Category: day2day

Q:!!way2protect against remote brute-force hacker#wifi,download,hints

Posted on by tiger40490

 

New Special Protection — money-lock i.e. disable remote access. Hackers can’t impersonate you physically at a branch.

See also

  • https://btv-open.dreamhosters.com/64579/passwd-site-traits/

widespread myth —  even if you are 100% with passwords, devices,,, hackers can still break into your bank accounts.
.. reality — SPF has no confirmed case of money lost to brute-force remote hacking.
However, many of us do use free wifi, and download various software, so we aren’t 100% careful.

— Brute-force remote hacking .. by definition requires numerous repetitions of trial-n-error attempts.

Scenario 1: Suppose your password is weak in a financial_account without 2FA. A remote hacker is simply unable to impersonate you by trial-n-error, because  every remote authentication system has a “kill counter” to detect log-in “retries” and lock down.

Scenario 3a: Suppose you save your FULL password in an encrypted file, and it is leaked. A remote hacker can indeed pay for a powerful compute farm (no trailing “r”) to crack file encryption. Once she gets your password, she can log in to your many financial_accounts without trial-n-error.

Tip: in your personal backup files, never save your entire password as is … better use hints. This way, a brute-force hacker can only see hints and need to try many times and get into Senario 1.

Scenario 3b: suppose your password transmission is encrypted but leaked due to eavesdropping… same result as 3a, but this is a widespread risk affecting millions of remote authentications every day. I trust financial institutions in their technical assessment and their encryption technology.

Tip: avoid using the same password across financial_accounts unless protected by 2FA

Tip: Periodically update passwords en-masse for ALL non-trivial financial_accounts. Usually up to 9 such sites. 

— Q1: If brute-force remote hacking is so easy, then what (confirmed) case count would be a reasonable number?
A: Imagine a naive authentication scheme that converts every credential into a short “password” like a single byte. It’s like a cheap key that can open 10% of the lockers in an entire school. Chance break-in would be frequent. That’s a first scenario.

A: For a second , more sophisticated, scenario, suppose computing power improves enough to let any serious student easily crack 2FA by brute force, then banks would shut down all remote access, and require clients to always visit branches. Remote authentication would be phased out across all industries.

Remote authentication was accepted progressively across industries as system security strengthened demonstrably. When this trend reverses, each enterprise would have to find ways and retreat to earlier, /usable/ systems. Such “retreats” are not so rare — when air travel was considered unsafe during covid pandemic, the industry closed down.

A: for another, more realistic, scenario, suppose in a poor country, a bank physical vault is also easy to hack, then people would just put money under their pillow, rather than saving in the bank. However, under-the-pillow is also easy to hack in this poor country. So private posession would be impractical. We would  return to a world without walls or fences, doors or windows.

A: Look at corporate bank accounts. They have many millions in balance and they are accessible through inet banking. If brute-force remote hacking is so easy, then these corporations would disable remote access.

— Q1b (related question): If car/bicycle locks are so easy to hack by anyone learning from youtube, then what (confirmed) case count is a reasonable number?
A: I would say half the cars would be hacked every year. I think brute-force car hacking is harder than that.

My conclusion as of 2024 — Admittedly, a determined brute-force hacker can use advanced technology to break into any layman’s account but it is not worth hacker’s effort. You CAN protect your money. Your good habits will deter remote hackers, and make their attempts unprofitable.

— bccy
How about crypto wallets and crypto trading accounts. If asset is stolen, law enforcements would offer limited assistance. However, most crypto trading accounts appear relatively safe.

Cold wallet is safer, somewhat comparable to money-lock. Vlad.T said bulk of the assets would be in cold wallet.

I perceive a big advantage of fiat currency account — fund transfer is usually traceable. Bank account or trading account opening process follows regulated, audited procedure. Recipient identity is usually known esp. for large transfers.

==== vulnerabilities
— cpf after 55 ..
— citi.NA

Bank::CIMB

Posted on by tiger40490

3.5 ppa interest is no longer relevant with the “killer”. So I will not park any amount here, but will keep the account open just to service the FLI2

— auth
mobank::fingerprint
webank::passwd, then SMS or mobank. Can’t use webank without your phone.
high-risk transactions need PIN (similar to ATM)

— FBADB
No FBF, but if daily balance is below 1k, then that day’s int accrual is $0.

Any day’s accrued interest is immutable unless hitting the “StepUp” killer.
— 6333 1111 hotline is fast 🙂 9 – 7pm Mon-Sun only
Message Centre > compose .. addressed within 3 days
— nightly snapshot timing .. midnight
— FAST: $1 minimum
Needs mobank PIN

scheduled outgoing FAST to take place some time before 4 pm, even on non-weekdays.

