Treasury Direct account security discussion at Bogleheads

Discussion of the Cash portion of the Permanent Portfolio

Moderator: Global Moderator

User avatar
jhogue
Executive Member
Executive Member
Posts: 755
Joined: Wed Jun 28, 2017 10:47 am

Re: Treasury Direct account security discussion at Bogleheads

Post by jhogue » Thu Mar 07, 2019 4:46 pm

I am not ready to hit the panic button over Treasury Direct’s annoying inability to assume full responsibility for the security of transactions in its electronic accounts. Their klunky written responses to the boglehead investor [above] remind me of why people hate dealing with august institutions like the US Postal Service or you local Department of Motor Vehicles.

That said, US savings bonds are US Treasury-issued debt instruments. With trillions held by the USA’s trading partners, and trillions more held domestically by individuals, banks, insurance companies, and corporations, I can’t see a credible scenario in which a Treasury Secretary would do anything that jeopardizes global perceptions of their safety, liquidity, and yield.
“Groucho Marx wrote:
A stock trader asked him, "Groucho, where do you put all your money?" Groucho was said to have replied, "In Treasury bonds", and the trader said, "You can't make much money on those." Groucho said, "You can if you have enough of them!"
User avatar
ochotona
Executive Member
Executive Member
Posts: 3353
Joined: Fri Jan 30, 2015 5:54 am

Re: Treasury Direct account security discussion at Bogleheads

Post by ochotona » Thu Mar 07, 2019 5:51 pm

Maybe if I want to write my Letter to an Important Person, I'd ask that I-Bonds be transferable to a brokerage account. Not that they be made sellable on the secondary market, but just that thy could be sent out of TD.
User avatar
jhogue
Executive Member
Executive Member
Posts: 755
Joined: Wed Jun 28, 2017 10:47 am

Re: Treasury Direct account security discussion at Bogleheads

Post by jhogue » Thu Mar 07, 2019 6:11 pm

Your post prompts a good question:

Why can't Treasury outsource the management of Treasury Direct to one or more brokerage firms?
“Groucho Marx wrote:
A stock trader asked him, "Groucho, where do you put all your money?" Groucho was said to have replied, "In Treasury bonds", and the trader said, "You can't make much money on those." Groucho said, "You can if you have enough of them!"
User avatar
ochotona
Executive Member
Executive Member
Posts: 3353
Joined: Fri Jan 30, 2015 5:54 am

Re: Treasury Direct account security discussion at Bogleheads

Post by ochotona » Fri Mar 08, 2019 5:17 am

Love the spellign.


Hello Peter,

Thank you for your recommendation towards improvements to TreasurDirect.

We appreciate your investment in TreasuryDirect.

Treasury Services
ppnewbie
Executive Member
Executive Member
Posts: 850
Joined: Fri May 03, 2019 6:04 pm

Re: Treasury Direct account security discussion at Bogleheads

Post by ppnewbie » Fri May 17, 2019 1:55 pm

This discussion is very helpful as I am trying to figure out where to park my treasury bonds and bills.
Libertarian666
Executive Member
Executive Member
Posts: 5994
Joined: Wed Dec 31, 1969 6:00 pm

Re: Treasury Direct account security discussion at Bogleheads

Post by Libertarian666 » Sat Oct 19, 2019 6:39 pm

jhogue wrote:
Wed Feb 13, 2019 3:57 pm
As far as I can tell, no one has lost so much as a dime from a hacked Treasury Direct account.

The historical record of the U.S. Treasury is simple and clear: in roughly two hundred years of operation, it has never failed to return principal and interest on its bonds.
Except for the minor breach of not repaying people in dollars equivalent to gold of the weight and fineness applicable at the time they bought the bonds.

But that was only about a 40% loss, so no big deal.
User avatar
ochotona
Executive Member
Executive Member
Posts: 3353
Joined: Fri Jan 30, 2015 5:54 am

Re: Treasury Direct account security discussion at Bogleheads

Post by ochotona » Sun Oct 20, 2019 7:25 am

Treasury Direct de Venezuela
jacksonm2
Full Member
Full Member
Posts: 78
Joined: Fri Sep 27, 2019 5:46 pm

Re: Treasury Direct account security discussion at Bogleheads

Post by jacksonm2 » Sun Oct 20, 2019 3:57 pm

I used to buy the maximum amount of allowable I-bonds at Treasury Direct for both me and my wife but I quit doing it and even cashed them all out a few years ago.

