Prepare for failure. A good rule, but painful is: The more income tied to an account the greater the difficulty to move the income. I'm too tired to list best practices but for example: Set up canaries, daily emails from your account just for the peace of mind that your email is the primary communication for the account. Biggest assets should take time and multiple steps to transfer or cashout. Know your account managers and be able to contact them directly.
Hi, I hope this doesn't come across as me not respecting your tiredness but could you link or anything to best practices if you don't have the energy to write it out yourself?
Well, I will try. First, I was commenting on my interpretation of the parent comment. Identify theft, and protecting savings and retirement accounts.
Be inquisitive and aware. I think you have this covered by reading hacker news and having an interest in the subject. I've enjoyed reading Slashdot (while it was good) before switching to hacker news, but it's also been a vital ongoing education for me. Comments often having more value than the original article. Being knowledgeable of security risks and common exploits helps prevent falling victim to them.
Steps for securing accounts.
Confirm that you are notified of email address changes.
Confirm that you are notified of any transactions on the account.
Setting up a canary if possible. I set up an email alert on a common event. So, I basically I get an email from the company daily, and this confirms that my email address has not been changed. If you are certain you will be contacted if your email address changes then this is not necessary as the email change notification acts as the warning.
Have email and phone of account representative that you can contact if there is a problem with the account.
That should be all that is necessary.
Now, the day comes, someone has changed your email address. Maybe they even did some transactions. Stay calm, stay professional. Contact your account representative and notify them of the problem. Be able to identify yourself, call from a phone number associated with the account (or previously associated). Be able to answer security questions. Account representative should be able to freeze the account and resolve any issues.
If you're satisfied with the phone call, great. If you're in anyway nervous about the resolution, then create a paper trail, send a letter that documents the issue and your attempts to resolve it.
A quick disclaimer, I'm not an expert. Adjust anything to fit your own needs.
Would you mind clarifying what a canary is? I understand it is referencing the idea of a canary in a coal mine but what does that look like in this context? Other than having a separate account to which you transfer most of your funds so you can't get robbed at gunpoint and be forced to transfer someone your money I'm drawing a blank here - sorry.
A canary is a safeguard against dangers. In my example, my daily emails from my investment account is my canary. When I stop getting emails, I know there's a problem.
I cannot remember the details, but one of my favorite canarys was a website that had a paragraph that basically stated we have not been compromised in the past 24 hours. It had a timer that had to be rest daily or the paragraph whould disappear from the website.