— risk of fund loss .. See grave dangers
Some cooling period after adding a payee. Given the difficulties (including server overload), I will keep EGA, BOC as payees.

bank:Mayb.sg

Posted on by tiger40490

— hotline

You need to enter NRIC but not smsOtp

— webank bug

  1. you login to check how much to deposit into savings
  2. you send required amount by FAST from another bank
  3. Mayb webank still shows old balance 🙁 so you are unable to use the new balance to pay your loans

Solution: you need to FAST transfer $0.01 out. This would refersh the webank cache:) Now you can use the new balance to  pay the loans

bank::citi.NA

Posted on by tiger40490

sending money to other U.S. banks .. $20 requires smsOtp

To get to a live agent, choose option 9.
1800 321 2484 if you want to open an accessChecking

— action plan

  • after 23 Jun, transfer everything to BofA

— citi.ny monthly fees
If you have either a regularChecking OR an accessChecking OR both, each account would require a $250/M transfer-in, or it would incur monthly fees.
* [done] use Citi webank to set up monthly (1st) Pull from Bofa
* No need to keep any balance in Citi. Once a while, you can transfer back any amount to Bofa. I might keep Bofa above 3k and monitor it.

We can set up the transfer now, but until 23 Jun, I need to maintain $1500 in Citi.

If you keep $0 balance, the fees will eat into overdraft !

Converting to AccessChecking is likely impossible, but if you see a benefit then you can close the existing acccount and open a brand new accessChecking. The benefit is in magnitude of the impact — $5 fee better than $15 fee.

— citibank NY account
Access (to my fund) is the #1 requirement for me.

— to show account/routing number .. Online help is useless

Click on the account to view transaction details -> look above the tx history -> look for “Hide Routing number & more”

You can also look at your pdf statement, but routing number is not there.

ICBC.sg #keep active

Posted on by tiger40490

written answer is more important than verbal answer

636 95588 hotline is 24/7. All branches are Mon-Sat, no Sunday branch.

multi-currency savings account can accept USD via TT.

— wife’s difficulty
Sugg 1: open account at BOC to receive from icbc.cn
Sugg 2: retry in 6M and give a better “purpose”

Sembawang is the most convenient branch to bring wife to

Q: if I help wife open an account but end up leave it unused, is there any regret?
A (after discussing with Wayne): nothing. We can close the account after 6M

— to avoid soft-closure, need some transactions every 12M. Giro may not count, but incoming/outgoing FAST counts
USD/RMB/SGD (any ccy) TD.. no penalty for early termination. If you withdraw a 6M TD within 5M, you receive 5M worth of savings interest, without loss of principal. Therefore, it’s safe to use auto-renew. Better than BOC.

You can also disable auto-renew.

Partial withdrawal .. unsupported.

— deposit USD … ($100 notes only).  1% handling fee with no mimimum
deposit Rmb FOC, but only Rmb100 notes, inferior to BOC.sg
— USD transfer within Sgp
local Cashier’s Order .. first one of the day is free.
receiving cheque is free.
— USD 工银速汇 to ICBC.cn (unneeded now)
No charge by ICBC.sg
— my accounts

  • ccy TD: *5518
  • SGD TD: *7326

Each card number is considered an account; the savings account number is another account.  FAST outbound .. Source account can be any of them.
— webank tips:

  • For tx history .. MyAC -> CheckAccount -> change currency -> search
  • For FAST out .. OutwardRemittance -> LocalSGD -> choose template
  • .. FAST minimum $1 and no upfront reminder !
  • ExternalTransfer means intra-bank to wife’s ICBC account
  • login: tiger40490/T08xxxxxx. Hardware token is a pain. There is a soft token in the mobank.
Posted in chn

salary-credit`bank: switch

Posted on by tiger40490
  • In the future, contact Asiapayroll @ xxx.com
  • BankIdentificationCode means Swift code
  • I want to save and keep multiple “candidate” bank accounts in Workday, so I can select exactly one candidate to receive salary deposit.
  • To switch between two candidates already saved, go to ViewProfile -> Pay -> PaymentElections -> scroll right on the data row -> click edit -> add a new data row and specify the “good” bank account -> remove the pre-existing data row for the “outdated” bank account.
  • Not possible to split 50/50 between two candidate bank accounts

FallBelowFee; bonus int #buffers

Posted on by tiger40490

Big picture: Legwork / distraction is increasing due to

  1. insufficient balance in #108 for automated bill payments .. (ccard, GIRO) can lead to ccard interest or pink notices
  2. FBF .. initial focus of this bpost

— “bonus interest” competition among SG banks.. Prefer which banks?

  • prefer: no or very simple “card spend” .. (adding a new ccard) Need to ensure prompt payment. Need to monitor and hit minimum spend. Complicates exp recon as proven in eccard xp.
  • prefer: no “GIRO bill-pay” please.
  • prefer: no tiered interest rate .. burdensome to monitor
  • prefer: no “bonus int cap”.. (eg: minimal marginal interest beyond 100k.) Burdensome to monitor
  • prefer: no FBF.. BOC beats dbsMP
  • LG: salary crediting
  • LG: early withdrawal … withdrawals seldom needed

After EGA, I think BOC FD would be a simple choice. Interest calc is pre-agreed.

— (liquidity) buffers include #198 … Poems … MB ccard … temp loan from wife … MCS/EGA.

temp loan from boy? already used up.