Although they did seem to have good security when it came to authenticating the website seemed very unsophisticated.

Eventually I decided it was too risky and cashed out everything, moving it to Fidelity and Vanguard.

The reason - those two institutions have to please their customers to stay in business. If you've never had a bad experience dealing with a government bureaucrat maybe you won't feel the same way but it's hard to imagine getting the same kind of service from government employees if something does go terribly wrong.
User avatar
jhogue
Executive Member
Executive Member
Posts: 755
Joined: Wed Jun 28, 2017 10:47 am

Re: Treasury Direct account security discussion at Bogleheads

Post by jhogue » Mon Oct 21, 2019 8:47 am

What makes you think that Fidelity and Vanguard are somehow safer than the U.S. Treasury?
“Groucho Marx wrote:
A stock trader asked him, "Groucho, where do you put all your money?" Groucho was said to have replied, "In Treasury bonds", and the trader said, "You can't make much money on those." Groucho said, "You can if you have enough of them!"
jacksonm2
Full Member
Full Member
Posts: 78
Joined: Fri Sep 27, 2019 5:46 pm

Re: Treasury Direct account security discussion at Bogleheads

Post by jacksonm2 » Mon Oct 21, 2019 3:58 pm

jhogue wrote:
Mon Oct 21, 2019 8:47 am
What makes you think that Fidelity and Vanguard are somehow safer than the U.S. Treasury?
If this question is directed at me I thought I gave the reason in my post. I have no idea which of those three are the most or least hackable. I just believe that if I was hacked I would rather deal with Fidelity or Vanguard than the U.S. Treasury.
grapesofwrath
Associate Member
Associate Member
Posts: 46
Joined: Thu Jul 14, 2016 5:57 am

Re: Treasury Direct account security discussion at Bogleheads

Post by grapesofwrath » Wed Oct 23, 2019 8:36 am

I would think Treasury Direct is safer than Vanguard/Schwab/Fidelity because it has virtually no customer service.
User avatar
ochotona
Executive Member
Executive Member
Posts: 3353
Joined: Fri Jan 30, 2015 5:54 am

Re: Treasury Direct account security discussion at Bogleheads

Post by ochotona » Wed Oct 23, 2019 5:21 pm

grapesofwrath wrote:
Wed Oct 23, 2019 8:36 am
I would think Treasury Direct is safer than Vanguard/Schwab/Fidelity because it has virtually no customer service.
Interesting perspective. I've gone round and round in my head on this matter, and I think if you use the 2FA (I send 2FA emails to Hotmail), and if you vigorously defend said 2FA channel (I use 2FA on my 2FA, and it ain't a phone, it's an authenticator app), and if you change the password every once in a while (16 characters for me, upper / lower / numbers /symbols), and if you print out proof of ownership, you won't have problems.
jacksonm2
Full Member
Full Member
Posts: 78
Joined: Fri Sep 27, 2019 5:46 pm

Re: Treasury Direct account security discussion at Bogleheads

Post by jacksonm2 » Fri Oct 25, 2019 2:35 pm

grapesofwrath wrote:
Wed Oct 23, 2019 8:36 am
I would think Treasury Direct is safer than Vanguard/Schwab/Fidelity because it has virtually no customer service.
Exactly my point but we apparently see things in reverse as to whether or not that is a good thing.
User avatar
ochotona
Executive Member
Executive Member
Posts: 3353
Joined: Fri Jan 30, 2015 5:54 am

Re: Treasury Direct account security discussion at Bogleheads

Post by ochotona » Fri Oct 25, 2019 3:00 pm

jacksonm2 wrote:
Fri Oct 25, 2019 2:35 pm
grapesofwrath wrote:
Wed Oct 23, 2019 8:36 am
I would think Treasury Direct is safer than Vanguard/Schwab/Fidelity because it has virtually no customer service.
Exactly my point but we apparently see things in reverse as to whether or not that is a good thing.
Each way to keep cash has different risk. Money in the bank, money in T-Bills is exposed to negative interest rate risk! And risk of bank default and FDIC is not sufficiently funded.

