Turbotax Hacked?

some stories make it seem likely

why is it so hard to prevent hacking past company computer security?

I did not read that TurboTax got hacked. I thought I read that they quit filing state returns because people were filing with false identities.

Quote: odiousgambit

why is it so hard to prevent hacking past company computer security?

Not to comment on TT, but probably because we are still using 1980s ideas for security. It is as if you tried to drive a Model A on the interstates in the 1960s. Passwords are still the basic security. Why are we not using biometrics? Why not a thumb-rive with an impossible to copy "password" of a thousand characters including letters, numbers, and wingding-font symbols? Why not limit the IP that can log in?

If I knew how to do it all I could be on "Shark Tank" and get a date with Lori!

Quote: DRich

I did not read that TurboTax got hacked. I thought I read that they quit filing state returns because people were filing with false identities.

some stories today have brought up the possibility that TT was hacked, of course if so this would be bad for them ... I mean, talk about trust being an issue with your clients!

Quote: AZDuffman

Passwords are still the basic security [etc]

not just home computers, but companies too?

Quote: odiousgambit

why is it so hard to prevent hacking past company computer security?

Probably the same reason video games get released with bugs. You have a very small (relatively) window to test, and are limited to the trials conjured by the few testers you have. Once you release it, you have thousands doing things you never even considered one would attempt.

Quote: odiousgambit

not just home computers, but companies too?

Companies I worked for are not much beyond username and password. Sometimes when you try to work remote there was more security, but still a user and password as well as a cookie on your machine.

Now imagine if they had something like a thumb drive. It has multiple passwords of say 15 digits each and they are in an order. When one is used it gets "destroyed." And there are say 100 only and they expire. It also expires after 30 days or so. You forget it at work and you get to go home and get it.

Now imagine it has a basic biometric so if I find it then I cannot use it. Even more layers possible.

Surely someone smarter than me can come up with better ideas. Of course, the best is to go back to private networks not connected directly to the internet. That is one more layer.

There was a story awhile back of someone taking a picture of Angela Merkel's fingers and was able to reproduce her prints from it, just to prove it could be done.

My E-Trade account has a little FOB that they send a confirmation type code to. Even registering a cell phone where a code can be texted is a big improvement that some systems are using now.

I don't know if anything has changed with credit cards, but I've always felt I should be able to designate the limits (below the card limits) as to what can be purchased.

The credit card companies want to leave your limit up to whatever the max rate is, and if someone gets hold of it they just absorb the loss, but I could set the lower limit myself because I know what I'm doing for the month.

I believe I was told, 'well I might inconvenience myself' if I try to use my card and forgot to raise the limit. Worse reason I can think of, if I do it, it's my own fault. I'm willing to accept it.

I think they do it the way they do because some purchases just might not get made. But there are weeks where I know I don't need single purchase limits above $100. Yet they leave it open to thousands of dollars. Pisses me off. I should be able to phone in a code, (touchtone) and control access myself.