Watch the full replay »


Other highlights from this webcast


Vanguard webcast library

TRANSCRIPT

Emily Farrell: Hello, I’m Emily Farrell. Welcome to our live webcast on information security and protecting access to your information. Information security is more important now than ever, and this evening we’ll discuss the steps Vanguard is taking to protect access to your information and assets and how you can partner with us to protect your information.

As you may have noticed, we have changed our lineup for tonight’s webcast. Now while Alonzo Ellis was unable to join us, we are very fortunate to have with us Ellen Rinaldi, Vanguard’s chief information security officer, along with Jeffrey Lampinski, Vanguard’s head of Global Security and Fraud Operation.

Ellen, Jeff, thanks so much for being here.

Ellen Rinaldi: Thank you for having us.

Jeffrey Lampinski: Thank you.

Emily Farrell: All right, a few housekeeping items. Before we get started, I just wanted to let you know that there’s a widget at the bottom of your screen for accessing technical help. It’s the blue widget on the left. And if you’d like to read some of Vanguard’s material that relates to our discussion or view replays of our past webcasts, click on the green Resource List widget. It’s on the far right of the player. And, finally, we’ll be spending most of our time tonight answering your questions—those that we received when you registered as well as those you can submit live during our broadcast. And, of course, we encourage everyone to send us your questions.

Now to kick things off, I’m actually going to ask our audience a question. And right on the screen right now is our poll question, which is “Which of the following do you find most concerning: I’m worried about identify theft, I’m worried about financial fraud, I’m worried about knowing how to protect my information and assets?”

All right, so just take a second, respond, and we’ll get to your answers in just a few minutes.

All right, Ellen, Jeff, we’re going to let everyone take a second to respond to our poll. And while we’re waiting for those answers, I thought we’d just kick it off with questions. I mean that’s why we’re here. We actually had a great question to start our conversation. Catherine in Coralville, IA, asked us, “How is Vanguard protecting its investors?” Ellen?

Ellen Rinaldi: That’s a great first question, that’s for sure. I’m glad I’m not answering that poll because I would want to check all of them.

Jeffrey Lampinski: All of the above.

Ellen Rinaldi: All of the above, right? So let’s talk a little bit about how we protect, and, actually, it’s a two-way street here.

Emily Farrell: Definitely.

Ellen Rinaldi: We work on protection of our clients’ assets, and we’re hoping that our clients are working on protecting their identities.

Emily Farrell: Absolutely.

Ellen Rinaldi: And I’m anticipating we’re going to be talking about that quite a bit tonight.

Ellen Rinaldi: So let’s think just a little bit about how we protect you, me, and everyone else who invests at Vanguard. First, when you go onto the web, if for some reason someone is trying to use your credentials, we actually limit the number of times you can try to log on and then we disable your access. That would then require someone to come in and then reauthenticate to get that access relieved again. So that’s one thing, and that’s pretty obvious to people.

One of the things that is not as obvious to people is that on every secure page, there’s a timeout feature. And if you leave your computer open, after a while that page is going to close so that when someone’s walking by your computer—you forget, you go someplace—they’re not going to be able to get into your account or see your information.

We also fuzz out, actually block out most of your bank account information so only the last couple of digits show, so you know which bank account you’re dealing with. But if you’re on a plane or you’re on a train or you’re in a public space and someone’s looking over your shoulder, they’re not going to see your accounts.

Emily Farrell: Absolutely.

Ellen Rinaldi: We also provide security codes so that’s another way to make sure that we protect you. And on top of all of that and a number of our groups, Jeff’s included, we have cyber hunt analysts that use big data to watch for anomalies to see if there’s something going wrong.

Emily Farrell: Well I mean it’s certainly a lot of steps right there. And before we get into a lot more of those things that you can do for yourself, actually, our poll results are in so I’m just going to go read those through real quick. So, “Which of the following do you find most concerning?” So, well, Ellen would’ve checked all of them and maybe I would’ve too. And it was which are most concerning? And nearly 60% said, “I am worried about knowing how to protect my information and assets.”

Ellen Rinaldi: That’s good.

Emily Farrell: More than 26% about identity theft and another 14% about financial fraud. So the how, and I think that that’s what we’re going to get to tonight, right?

Ellen Rinaldi: We are.

Emily Farrell: And, you know, I mean did that surprise you hearing that?

Ellen Rinaldi: It doesn’t, right?

Jeffrey Lampinski: No. And the beauty of the “how” is it applies to not just Vanguard, but our clients are going to find that it applies to all of their financial institutions.

Emily Farrell: That’s a great point. Yes. So with that in mind, another great question that we received from one of our registered viewers is from Steven in Minnesota. And this gets really into kind of some of the steps, I think, that you were hinting at Ellen. “Is Vanguard considering offering two-factor authentication for computer access? And if not, why not?” Jeff.

Jeffrey Lampinski: We do offer two-factor authentication. In fact, we offer something known as multifactor authentication. Two-factor authentication is typically something you know and perhaps something you have. So we do enforced two-factor authentication every time one of our clients logs in from a device that we recognize, because we have analyzed that device when the client first logged in and registered the device. So anytime you log in we enforce two-factor authentication. We examine the machine. We satisfy ourselves that that is in fact Ellen Rinaldi’s machine. We recognize it. So it’s something you have.

The other piece, the other factor is something you know, and that’s your password. But since 2014, we’ve gone beyond that. Since 2014, we offer something known as multifactor authentication. Ellen if you want to touch upon the security codes and maybe I’ll talk about the key.