It's wise to spread your risks around. Don't avoid I-Bonds because they have some risk, use them because they have risk which aren't like the risks you face in other places.
User avatar
jhogue
Executive Member
Executive Member
Posts: 755
Joined: Wed Jun 28, 2017 10:47 am

Re: Treasury Direct account security discussion at Bogleheads

Post by jhogue » Fri Oct 25, 2019 6:22 pm

Exactly.
Just as in the Lehman Brothers bankruptcy in 2008, it will be impossible in advance to predict where, when, and how the next liquidity crisis will strike. The point of holding T-bills in a brokerage, I bonds in a safe deposit box or TreasuryDirect account, and a stash of greenbacks somewhere nearby is to diversify your Cash holdings before that moment comes when liquidity seems to be evaporating everywhere.

I sleep better at night knowing I have spread the risk around.
“Groucho Marx wrote:
A stock trader asked him, "Groucho, where do you put all your money?" Groucho was said to have replied, "In Treasury bonds", and the trader said, "You can't make much money on those." Groucho said, "You can if you have enough of them!"
User avatar
vnatale
Executive Member
Executive Member
Posts: 9423
Joined: Fri Apr 12, 2019 8:56 pm
Location: Massachusetts
Contact:

Re: Treasury Direct account security discussion at Bogleheads

Post by vnatale » Mon Dec 16, 2019 6:58 pm

ochotona wrote:
Wed Oct 23, 2019 5:21 pm
grapesofwrath wrote:
Wed Oct 23, 2019 8:36 am
I would think Treasury Direct is safer than Vanguard/Schwab/Fidelity because it has virtually no customer service.
Interesting perspective. I've gone round and round in my head on this matter, and I think if you use the 2FA (I send 2FA emails to Hotmail), and if you vigorously defend said 2FA channel (I use 2FA on my 2FA, and it ain't a phone, it's an authenticator app), and if you change the password every once in a while (16 characters for me, upper / lower / numbers /symbols), and if you print out proof of ownership, you won't have problems.
1. I assume that you'd consider printing to a PDF and saving it would be equivalent to "proof of ownership"?
2. If so, Is it impossible for someone to create a fake document that looks real? If possible then that reason could make all documents not acceptable as proof of ownership? Also, how can you prove that no activity on your part had not occurred subsequent to the date of your document?

Vinny
Last edited by vnatale on Tue Dec 17, 2019 10:50 am, edited 1 time in total.
Above provided by: Vinny, who always says: "I only regret that I have but one lap to give to my cats." AND "I'm a more-is-more person."
Libertarian666
Executive Member
Executive Member
Posts: 5994
Joined: Wed Dec 31, 1969 6:00 pm

Re: Treasury Direct account security discussion at Bogleheads

Post by Libertarian666 » Tue Dec 17, 2019 7:48 am

jhogue wrote:
Fri Oct 25, 2019 6:22 pm
Exactly.
Just as in the Lehman Brothers bankruptcy in 2008, it will be impossible in advance to predict where, when, and how the next liquidity crisis will strike. The point of holding T-bills in a brokerage, I bonds in a safe deposit box or TreasuryDirect account, and a stash of greenbacks somewhere nearby is to diversify your Cash holdings before that moment comes when liquidity seems to be evaporating everywhere.

I sleep better at night knowing I have spread the risk around.
That's great except that you don't mention gold, which is actually a form of cash too.
User avatar
ochotona
Executive Member
Executive Member
Posts: 3353
Joined: Fri Jan 30, 2015 5:54 am

Re: Treasury Direct account security discussion at Bogleheads

Post by ochotona » Tue Dec 17, 2019 11:05 am

vnatale wrote:
Mon Dec 16, 2019 6:58 pm
ochotona wrote:
Wed Oct 23, 2019 5:21 pm
Interesting perspective. I've gone round and round in my head on this matter, and I think if you use the 2FA (I send 2FA emails to Hotmail), and if you vigorously defend said 2FA channel (I use 2FA on my 2FA, and it ain't a phone, it's an authenticator app), and if you change the password every once in a while (16 characters for me, upper / lower / numbers /symbols), and if you print out proof of ownership, you won't have problems.
1. I assume that you'd consider printing to a PDF and saving it would be equivalent to "proof of ownership"?
2. If so, Is it impossible for someone to create a fake document that looks real? If possible then that reason could make all documents not acceptable as proof of ownership? Also, how can you prove that no activity on your part had not occurred subsequent to the date of your document?

