[SaucyJim]

Hi kids!

Not sure why, but the other thread got closed. Some of you had asked me to share the outcome of the blocked account issue for which Fidelity does not provide 24x7x365 support.

First, once again, they forced me to update the password on my wife's account. I've already provided sufficient evidence to illustrate that this is no longer considered to be a wise security practice. So I strung up a bunch of curse words and added some special symbols to create a password unique only to my wife's Fidelity account. (I'm kidding.) So the account is no longer blocked. For the record, this could not be have been done before they unblocked (it was blocked - not locked) the account.

Next, they could provide no clear reason for the blockage. In other words, they don't know why they blocked us out of our account. Pretty weak, I'd say. One guy earlier this morning (who could not help us because we called before the "back office" was open) said it appeared to be related to some money movement and trades. The last money movement was on 9/3/24. They locked the account on 9/27/24. That's a 24-day response time. Again, not only scary, but extremely weak security protocol.

The "back office" guy mentioned that my managing my wife's account might have been what triggered the block. I asked, "If I'm logging into her account with her account number and password, how would your systems know if was me and not her?" Crickets.

And I've been logging into that account as her for over 12 years. Yeah. Great response time to catch on to that anomaly.

So, there. You're updated. Blocked from our money for no reason and not provided with support to resolve the issue until a regular business day. Yay! I got to worry about a LOT of money not being visible on my radar for a whole weekend.

So, I'll sit back now and allow those who will put words into my mouth and assume I am idiot spew their vitriol. As for me, I will continue using Fidelity (it's a lot of work to move) but, as I said before, I would not recommend them to family or friends going forward.

Spew away!

[SaucyJim]

Quote:

Originally Posted by Pugchief

your one and only complaint is that Fidelity doesn't have 24/7/365 coverage in the back office?

Not quite. My one and only complaint is that Fidelity doesn't have 24/7/365 coverage in the back office for security lockdowns initiated by them -- especially when they can't even explain why it happened.

[Maker]

Quote:

Originally Posted by SaucyJim

First, once again, they forced me to update the password on my wife's account.
I've already provided sufficient evidence to illustrate that this is no longer considered to be a wise security practice.

Next, they could provide no clear reason for the blockage. In other words, they don't know why they blocked us out of our account. Pretty weak, I'd say.

The last money movement was on 9/3/24. They locked the account on 9/27/24. That's a 24-day response time. Again, not only scary, but extremely weak security protocol.

Spew away!

Clearly your accounts were attempted targets for hackers. Likely your actual names are being used for your account user names. That is a horrible security practice.

When accounts are hacked, it IS RECOMMENDED to change password. It is also recommended to change the username.
What is not recommended is periodic password changes when no evidence of hacking that account it present.

Fidelity will never tell anyone outside of their security group what processes and intelligence is used to capture hacking attempts. That information is highly sought after by hackers. Keeping it confidential IS GOOD security.

Likely the account was locked within sub-seconds of the hacking attempt. That would be hack on 9/27/24, lock 9/27/24.

Many of your assumptions are wrong and are causing you to make invalid conclusions. Then using those mistakes to bash others is wrong.

Some suggestions going ahead.
Change username and password on your Fidelity account(s).
Do you use your actual name on any other accounts? If yes, change those usernames too. You are likely a target now.
Keep more than one month expenses in your checking account.
Diversify your retirement in other than just in Fidelity.
Be happy. Fidelity blocked someone from forcing you to go back to work because all your money could have been stolen.
If you are actually writing down passwords, you need a password manager.

Also, just because it could take 100,000,000 years to guess a password, it could take one day if they make a lucky guess. My passwords are >64 characters long, and would take practically forever to guess programmatically, but yet still could be guessed in one lucky guess. That's why my account user name is not my name, or anything that resembles a name. I want it impossible for a hacker.

Please keep in mind that personal information has been stolen and is on the web. That would include you full name, address, SSN, phone numbers, credit history, etc. Fidelity sees multiple hacks on your account and someone showing quite an attitude when not getting instant access. That triggers many red flags on their end. They have an obligation to safeguard your funds, and not bend over allowing a hacker to impersonate you.

[SaucyJim]

Quote:

Originally Posted by Maker

Clearly your accounts were attempted targets for hackers. Likely your actual names are being used for your account user names. That is a horrible security practice. .

Wrong. Logins are account numbers.

Read the thread and my comments. Not going reiterate any longer.

But I will reiterate that my issue is not their security, but their lack of support around it on a 24 hour basis.

[Boomer]

. . .

[Maker]

Quote:

Originally Posted by SaucyJim

Wrong. Logins are account numbers.

Read the thread and my comments. Not going reiterate any longer.

But I will reiterate that my issue is not their security, but their lack of support around it on a 24 hour basis.

Using account number as login ID is equally awful as using your name.
Account numbers can be found published in a lot of places. If you were really in security roles, you would know that. It's trivial information covered in all 30 minute long "introduction to account security" classes. BTW your account number is associated with every investment you have, every transfer you make, every buy or sell (that gets reported to SEC), every statement, everything you do. They follow a format and can be guessed easily.

Highly recommend you change that immediately. Then your need for a 24/7 response will never be triggered in the first place.

No need to reply. People here are trying to help you. If you prefer to ignore that advice, we prefer to ignore your reply.

[CoachKandSportsguy]

Quote:

Originally Posted by SaucyJim

Wrong. Logins are account numbers.

not at the Fidelity Investments I use. .. .

at the Fidelity Investments I use you can set your login name to anything you want.

But your anger is not really about Fidelity, its about you got embarrassed by a security incident at whatever Fidelity you use, and as always, it was at a very inconvenient time, and you wanted instant customer service to stay on schedule and not get embarrassed with a delayed payment. That instant satisfaction didn't happen, and you want to take it out on Fidelity. .

The real fix, as I also worked in IT, and built automation as much as possible, is to automated the process with a time buffer in case something does go wrong. But you already know this, you just go embarrassed for not doing that as well. .

But that is me, a fidelity user for 40+ years, one of the largest Fidelity individual option traders in the early 80s, ie, there were like 10 of us. . and worked in and with IT for 30+ years, including application security. . . who also doesn't use account numbers in my user name, and change long random string passwords with 2 FA, and considering to going to YubiKey for higher level security. however, somehow I am afraid of losing the YubiKey, and then really being locked out of my Fidelity account.

And you are you

YMMV