Ellen Rinaldi: Sure. At the end of 2014, the beginning of 2015, we offered an option for our shareholders to sign up for something called security codes. Which means you would put in your user name, then a security code would be sent to either a cell phone or a landline. Some of us still do have landlines. I know that’s hard to believe, but some of us do. You would take that four-digit code. You would type that into the website, and then it would release and allow you to put in your password. That way you are sure that it’s you. Right?

Jeffrey Lampinski: That’s correct.

Ellen Rinaldi: Now that is a popular feature and all retail shareholders will be adopting that over the next several months.

Emily Farrell: Yes. So, essentially, if you’re an individual investor with Vanguard, your retirement account, your brokerage or college savings, you’re eventually going to be enrolled in the service.

Ellen Rinaldi: Right, right.

Jeffrey Lampinski: That’s correct.

Emily Farrell: Yes. I mean I guess it’s a fairly familiar concept. I think a lot of other folks are—

Ellen Rinaldi: Financial institutions across the country use it, definitely. I think even the Social Security Administration uses it as well. And that’s one feature, right?

Another feature is something that not a lot of people are using yet and that’s a security key. And, Jeff, do you want to talk about that a little bit? It’s one of his favorites is just why he gets to talk about it.

Jeffrey Lampinski: The code, by the way, we really love the code and that’s why we’re going to actually having all clients have to subscribe to receiving that code because it’s, again, something you know. We just send you that code maybe an SMS text to a cell phone. And in my view, it’s something you have.

Emily Farrell: Yes.

Jeffrey Lampinski: Another factor you have that cell phone in your hand.

Emily Farrell: Again, it’s that multi-point really.

Jeffrey Lampinski: That’s exactly right, multifactor authentication. Ellen’s referring to a security key.

Emily Farrell: An actual key.

Ellen Rinaldi: A real key.

Jeffrey Lampinski: It is. It looks like a key. It’s a small token. This is something Vanguard offers. Yet again, another factor this is something you have. So when you login, user ID, password, you’re prompted to insert this in the USB drive. Within a second, this small key here begins to flash. You simply put your thumb on it and you’re authenticated.

Emily Farrell: It’s like a superpower in your pocket.

Ellen Rinaldi: It’s true.

Jeffrey Lampinski: The beauty of this is you can buy these at Amazon. You could buy them at other retailers. We support four keys. This is a YubiKey U2F key. If you go to the security site and visit that site on vanguard.com, you find which keys we support. It is four. They range in price from $18 to maybe $50.

Ellen Rinaldi: $25, $50. That high?

Jeffrey Lampinski: This is $18 and trust me, it does everything I want it to do. And the other beauty of it is if it’s supported, and it is supported by other financial institutions, other retailers, you can use that same key at those retailers, at those other financial institutions. You carry one key.

Emily Farrell: Okay. That’s a good point I guess.

Jeffrey Lampinski: You’re not going to carry six or eight keys. You carry one key.

Emily Farrell: That’s good because I’m always losing my key. No.

Ellen Rinaldi: Another benefit, actually, is even if you lost the key, you’re already signed up for security codes.

Emily Farrell: There you go.

Ellen Rinaldi: So a security code would then substitute.

Emily Farrell: Okay, so you’ve got both.

Ellen Rinaldi: So you don’t have to worry if for some reason you lost it.

Jeffrey Lampinski: That’s correct.

Ellen Rinaldi: And we do offer the service. We don’t offer the keys. You’ll have to buy your own.

Emily Farrell: That’s a great point.

Ellen Rinaldi: Yes.

Emily Farrell: And, Jeff, you mentioned the Security Center and how it’s available on vanguard.com. And I just wanted to point out to our audience at home there’s actually a link to it in the Resource Center as well so they can certainly check it out through that portal as well, or pretty much on any page of vanguard.com right there on the bottom, right.

Ellen Rinaldi: Right. Any page.

Jeffrey Lampinski: Exactly.

Emily Farrell: So, actually, our first live question is in. Steve Parks asked us, “Why doesn’t Vanguard provide an email option for its two-factor authentication?” which, of course, we’ve already cleared up multifactor. So email?

Ellen Rinaldi: You notice that we talk about sending a text message to a phone of some kind, either a cell phone or a landline.

Emily Farrell: Yes.

Ellen Rinaldi: We don’t talk about sending authentication messages to email. And that’s because email can be compromised. Much more likely to be compromised.

Emily Farrell: We’ve all heard about it.

Ellen Rinaldi: We all know about it. We’ve all heard about it. In fact, a number of people, I’m sure in the audience have had their email compromised. Some of them didn’t even know it at the time. So we don’t want to be sending messages to compromised email for authentication. We can send emails for notification. But when it comes to authentication, knowing who you are, we want to make sure that the device and the message is getting to the right person. Right, Jeff?

Jeffrey Lampinski: That’s correct.

Emily Farrell: Yes, absolutely. And, again, to your earlier point with the text codes or SMS as well as the key, you know, there are certainly different options there as well. And, of course, landline, which you got it—I don’t have one.

Ellen Rinaldi: I figure when you think about this, we err on the side of security when it comes to authentication.

Emily Farrell: Yes, absolutely.

Ellen Rinaldi: So we’re going to be a little more conservative when it comes to that messaging.

Ellen Rinaldi: There is one other question I would ask. You should ask yourself if you gave your credentials to someone like a child—

Jeffrey Lampinski: A no-no.

Emily Farrell: A spouse.

Ellen Rinaldi: Or a spouse or someone else because we oftentimes see that’s the case.

Jeffrey Lampinski: Yes.

Ellen Rinaldi: And we will pick it up in fraud and then make a call out and we’ll say, “Did you make this withdrawal?” And they’ll say, “No, I didn’t but I did tell my spouse or my son they could do that.”