Vinny

The PDF is just the best any of us can do. Of course I have no way of knowing if the Treasury Department would accept it. These are unknowables.
User avatar
jhogue
Executive Member
Executive Member
Posts: 755
Joined: Wed Jun 28, 2017 10:47 am

Re: Treasury Direct account security discussion at Bogleheads

Post by jhogue » Wed Dec 18, 2019 9:50 am

Libertarian666 wrote:
Tue Dec 17, 2019 7:48 am
jhogue wrote:
Fri Oct 25, 2019 6:22 pm
Exactly.
Just as in the Lehman Brothers bankruptcy in 2008, it will be impossible in advance to predict where, when, and how the next liquidity crisis will strike. The point of holding T-bills in a brokerage, I bonds in a safe deposit box or TreasuryDirect account, and a stash of greenbacks somewhere nearby is to diversify your Cash holdings before that moment comes when liquidity seems to be evaporating everywhere.

I sleep better at night knowing I have spread the risk around.
That's great except that you don't mention gold, which is actually a form of cash too.
I would agree that gold can be a medium of exchange and remains a store of wealth without peer in global history. That certainly makes it similar in some respects to the STTs under discussion above.

But the gold in your avatar is certainly not Treasury-issued debt, nor does it bear a fixed nominal rate of interest, nor does it come with a “full faith and credit” guarantee from the US government. That doesn’t make gold bad—just a different kind of asset.
“Groucho Marx wrote:
A stock trader asked him, "Groucho, where do you put all your money?" Groucho was said to have replied, "In Treasury bonds", and the trader said, "You can't make much money on those." Groucho said, "You can if you have enough of them!"
User avatar
vnatale
Executive Member
Executive Member
Posts: 9423
Joined: Fri Apr 12, 2019 8:56 pm
Location: Massachusetts
Contact:

Re: Treasury Direct account security discussion at Bogleheads

Post by vnatale » Mon Feb 17, 2020 4:23 pm

ochotona wrote:
Sun Feb 10, 2019 4:17 pm
This is not good. Not at all. I-Bonds are cool, but I can do without them at the end of the day. I have too many accounts, would be helpful to get rid of one.

Here I am, with Schwab and Fidelity accounts that use reasonably modern continuously rotating six-digit additional security codes, and 2FA, and nice security guarantees, and there's just no excuse for putting up with TreasuryDirect's sub-standard customer service. Even if they have cool little security (::: cry :::).
How do they get these codes to you? And, are they separate or part of the two factor authorization?

When I log into Vanguard I get a phone call from them giving me each time a different six-digit code which I then use as part of my two factor authorization.

As part of my job in doing online business with one of our banks they have supplied ne with a fob with a rotating eight-digit code (that I add the same four more digits to) whenever I log in. And, then it immediately sends back to me on that fob a four digit verification code. I'm sure the device does not draw much power but the battery is quite long lived as I've been using it for at least two years, maybe three with no battery replacement.

Vinny
Above provided by: Vinny, who always says: "I only regret that I have but one lap to give to my cats." AND "I'm a more-is-more person."
ppnewbie
Executive Member
Executive Member
Posts: 850
Joined: Fri May 03, 2019 6:04 pm

Re: Treasury Direct account security discussion at Bogleheads

Post by ppnewbie » Sat Feb 29, 2020 9:58 am

I’ll add my own experience in this thread. I have I bonds in treasury direct. The site and opacity of the support does make me nervous.

I am going to take the suggestion on this thread to capture images and build spreadsheets of all the bonds I currently own.

From my perspective - they are the equivalent of cash, since I believe you can sell them any time, even before the one year period. Your only penalty is that you lose the interest.

Please correct me if I am off base on that. Also - I don’t quite understand EE bonds. I’ll research that before my next purchase.

One question I had is - Are I bonds considered as safe as t-bills in case of a zombie apocalypse?
User avatar
jhogue
Executive Member
Executive Member
Posts: 755
Joined: Wed Jun 28, 2017 10:47 am

Re: Treasury Direct account security discussion at Bogleheads

Post by jhogue » Sat Feb 29, 2020 10:30 am

Dear ppnewbie,
Welcome to the forum.

