Quote:
Originally Posted by SaucyJim
First, once again, they forced me to update the password on my wife's account.
I've already provided sufficient evidence to illustrate that this is no longer considered to be a wise security practice.
Next, they could provide no clear reason for the blockage. In other words, they don't know why they blocked us out of our account. Pretty weak, I'd say.
The last money movement was on 9/3/24. They locked the account on 9/27/24. That's a 24-day response time. Again, not only scary, but extremely weak security protocol.
Spew away!
|
Clearly your accounts were attempted targets for hackers. Likely your actual names are being used for your account user names. That is a horrible security practice.
When accounts are hacked, it IS RECOMMENDED to change password. It is also recommended to change the username.
What is not recommended is periodic password changes when no evidence of hacking that account it present.
Fidelity will never tell anyone outside of their security group what processes and intelligence is used to capture hacking attempts. That information is highly sought after by hackers. Keeping it confidential IS GOOD security.
Likely the account was locked within sub-seconds of the hacking attempt. That would be hack on 9/27/24, lock 9/27/24.
Many of your assumptions are wrong and are causing you to make invalid conclusions. Then using those mistakes to bash others is wrong.
Some suggestions going ahead.
Change username and password on your Fidelity account(s).
Do you use your actual name on any other accounts? If yes, change those usernames too. You are likely a target now.
Keep more than one month expenses in your checking account.
Diversify your retirement in other than just in Fidelity.
Be happy. Fidelity blocked someone from forcing you to go back to work because all your money could have been stolen.
If you are actually writing down passwords, you need a password manager.
Also, just because it could take 100,000,000 years to guess a password, it could take one day if they make a lucky guess. My passwords are >64 characters long, and would take practically forever to guess programmatically, but yet still could be guessed in one lucky guess. That's why my account user name is not my name, or anything that resembles a name. I want it impossible for a hacker.
Please keep in mind that personal information has been stolen and is on the web. That would include you full name, address, SSN, phone numbers, credit history, etc. Fidelity sees multiple hacks on your account and someone showing quite an attitude when not getting instant access. That triggers many red flags on their end. They have an obligation to safeguard your funds, and not bend over allowing a hacker to impersonate you.