Emily Farrell: Right. Oh, that’s a good point. I have an 11-month old who can turn on the television. I can’t even turn on the television, so who knows what he’ll manage to do with my accounts.

Jeffrey Lampinski: So if those conditions aren’t out there and not of an abundance, of course, you call us. And the fraud team will respond.

Emily Farrell: So always a good peace of mind, the phone call.

Jeffrey Lampinski: Yes.

Ellen Rinaldi: And the first thing we are likely to do when we respond is lock down their account.

Jeffrey Lampinski: Lock down the account. And then make an outcall to the client.

Emily Farrell: So a great point.

Jeffrey Lampinski: Yes.

Emily Farrell: So, again, some of those security measures that you were talking about right at the beginning of our conversation.

So, Jeff, you talked a little bit about aggregators and that reminded me that we actually had gotten a question early on in the registration from Joy in Scottsdale. And she asked about how safe our information is with third parties that we share Vanguard login information with like some of these aggregators.

Jeffrey Lampinski: I’m going to kind of toss that one to Ellen.

Emily Farrell: Yes.

Ellen Rinaldi: All right.

Jeffrey Lampinski: She’s an expert in our third-party vendor program and what we do with vendor management.

Emily Farrell: Yes, okay. Glad you’re here then.

Ellen Rinaldi: And very opportune. So when you think about sharing your credentials with anyone, the risk always goes up. But there’s a balance here. Sometimes you want some level of service and it’s worth it to you to give your credentials for that kind of circumstance. Now for some people having all their assets aggregated together is worth that to them. But your security with that third party is only as good as that third-party security. So you should be paying attention to how they’re protecting your data and how they’re managing that data.

Jeffrey Lampinski: If it’s a vendor that Vanguard shares data with on a contractual basis, then we do our own analysis and examination of that vendor security program. And we must be satisfied that it is as robust if not more secure than Vanguards before we will move that data.

Emily Farrell: Right. So, again, doing your due diligence.

Jeffrey Lampinski: Yes. Exactly.

Ellen Rinaldi: But at the same time, those services do provide a valuable service.

Emily Farrell: Sure.

Ellen Rinaldi: It’s a valuable service for a number of people to be able to look at everything in one place.

Emily Farrell: Yes. I guess aggregators or just thinking about your finances, you’re just thinking about doing your due diligence.

Ellen Rinaldi: Right. And it’s not that much different than a password manager.

Emily Farrell: Okay. So what’s a password manager?

Ellen Rinaldi: A password manager is a service that will hold passwords for you, create passwords for you, and connect you to websites and insert passwords for you. So that’s another kind of service a lot like an aggregator. And when you think about it, you’re giving them the opportunity—

Jeffrey Lampinski: Aggregating your password.

Ellen Rinaldi: You’re aggregating your passwords. And those can be very handy sites for you.

Emily Farrell: Okay. So, again, something you could choose to use.

Ellen Rinaldi: Absolutely.

Emily Farrell: Okay, interesting.

Ellen Rinaldi: It’s a matter of balance of risk and ease of use.

Emily Farrell: Yes. And when you’re thinking about this, just security and just making sure like what’s the best steps I can take to protect, there’s a lot of, “What if?” questions I felt like we got early on. And one particular question was, this is from Brijeet, and she asked, “If I want to be notified when there is a withdrawal or unusual activity in my account, can I do that?” And I guess looking for some additional safeguards or awareness, right?

Ellen Rinaldi: Isn’t it nice to say, “Yes, you can”?

Emily Farrell: There we go. Brijeet, there you go, you can!

Ellen Rinaldi: Yes, you can.

Jeffrey Lampinski: Yes, you can.

Ellen Rinaldi: Yes. That’s in our account maintenance section. On vanguard.com after you’ve signed in, there are security alerts or account alerts. I think they’re called account alerts.

Jeffrey Lampinski: Account activity alerts.

Ellen Rinaldi: Account activity alerts. And you can have them there for changing the bank, for changing passwords, for changing addresses, for withdrawals, any kind of monetary transaction and there you’ll get an email.

Emily Farrell: There you go, okay.

Ellen Rinaldi: Or a text.

Jeffrey Lampinski: Or a text. You can choose.

Ellen Rinaldi: But you can get an email there.

Jeffrey Lampinski: Yes.

Emily Farrell: Okay, so just a little bit of extra if you’re concerned about it knowing, hey, I’m going to get an email if something changes in my account.

Jeffrey Lampinski: Right. Well, think about those events. They’re all critical events that, if I’m a client, I want to know if someone has just deleted a bank account connected to one of my accounts, if someone’s added a bank account, if someone’s changed my password. So you want to know about those and you want to know about them pretty quick as a client. So it’s a great service. Obviously, we advocate that a client subscribe to those account activity alerts.

Emily Farrell: Opt in.

Jeffrey Lampinski: Opt in. You can take them as either a text or an email.

Ellen Rinaldi: And the good thing about this is you should be doing the same thing with your other financial institutions.

Jeffrey Lampinski: Always.

Ellen Rinaldi: You can do this across the board. And there’s no reason why you wouldn’t. I know my husband has some kind of an alert on his credit card. The second something gets charged he gets an email that tells him it’s happened.

Jeffrey Lampinski: He sees your charges?

Emily Farrell: See that happened in my household and we made that—

Ellen Rinaldi: It did? You made that change?

Emily Farrell: Yes, we changed it. We changed where the alerts were going.

Jeffrey Lampinski: I do that with my card.

Emily Farrell: Sure.

