Thinking Capital

Share this post

Thinking Capital
Thinking Capital
Financial Security 101
Copy link
Facebook
Email
Notes
More

Financial Security 101

3 simple tactics you likely haven't considered.

Apr 16, 2022

Share this post

Thinking Capital
Thinking Capital
Financial Security 101
Copy link
Facebook
Email
Notes
More
Share

Welcome new Thinkers, we’re now 188 strong 💪

Good morning, this is Thinking Capital. A weekly mission for you to optimize your financial life. Today’s mission: financial security.

Did a friend forward this to you, if so you can subscribe here:

The best defense is a good offense, or so the adage goes. Whether we’re talking sports or military operations, this also holds true for financial security.

You’ve likely heard so many tactics before that eye-rolls ensue when people list off the standard security spiel:

  • Sign up for paperless

  • Secure your email

  • Avoid easily guessable passwords

  • Enable two-factor authentication

  • Etc

While I want to make some optimizations to the above, I also want to offer three unique ideas you may not have considered.

Your mission, should you choose to accept it, is to improve your financial (and overall digital) security.

Let’s start with some upgrades to the list above:

  • Secure your email —> consider purchasing YubiKeys (1 + 1 or 2 backups)

    • Always purchase security devices directly from the manufacturer

  • Avoid easily guessable passwords —> you NEED a password manager in 2022

    • I recommend Dashlane & LastPass (family plans save $)

  • Enable two-factor authentication —> use an app instead of texts (SMS)

    • a) Texts are susceptible to sim-swap attacks

    • b) Texts don’t work if you don’t have cell phone service (travel, flights)

    • c) Apps have backup passwords, saving time if you change phones

    • I recommend Duo and Authy, be sure to write the backup password down on paper and store it somewhere safe

You may be thinking, why are you recommending two password managers and two MFA (multi-factor authentication) apps?

You may want to consider using one password manager for your day to day accounts that you’re often logging into, and another password manager that’s only associated with financial accounts. Same applies to the MFA apps. Alternatively, you may use one account for personal use, and reserve the other for work or your own business. Either way, just remember that your passwords for the following services should be INSANELY secure, random and kept offline on physical paper in at least two trusted locations:

  • Email address(es)

  • Password manager(s)

  • MFA app(s)

  • Crypto seed phrase(s) — we’ll cover this further in a future issue

Ok, you have a manager, an MFA app, and you’re feeling good. What are those three tactics I mentioned?

  1. Better browser

  2. Private email address

  3. Non-PII security questions

Let’s talk through each.

A better browser. Security starts at the device level, ensuring your device isn’t compromised. The next level down is your portal to the internet, your browser. I recommend making the switch to Brave on both desktop and mobile.

Private email address. My name has amazing SEO. If you search “Armand Khatri” there’s a ton of info there and zero other indexed people who share my name. If your name is “Jane Doe,” you may already have an email address that’s difficult to guess, but many of us we tend to follow a standard email address format that’s fairly easily guessed.

🤯 This doesn’t have to be the email address you use for your financial accounts.

Instead you can make up an email address that you keep private and use this private email for your financial accounts. Boom, you just made hacking your accounts twice as difficult. Now, an attacker needs to guess your password and your email address.

Non-PII security questions. PII stands for personally identifiable information, and our “backup security” questions are typically chock full of that info.

  • Where did you meet your spouse? This may be on your Instagram

  • What’s the name of your first pet? This may be on your Facebook

  • What’s your favorite movie? This may be on your MySpace (lol)

🤯 If you have proper password etiquette, you don’t need to use real answers. Whether it’s a physical backup note or a secondary password manager, you can generate very random answers that aren’t guessable and log them for later reference.

So, now what?

Get to work! This isn’t an easy process, but there’s a reason I shifted these emails to Saturday mornings. Take an hour and focus on your most important accounts first, and then slowly start to clear out all the passwords you have saved in less-secure password managers like:

  • Apple Keychain

  • Safari, Chrome and other browsers

  • etc

Good luck and let me know what I missed. How else do you secure your passwords? Once you’ve completed last week's Privacy 101 and today’s Security 101, you’ll be ready for Crypto Security 101 in the next few weeks.

Who do you know that will benefit from this guide? Give them the gift of better digital security by sharing.

A slight diversion…

🛫 Are you swimming in airline miles and credit card points, but don’t have the time to think about YOLO redemptions?

Let me help! Reply with your dream destination and estimates of how many points you have. I’ve been doing some personal trip planning and have a new set of tools I’d like to battle test.

<3

Armand

Share this post

Thinking Capital
Thinking Capital
Financial Security 101
Copy link
Facebook
Email
Notes
More
Share

Discussion about this post

No posts

Ready for more?

© 2024 Armand Khatri
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More