1. It is always a good idea to make a spreadsheet with a list of your I bonds.

2. I bonds cannot be cashed until they are one year old. After that, you can cash them any time. From one year to five years there is a 3 month interest rate penalty. After that there is no penalty to cash them.

3. EE bonds protect your cash from deflation, similar to how I bonds protect your cash from inflation. Their current rate is minimal, but if you hold them for 20 years they will automatically double in value. EE bonds work best for long term liability matching, like paying for college or financing early retirement.

4. Both I bonds and EE bonds have the same "full faith and credit" backing of the US Treasury as T bills, so, yes, your principal is considered risk free. Nobody has ever seen a real zombie apocalypse, but US savings bonds have survived every possible economic condition since they were created in the 1930s.
“Groucho Marx wrote:
A stock trader asked him, "Groucho, where do you put all your money?" Groucho was said to have replied, "In Treasury bonds", and the trader said, "You can't make much money on those." Groucho said, "You can if you have enough of them!"
User avatar
vnatale
Executive Member
Executive Member
Posts: 9423
Joined: Fri Apr 12, 2019 8:56 pm
Location: Massachusetts
Contact:

Re: Treasury Direct account security discussion at Bogleheads

Post by vnatale » Thu Apr 23, 2020 6:06 pm

ochotona wrote:
Wed Oct 23, 2019 5:21 pm
grapesofwrath wrote:
Wed Oct 23, 2019 8:36 am
I would think Treasury Direct is safer than Vanguard/Schwab/Fidelity because it has virtually no customer service.
Interesting perspective. I've gone round and round in my head on this matter, and I think if you use the 2FA (I send 2FA emails to Hotmail), and if you vigorously defend said 2FA channel (I use 2FA on my 2FA, and it ain't a phone, it's an authenticator app), and if you change the password every once in a while (16 characters for me, upper / lower / numbers /symbols), and if you print out proof of ownership, you won't have problems.
Is it possible for you to further elaborate on the above?

Vinny
Above provided by: Vinny, who always says: "I only regret that I have but one lap to give to my cats." AND "I'm a more-is-more person."
User avatar
ochotona
Executive Member
Executive Member
Posts: 3353
Joined: Fri Jan 30, 2015 5:54 am

Re: Treasury Direct account security discussion at Bogleheads

Post by ochotona » Thu Apr 23, 2020 6:27 pm

vnatale wrote:
Thu Apr 23, 2020 6:06 pm

Is it possible for you to further elaborate on the above?

Vinny

TD sends you an email if you try to login. But that's only as good as your email security. So my email has strong two-factor authentication as well, using a phone app. Text is a weaker form of two-factor auth, because you can get your phone number stolen ("SIM hacking").
User avatar
vnatale
Executive Member
Executive Member
Posts: 9423
Joined: Fri Apr 12, 2019 8:56 pm
Location: Massachusetts
Contact:

Re: Treasury Direct account security discussion at Bogleheads

Post by vnatale » Thu Apr 23, 2020 6:50 pm

ochotona wrote:
Thu Apr 23, 2020 6:27 pm
vnatale wrote:
Thu Apr 23, 2020 6:06 pm

Is it possible for you to further elaborate on the above?

Vinny

TD sends you an email if you try to login. But that's only as good as your email security. So my email has strong two-factor authentication as well, using a phone app. Text is a weaker form of two-factor auth, because you can get your phone number stolen ("SIM hacking").
How about a phone call where you get a code that you need to input. How do you rank that? That is what banks will do (and, Vanguard).

But still trying to get the details on your email.

TD sends this email to an email address. I'm still not following..."So my email has strong two-factor authentication as well, using a phone app." And, I don't know if you cannot elaborate because then that gives someone some knowledge of how to get into your account.

Are you saying this email address is only for this login which has the strong two-factor authentication? Or, all your email? I'm suspecting it is the former.

I can only imagine that the email is sent to an email address which you only use for this? And, that requires you to enter the email address and password via a browser? Or, it comes directly to you via your regular email programs? Just not seeing what the phone app is doing. Are you able to disclose the phone app? Or, would doing so compromise your security?

Vinny

Vinny
Above provided by: Vinny, who always says: "I only regret that I have but one lap to give to my cats." AND "I'm a more-is-more person."
Post Reply