Jeffrey Lampinski: Any charge of $50 or more get an immediate text. Any international charge. Again, as we said, you can use these type of controls at almost all of your financial institutions and your credit card companies.

Emily Farrell: Yes. And, again, if you’re getting these texts, I mean now with the security codes, it’s all in the palm of your hand, right?

Ellen Rinaldi: We’re putting a management of security in your own hands. A piece of this is something that you can manage yourself. A lot of people, when we get calls in, feel helpless. They feel like they can’t do something. And part of the message we’re trying to give you here is: there’s a lot you can do.

Emily Farrell: Okay. Yes, I mean, again, already I’m like taking mental notes of what we’ve got, to go through the checklist this evening to make sure. So just in terms of that what if types of questions, got another question early on in registration. And David from California asked, “How can I protect my account to avoid hacking?” Jeff, I mean there’s probably a lot there, so maybe we need to unbundle it a little bit.

Jeffrey Lampinski: I think Ellen covered a lot of that. I like to use the analogy: view your account as you would your home. So you want to put good, preventive controls at the front door; at the front door, on the windows. You want to make sure you have very good, secure controls, a good deadbolt on your front door, for example. That’s what Ellen was referring to when she got into the authentication strategy. You want to have a unique user ID. You want to have a very strong password, 6 to 20 characters, alphanumeric, uppercase, throw in some special characters. You want to subscribe to that multifactor authentication. You might want to consider the security key. All of those I consider the front-door preventive controls to keep the bad actors out of your house, keep them out of your account.

God forbid they get in, you want to have very good detective controls now within your home. So if somehow a bad actor was able to get into an account, you want those detective controls we just discussed, those account activity alerts. You want to know that like a bad actor might be moving around your home and a motion detector would alert. You want to know that they’re moving around within your account. They’re changing your email address. They might add a bank. They may try to make an exchange or a redemption. So that’s the best way I think in my opinion to fortify your accounts.

And while I’ve said all that, just be vigilant. It’s one thing to sign up for the account alerts and then not pay attention to them. If you’re going to sign up, be very vigilant. It requires a little bit of work, but an ounce of prevention is worth a pound of cure in this space.

Emily Farrell: Makes a lot of sense. Ellen, go ahead.

Ellen Rinaldi: And a couple of points I would add to that is I think his question was what happens if I get hacked? Right?

Emily Farrell: Yes.

Ellen Rinaldi: So if he gets hacked, then there’s a method. There’s a couple things he should be doing. He certainly should be calling us because we’d lock down his account. He should be calling other financial institutions because if there’s an issue with one financial institution, there’s likely an issue with another because many people use the same user names and passwords for all their financial services accounts regardless of how many times we ask them not to do that. And then they need to report it. Right?

Jeffrey Lampinski: Yes, that’s right.

Ellen Rinaldi: And they would go to the FTC for that.

Emily Farrell: Which is?

Jeffrey Lampinski: It’s a fantastic resource. The Federal Trade Commission.

Jeffrey Lampinski: Probably one of the best resources on identity theft. Go to something specifically identitytheft.gov. It’s connected to the FTC. But if someone does actually compromise an account and get into your account, you can logically say you’re the victim of identity theft because they have enough of your ID to access your account. And so as Ellen indicated, there are certain remedies available. If that happens, you can go to any one of the consumer credit reporting agencies and report that you’re the victim of identity theft. You can ask that they put a 90-day initial fraud alert on your account. If they do that and someone tries to apply for credit in your name, they have a requirement to actually call you and verify that it is you applying for credit.

If you’ve actually been the victim of identity theft—where this would be a case where you have been—you could actually have a seven-year fraud alert put on your account. It entitles you to six free credit reports, two from each of the credit consumer reporting agencies, and you can go so far as if you want to freeze your credit. It’s very powerful actually freeze your credit so that even you cannot apply for credit. It is frozen. I think there’s a small fee—It depends upon each state—It might be $10 to unfreeze the credit. But if you don’t expect to use your credit for any length of time, it’s a very good option to protect your credit.

Emily Farrell: So that’s actually a great point, and I remember that we have a viewer submitted question about this. So I guess you’re talking about a credit lock?

Jeffrey Lampinski: Credit freeze, yes.

Emily Farrell: Yes, “So I have a credit lock at all three credit reporting agencies. Am I safe if my identity is stolen?”

Ellen Rinaldi: Only partially. Right? As to applications for credit, yes.

Jeffrey Lampinski: No one’s going to obtain credit in your name.

Ellen Rinaldi: But as to any of the rest of your information—your health information, etc.—that still could be open to being used by one of the bad actors. So that locks down a piece of it. And as we’re talking about freezing credit, etc., you’ve got an 11-month-old, right?

Emily Farrell: I do, yes.

Ellen Rinaldi: That 11-month-old has a Social Security number, right?

Emily Farrell: Yes, he does.

Ellen Rinaldi: You might think about locking his credit.

Emily Farrell: Yes, well that’s a great point.

Jeffrey Lampinski: Defensively, yes. Lock it down.

Ellen Rinaldi: Defensively. Now there is absolutely no reason why his credit should be – his name. He’s got a name. He’s got an address. He’s got a Social Security number.

Emily Farrell: Yes, that’s a good point.

Ellen Rinaldi: There’s information about him probably on Facebook, etc. Doesn’t hurt until they’re at an age where they can use it.

Emily Farrell: That is a great tip and, hopefully he’s not opening any credit cards at least personally.

Ellen Rinaldi: I hope not. Not yet.

Jeffrey Lampinski: Just to follow-up to Ellen’s point, just freezing credit or even going to the credit bureaus for a fraud alert is not sufficient. To really protect yourself fully against identity theft, you do have to go to your other financial institutions. You do have to change your user ID and password at those institutions.

