you even for a minute belive the line of Although we are working with the financial companies involved for the return of the funds... I've got some prime real estate in the south of Florida to sell ya.....cheap.

Unfortunately I'm trapped in it, 17 or so years to go until retirement. But I only put in up to the matching 5% and the rest I invest on my own. I don't want any more of my $$$ at risk with these creeps.

Cheers!

Oh, yeah, had a bad day at the highly efficient, productive, well organized Federal office where I work yesterday, so some of the residual woke up with me, but I'm going to the Home & Garden show this weekend, so it won't last!

Post New | Post Reply | Reply Later | Create Poll . Report this Post | Recommend it!
Print the post Back To Top
Author: spiritof78 Two stars, 250 posts Old School Fool CAPS All Star Add to my Favorite Fools Ignore this person (you won't see their posts anymore) Number: 42 of 83
Subject: Re: TSP Website security Date: 2/25/2007 6:01 PM
Post New | Post Reply | Reply Later | Create Poll . Report this Post | Recommend it!
Recommendations: 0
Also love the original post the security on TSP's site is pretty awful. All this after they spent a bundle a few years back to upgrade security.

The funds are run pretty well these days though, I wish we in the Active Duty military could get matching funds but thats life.

Trust me Im looking forward to rolling them over into an IRA when i retire in 10.

Print the post Back To Top
Author: kdewalt Three stars, 500 posts Add to my Favorite Fools Ignore this person (you won't see their posts anymore) Number: 44 of 83
Subject: Re: TSP Website security Date: 2/26/2007 9:17 PM
Post New | Post Reply | Reply Later | Create Poll . Report this Post | Recommend it!
Recommendations: 2
Sir...you've misunderstood us...

kdewalt,

who loves his job, thinks TSP is a great deal, and just wishes they would implement the same level of security available in out-of-the-box money management software.

Print the post Back To Top
Author: gs72 Old School Fool Add to my Favorite Fools Ignore this person (you won't see their posts anymore) Number: 45 of 83
Subject: Re: TSP Website security Date: 2/27/2007 10:34 PM
Post New | Post Reply | Reply Later | Create Poll . Report this Post | Recommend it!
Recommendations: 0
I stand corrected and apologize for the flame.

Print the post Back To Top
Author: NuvoRiche One star, 50 posts Old School Fool CAPS All Star Add to my Favorite Fools Ignore this person (you won't see their posts anymore) Number: 46 of 83
Subject: Re: TSP Website security Date: 3/12/2007 12:09 AM
Post New | Post Reply | Reply Later | Create Poll . Report this Post | Recommend it!
Recommendations: 0
The not-so-welcoming welcome message horrified me as well. TSP security appears to be another classic gov't lowest-bidder job. Otherwise I'm a big fan of the TSP, but I'd feel better about my $$$ if TSP security required something more than a SpiderMan secret decoder ring to break into.

Print the post Back To Top
UnThreaded | Threaded | Whole Thread (6) | Ignore Thread Prev Thread | Next Thread
Advertisement