Q: Buffers in other ccards?
A: One is enough. Using ccard as buffer is error-prone like a stressful juggle

Q: reduce #108 balance to delay IRAS installment and create a temp buffer?
A: no penalty per se
==== fall-below fees
— ADB tracking .. The multitude of fall-below fees are a constant stressor. A kind of winUp problem. To reduce the stress (but financially unwise), we can AA) move a sufficient amount from HSBC EGA to the affected account for one day. The amount is roughly FBADB * 30D. This amount can be prohibitive.

FBADB is typically $500, but can be zero at some banks [icbc.sg]

BB) A second foolproof “scheme” is … finish every day above FBADB threshold.

Every time you keep a decent buffer above FBADB, your money becomes less “productive”. This is a price to pay for the buffer/safety/peace@mind. 鱼与熊掌.

If you are unable to follow these two “simple” plans, then you must track ADB to avoid FBF. CC) ADB Tracking in a busy account is a can of worms that everyone wants to avoid, but without it , you would be  flying blind, and can’t have any confidence about any “rescue plans”.

DD) In a less busy account, ADB tracking is feasible.

If you are unable to follow the two “simple” plans and won’t open this can of worms, then HH) brace yourself for the hazard of FBF. In such a situation, up to $5 FBF is a small fee I can accept to avoid massive legwork [i.e. ADB tracking].

WW) Luckily, some banks (like citi) can waive it repeatedly. “We don’t discuss how many waivers in a year.” The longer you hold an account, the easier it is to ask for waiver.

— citi: $15/M FBF is much lower than $50/M ($15k*4%/12) of lost profit

Goal is to avoid $15 FBF every month. If I miss one month, I will deal with it.

Luckily, once we hit 15k, we can have multiple SGD accounts with no FBF in any.

— BOC $3/M fall-below $200 ADB
Looks like the best of both worlds .. low FBADB + high IR
— SCB e$saver $5 for FBADB $1000
— dbs 104/108: $400 x 4.5%/12 = $1.5 bonus interest is not worth it., so better avoid FBF

bachelor→pff: how I adapted #80marks

Posted on by tiger40490

I’m trying, unsuccessfully, to transfer my burn rate habit to my kids. Meimei seems to be listening.

My income is much higher than bachelor years, partly due to salary inflation. My family burn rate is also much higher, with inflation playing some unquantified role.

I have largely avoided the white elephants of many middle-class families — cars, private/international schools, golf, high-maintenance landed properties, maid, big loans,

Background: An author mentioned that we all face cashflow challenges as singles [1]. We face even more when we get married and have kids[2]. (Based on no definition) Out of 10 singles on (cashflow) high ground, fewer than half would remain on high ground in [2], rather than falling off.

Paradox: my single burn rate (c++US etc) is less than 25% of my family burn rate. I won’t go in-depth because I think the explanatory factors are fairly obvious.

This blogpost can easily become forgettable and hardly /distinguishable/ from similar blogposts. Sharp questions might be more valuable (than answers)… They represent perspectives, angles of view.

As to the answers, most will be valid, relevant but forgettable. I won’t try to make all of them /memorable/. My preference is to avoid vague items, separate out the important but familiar items, and focus on unusual items.

Q2: what strategies and habits did I carry over from single’s life /transitioning/ to family life?

  • saw a clear distinction between liabilities vs productive assets (cashcow). Liabilities include debts [mtg, student loans..] and white elephants like cars
  • — forgettable answers
  • steadfast focus on expense regulation [control ]…. rather than a target-amount of nest egg for investment. Jolt: My nest egg was a by-product.
  • .. ctbz? Probably more effective on the big-tickets like cars, rent cost, vacations
  • .. just_say_no to FOMO, exclub, creep, splurge,
  • maintained my salary … better than anticipated, despite churn, age discrimination etc

Q2b: what adaptations did I have to make for the transition?

  • a focus on published stats of median household income in the city, rather than a hearsay guesstimate of my peers’ burn rate. That guesstimate is 300% of that median.
  • — forgettable answers
  • exp recon .. a key “regulattory device”, adapted to family finance — no mean achievement. Virtually no one in my circle reached my efficiency, even though many heard similar suggestions about budgeting, tracking/recon. Without hard evidence, I believe that most of their budgets hit ineffective excusion. Many overspent for decades.
  • in 2008-2017 childcare costs threatened to /derail/ everything. Somehow, wife and I have managed to /contain/ this fire

Actually 2008-2009 pff situation in NY was a tough adaptation in terms of brbr, expense control, rent,,, On the flip side, the experience built self-confidence.

Q3: besides my skills, what other factors contributed to our current cash flow high ground?

  • grandparents didn’t become a financial burden
  • frugal wife
  • kids didn’t demand too much
  • medical expenses moderate

Q: what can my kids learn from me? Some say that financial skills are more valuable “heritage” than physical inheritance.

Q: in my answers, why are investments, NNIA conspicuously missing?
A: I guess they have played a background/supporting role so far. See the blogposts in cashflow projection. They don’t affect my day-to-day cashflow.