A lot of that I have a guide here. And this is probably the only hard copy in existence any longer. It’s old. I don’t let it out of my hands. But this is probably one of the best resources I’ve ever seen on how to respond if your identity is stolen. It’s now available in a PDF format if you simply search this title Take Charge: Fighting Back Against Identity Theft if you want a soft copy. But if you go to identitytheft.gov, it is all there now automated so in the event you want to report you’re the victim of identity theft, it takes you now digitally and logically through this entire process.

Emily Farrell: Oh wow!

Jeffrey Lampinski: It’s very, very helpful. It’s a great resource.

Emily Farrell: Yes. So just to kind of recap, I mean so we did cover quite a bit there.

Ellen Rinaldi: We did.

Emily Farrell: So we started with, you know, if and why and then it sounds like I think a huge takeaway there is just there is multiple options to avail yourself of and great features whether here at Vanguard as well as out there in the marketplace like your key. That deadbolt analogy I really like that. That’s going to definitely stick with me. And then certainly some really meaningful stuff so you can take in the unfortunate event something does happen.

Jeffrey Lampinski: Yes.

Emily Farrell: So we got a live question actually, and it’s about passwords. So Santana Gonzales asked us, “How often should a password be changed?”

Ellen Rinaldi: Some people say never. Some people say all the time. Bill Gates in 2004 said, “Passwords were going to be dead.” I think their death was sadly overestimated.

Look, I think that your passwords—because they’re required at this stage of the game for purposes of authentication—should be as strong as you reasonably can make them. I do believe that. I think that the difficulty with that is that they can get complicated and you don’t remember them—I know people who intentionally don’t remember them so they never have to have the same password and they change it every time they access a particular site.

Emily Farrell: Wow.

Ellen Rinaldi: That’s a lot of work.

Emily Farrell: It is.

Ellen Rinaldi: But that’s where those password managers can come in.

Emily Farrell: Right, you mentioned that before.

Ellen Rinaldi: You can store passwords in them. I change passwords personally every three months. That’s what I do.

Emily Farrell: Fairly easy to remember.

Ellen Rinaldi: Every three months I change them.

Jeffrey Lampinski: It’s really a personal preference.

Ellen Rinaldi: It’s a personal preference. Some people never change them.

Emily Farrell: But to your earlier point, and, Jeff, I think you mentioned it, it’s password strength that is kind of the bigger factor.

Jeffrey Lampinski: Password strength and then never using it beyond the one institution.

Ellen Rinaldi: Never using the same one.

Emily Farrell: Right, and that’s what Ellen pointed out earlier too.

Jeffrey Lampinski: Don’t use it elsewhere.

Ellen Rinaldi: Don’t use it elsewhere and don’t reuse the same one. Sometimes people will use the same password and add a number and change the number at the end. That is not hard for someone to break.

Emily Farrell: Yes, absolutely.

Ellen Rinaldi: Someone asked me once advice on how to come up with a password that would be very unique. And I said, “Well, you can do what I do. I take old ‘60s and ‘70s songs that I know really well, and I take the first line of a particular song, a lyric, a passphrase.”

Jeffrey Lampinski: It’s a passphrase. A passphrase.

Ellen Rinaldi: I use a passphrase. And it’s very, very difficult to break that. You’ll take the beginning letters, end letters, maybe the year that the song was played and it actually makes it a little more fun too. Passwords aren’t fun.

Emily Farrell: You’ll just be bopping around while you’re putting in your security code.

Ellen Rinaldi: There you go. Right.

Emily Farrell: Well there’s probably a lot of us who are sitting ashamed wondering if there’s a pet name or a birthdate sitting out there, right?

Ellen Rinaldi: Oh yes. Yes. Or the word password, which…

Jeffrey Lampinski: The number one password is password.

Ellen Rinaldi: The number one password has always been password.

Emily Farrell: Is that for real?

Jeffrey Lampinski: Yes.

Emily Farrell: Wow! Okay. So if any of us are doing, and we’re not going to point fingers, we’re going to take some better steps.

Ellen Rinaldi: You know, advice is do what you’re comfortable with. I recommend myself I change them every three months. Different passwords for each financial institution and very different passwords.

Emily Farrell: I do want to go back to the password manager because another viewer, Barbara from Colorado, asked us if it’s a good idea to use a password manager. And it sounds like that’s in the affirmative.

Ellen Rinaldi: Risk and convenience.

Emily Farrell: There you go.

Ellen Rinaldi: You’re going to be storing all your passwords at a particular cloud provider. You have to be comfortable with that. You can use it just to store them. You can use it to generate passwords for you and to actually pass that password to a website. So all of those kinds of services are available if you feel like you want it. Again, it’s another choice. It’s another tool that’s put in your hands to make a decision as to how you want to protect your assets.

Emily Farrell: Okay, great. And, actually, the second part of that question was what to do instead. And I guess we kind of covered a couple of those things, the key, the code.

Ellen Rinaldi: The key, the code, a song, whatever.

Emily Farrell: I’m going to remember that. Clearly not the right one though. So just going to get into some more of these what ifs and kind of real practical questions that you all came up with some great questions right off the bat. So, again, passwords. And Don asked us, “Please address complexity and frequency of update and use of passwords.”

Now when I read this question, I’m assuming now complexity is kind of the construction of the password.

Jeffrey Lampinski: Um-hmm.

Ellen Rinaldi: You want to take that, Jeff?

Jeffrey Lampinski: Yes. We recommend at minimum 6 characters. We go up to a maximum of 20 characters. Alphanumeric—so numbers, letters, case, upper case, lower case, and then also to mix in some special figures or special symbols.

Ellen Rinaldi: Special characters.

Jeffrey Lampinski: Special characters.

Emily Farrell: And special characters are not ‘60s songs.

Ellen Rinaldi: No.

Emily Farrell: It’s a different kind of special.

Jeffrey Lampinski: The pound sign.

Ellen Rinaldi: Dollar sign, the pound sign.

Jeffrey Lampinski: A good combination of those would be considered quite secure.

Emily Farrell: And then we got to frequency as well too, again, the preference.

Jeffrey Lampinski: Yes.

Emily Farrell: So that we covered part of that question already.

Jeffrey Lampinski: Can I just add one thing about the user ID?

Emily Farrell: Yes, absolutely. User ID, okay. It’s the other part.

Jeffrey Lampinski: User ID is, obviously, the first piece of information you enter. Make sure that it’s unique, please. Don’t use it elsewhere, but make sure it’s unique. We find a number of clients who use first initial, last name.

Ellen Rinaldi: All the time.

Jeffrey Lampinski: That is not unique.

Emily Farrell: Trust me, I do not.

Jeffrey Lampinski: Trust me the bad actors are guessing at passwords every day on our websites. Every day. Through automated systems, through botnets they are guessing at user IDs every day. And they will bump into something like that quite easily. They’ll harvest it. Then they’ll come back and then try to guess the password. So use a very unique user ID.

Emily Farrell: Okay. All right. Those are all great, great suggestions. So another really practical question from Gene in St. Cloud Minnesota. Asked us, “When using public wi-fi, does the Vanguard app protect my data or do I need VPN service as well to encrypt data transmission?”

Ellen Rinaldi: Oh Gene, Gene, please don’t use public wi-fi when you’re accessing your financial assets.

Emily Farrell: Okay, so that’s the first takeaway.

Ellen Rinaldi: Please, please don’t do that.

Emily Farrell: Okay. So the idea of being a secure network first and foremost.

Ellen Rinaldi: Right. Now is an app a better choice than a web browser? It’s a little bit better of a choice than a web browser because browsers have more vulnerabilities or more opportunities for an attack. But relatively speaking, your data is going to be sniffed at a hotel wi-fi or a Starbucks wi-fi. Those are open wi-fi networks. I don’t care if the hotel gives you a password that says, “Room 17” or whatever, your room on it, those are all open. And please don’t think that they’re not going to get your data.

Jeffrey Lampinski: And they can be easily spoofed.

Ellen Rinaldi: Oh yes.

Jeffrey Lampinski: You might think you’re on the airport wi-fi and you’re not on the airport wi-fi.

Emily Farrell: Oh, I see.

Jeffrey Lampinski: You’re on something that looks like the airport wi-fi.

Emily Farrell: Oh man.

Ellen Rinaldi: Right. When you open it up and you’re looking on your iPad or whatever and you see three or four and that one looks like it’s legitimate and it’s not.

Jeffrey Lampinski: It’s not.

Ellen Rinaldi: You’ve just signed into a bad actors wi-fi. And they just harvest whatever they can.

Jeffrey Lampinski: Now, one option, Ellen, would be a private VPN.

Ellen Rinaldi: A private VPN.

Emily Farrell: And, actually, Gene got to that.

Jeffrey Lampinski: Okay, good.

Emily Farrell: So what is a VPN, first and foremost?

Jeffrey Lampinski: Private VPN is something you can subscribe to. They’re very inexpensive. I’ve seen some for less than $35 per year. So subscribe to the service so that you have your own virtual private network. It creates a tunnel, a secure tunnel between you and whomever you’re communicating with. And it’s encrypted and it’s very secure. So a private VPN is an option.

Ellen Rinaldi: And your cell providers offer them. Not for free. They do charge a fee. I haven’t priced them out, but if everyone’s saying, “All right, VPN, where do I get it?” You can go to your cell provider for it.

Jeffrey Lampinski: Sure, you can do that. There are services like a Consumer Reports. There are services that rate the top ten. You can just simply do some internet research; you’ll find them.

Emily Farrell: Okay, that’s a good tip.

Ellen Rinaldi: Again, another choice.

Emily Farrell: There you go.

Ellen Rinaldi: I keep hitting on this. It’s another choice to help protect yourself.

Emily Farrell: Yes. Absolutely. Well, I’m learning so much. In fact, actually, we just got a live question and even I think I now can answer this.

Ellen Rinaldi: All right!

Emily Farrell: And Tanya asks, “Is Wi-Fi at a library safe?”

Ellen Rinaldi: No.

Emily Farrell: You beat me to it, Ellen.

Jeffrey Lampinski: Nor is any desktop sitting in a library or at a hotel cubicle; they are not safe.

Emily Farrell: So, again, the idea of public access to a computer.

Jeffrey Lampinski: Yes.

Ellen Rinaldi: Often times when we’re traveling, I will see somebody at that desk. And instead of just going for their boarding pass, they’re jumping onto their email account.

Jeffrey Lampinski: Yes.

Ellen Rinaldi: And, you know, it’s about done by then. It’s only a matter of time.

Jeffrey Lampinski: You have to assume that gets compromised. If you approach those public types of machines with an understanding that they’re likely compromised, you’ll be in much better condition.

Emily Farrell: Okay. So I have a follow-up question. And I can’t take credit for this because, again, these are all great questions, but I’m just going to tag onto all of them because it’s now my own curiosity. But Michael from Connecticut asks something that’s a little similar, but I think maybe there’s a little nuance here: “I’ve always been reluctant to access my financial accounts while traveling.” So maybe a little bit of a good idea there, Michael. “Am I safe using my Vanguard app to access my info if I’m on an open network like a hotel? What about operating over cellular?” So, again, this is a little different. I guess it’s on your phone Michael’s referring to.

Ellen Rinaldi: It’s on your phone, but you’re on an open network.

Emily Farrell: Oh okay, so it’s still the same.

Ellen Rinaldi: It’s the open network. So it doesn’t really matter where you’re going. Whether you’re going to the Vanguard app or you’re going to Bank of America’s app or you’re going to anyone’s app, that’s an unsecure line and that can be sniffed. And the bad actors are not stupid. They are there. They are at all those locations, and they do sniff out that data and harvest it. And they may only get a piece of your data that time. But they can put it together with other data.

Jeffrey Lampinski: That’s right.

Emily Farrell: And then to the second part of his question—so cellular, going back to turning off the Wi-Fi?

Ellen Rinaldi: Cellular doesn’t make any difference.

Emily Farrell: Got you, okay.

Ellen Rinaldi: Whether you’re on a desktop or you’re on your cellular line, the VPN would make a difference. That’s a secure tunnel.

Emily Farrell: Secure tunnel.

Ellen Rinaldi: Think about that. Your data’s just going through something that’s completely protected. Nobody can get at it.

Emily Farrell: Okay. All right.

Ellen Rinaldi: Otherwise, you’re throwing it out, waiting for somebody to catch it.

Emily Farrell: Just throwing it up in the air.

Ellen Rinaldi: That’s right—name, address, Social Security number, password—whoever wants to catch it.

Emily Farrell: So, Michael, it sounds like you have a healthy sense of paranoia, but probably for good reason.

Ellen Rinaldi: Keep it up, Michael.

Emily Farrell: Yes, absolutely.

Ellen Rinaldi: We want Michael to keep that up.

Jeffrey Lampinski: We should all have a healthy sense of paranoia.

Emily Farrell: Hey, it sounds like it, right?

Jeffrey Lampinski: Yes.

Emily Farrell: And, certainly, rather safe than sorry, I would imagine.

Ellen Rinaldi: Right.

Emily Farrell: So another question on passwords actually. And, Ellen, I think you kind of touched on this a little bit. But will passwords become a thing of the past? And if so, when? It sounds like somebody important predicted it, but it hasn’t yet come true.

Ellen Rinaldi: Right, I had mentioned Bill Gates had said something in 2004 saying passwords are just going to be gone very shortly. And, of course, here we are in 2018 and they are still here. But there are other methods of authentication that are starting to emerge. These security keys are one method. Certainly, security codes help. We have biometrics that are coming in now. There are a number of providers out there—there’s Microsoft, there’s Google, there’s Apple—they’re all trying to test different ways to authenticate you that relate to your person. The way you type, what you access, how you do that, your geo location, something we use all the time as well, right?

Jeffrey Lampinski: Yes.

Ellen Rinaldi: With all those factors, what the industry is trying to do is figure out a way to package those up so that they are a strong method of authentication. And we’re just not there yet. So user names and passwords are going to be around for a little while, but I would not say they’re going to be here forever.

Jeffrey Lampinski: Probably not. Well, I think you’ll always have a user ID certainly, but passwords may disappear. Facial recognition is one that Ellen didn’t mention, but it’s another biometric form of authentication. Iris scan is another.

Emily Farrell: It’s definitely dynamic, right?

Jeffrey Lampinski: Yes.

Emily Farrell: The industry, to your point, is changing dramatically.

Ellen Rinaldi: It is.

Emily Farrell: Lots of latest cutting-edge things and exploring all of those different options.

Ellen Rinaldi: They have to become very reliable, they have to be inexpensive enough to use broadly, and they have to be scalable.

Emily Farrell: Absolutely, right. And then, obviously, the cost element too. And I think, Jeff, you talked about a couple different options there. And probably surprising to those at home that they’re fairly affordable options that you could avail yourself to.

Jeffrey Lampinski: Yes.

Emily Farrell: So, again, lots of great questions, and I keep going through them. So this is kind of switching back to identity theft and if something were to happen. So in this specific question, Jason asked about identity theft insurance. And he asked if it was worth the cost. Or is vigilant monitoring of accounts and other good identity protection habits sufficient?

Jeffrey Lampinski: I’m going to offer a personal opinion.

Emily Farrell: Okay, sure.

Jeffrey Lampinski: I’m not speaking for Vanguard; this is my personal opinion. I think that if you exercise some vigilance, that if you put in place those very strong authentication controls on the front end, and then you put in place those detective controls, account activity alerts, on your accounts—no matter where you bank, no matter where you save—and then you pay attention to them—it requires some work—I think that vigilance is going to give you a pretty good sense of trust that your accounts are safe.

Jeffrey Lampinski: Now it requires work, so if you don’t have the time or you don’t want to put that kind of effort in, then certainly these LifeLock type services will do it for you. I think it’s really a question of convenience more so than how effective they are, but that’s just my personal opinion.

Ellen Rinaldi: I would add to that that not only do you need the vigilance about what’s happening in your account, you also have to make sure that the devices that you are using to access those accounts are also secure and that your operating systems are up to date, your anti-malware is up to date, and that you’re not going to sites that are going to download malware and those kinds of things. So I think I would add that in.

Ellen Rinaldi: Another thing people don’t oftentimes remember is that when you go on Vanguard’s website, when you sign on, right at the top of the page it tells you when you signed on the last time. And that’s another check to, first of all, test whether or not you remember you were in yesterday. “Oh, I was in yesterday” or “I was in this morning.” But that tells you when the last time somebody was there. And that’s also something that’s part of that check every day.

Jeffrey Lampinski: Just make sure it’s not your aggregator.

Ellen Rinaldi: Yes, which can happen.

Jeffrey Lampinski: That’s exactly right. It will happen.

Emily Farrell: Yes. So, again, it’s almost a kind of security “hygiene” if you will.

Ellen Rinaldi: Correct.

Emily Farrell: So we got a follow-up question, and I do want to go back to it.  Horatio asked us to clarify what are “biometrics”?

Ellen Rinaldi: Biometrics are physical features that can identify you. Biometrics include iris scan, thumbprint, facial recognition, voiceprint. All of those are biometrics.

Emily Farrell: So kind of emerging technology.

Ellen Rinaldi: It is emerging technology. And then there are heuristics, behavioral heuristics, which is the way you behave. You always go to the account balance page. So do most people. I don’t know about anybody else, but I always check my balance first before I do anything else. But you might always check something else. You might always hit a certain kind of key. And those are the behaviors that can be tracked and be part of a whole screen on whether or not you are who you say you are.

Emily Farrell: And, again, I would probably make a plug here for the Security Center because a lot of these options that we’ve talked about are listed there. You can learn how to sign up for them and how to take those steps. There’s the maintenance page in terms of the different alerts that you can sign up for and a  review of what you have and what’s available to you, right?

Ellen Rinaldi: Absolutely.

Emily Farrell: So maybe we’ll call it the “hygiene” category. So here’s another question about opening an unsolicited email, but you don’t click on anything inside. Are you still safe? Jeff, what do you think?

Jeffrey Lampinski: As long as you’ve not clicked on a link or opened an attachment, you are safe. If you do one or the other, you could have an issue. If you clicked on a link, it could download, obviously, malicious malware to your device or your machine. If you open a PDF, any kind of attachment, it could download malicious, again, malware to your device.

Ellen Rinaldi: And a lot of these emails now consolidate pictures. And you have to click on a link to open up the pictures.

Jeffrey Lampinski: It’s any click. That’s right.

Ellen Rinaldi: You don’t want to do that. It’s not necessary because, while the ad providers are trying to keep those clean, those pictures could have malware embedded in them. So just don’t click. I always say to my friends, “If you see an email you think it’s from me but you’re not sure, trust me, I’ll come back and call you if you don’t answer me. So don’t feel like you have to click.”

Emily Farrell: You’ll find them.

Ellen Rinaldi: I will. I will find them.

Emily Farrell: Yes, well, when I was reading this question, I was thinking there’s probably times I’ve just been scrolling through my email maybe on my phone, and you haven’t realized that you’ve opened something. So I guess it’s a little peace of mind knowing that you still can stop in your tracks, pay attention to what you’re looking at, and make sure that you don’t take any additional steps that could put you at risk.

Ellen Rinaldi: And let’s talk about these phishing emails just a little more if that would be all right.

Emily Farrell: Yes, absolutely. Sure.

Ellen Rinaldi: I’m not sure everyone understands that there are billions of these out there. Literally billions of them. And they are one of the cheapest ways for bad actors to get ahold of your information because all they need to do is have a system that is strong enough, using some kind of botnet, to ship out these emails to as broad a group as they possibly can. Very inexpensive for them to do that, and all they need is a couple of hits.

Emily Farrell: Meaning someone to click on them.

Ellen Rinaldi: Somebody clicks on them. So keep that in mind. And they target all financial institutions. They target charitable organizations. Anything they think will cause you to click—a picture of a puppy—you name it, they’ll try it because it can work.

Jeffrey Lampinski: And they’re for rent. You can rent these systems.

Ellen Rinaldi: Yes.

Jeffrey Lampinski: On the Dark Net, it’s very inexpensive to rent a botnet to cast this very wide net of phishing emails.

Ellen Rinaldi: Yes, it’s cheap.

Emily Farrell: I’m glad you dug into this topic a little bit more because we just got another live question from Virginia. “When receiving an email from Vanguard, how do you know it’s authentic? What about URL address?” So maybe you can dig in a little bit. From Vanguard and probably elsewhere, right?

Ellen Rinaldi: Right. What we always try to train everybody to do, including the Vanguard crew, is to hover over the address.

Emily Farrell: So at the top.

Ellen Rinaldi: Right at the top. Hover over that address. You will see vanguard.com, and you will know it’s a valid email. The other thing you can do, which is advice I always take—I don’t care if it’s coming from Vanguard or anywhere else—is I don’t click on that. I go to the website itself.

Emily Farrell: Always a useful step.

Ellen Rinaldi: I sign into the website itself, and I go and do whatever it is that’s been suggested. And that’s always good behavior. I do it all the time.

Emily Farrell: And I guess if you get into that kind of practice, then you can take that same great practice to whatever financial institution or other types of websites you’re dealing with.

Ellen Rinaldi: Correct. You go to your banks, anywhere.

Emily Farrell: Yes. So, again, if you’re thinking about the email, you’re just going to hover over the top. And you’ll see vanguard.com.

Emily Farrell: Okay. Great. It was a great follow-up question.

Ellen Rinaldi: It was a great question.

Emily Farrell: Yes, exactly. So let’s get into some of these other questions. Security measures, and this is security measures recommended for MAC users versus PC users. And that’s from Marvin in Oregon. You think there’s a real difference?

Ellen Rinaldi: I don’t think so. There’s really no difference.

Jeffrey Lampinski: Yes. If you really take security seriously, you should apply these across the board, no matter the device.

Emily Farrell: Okay. All right. So, again, just going through that same due diligence in terms of whether it’s in your email, in terms of accessing your accounts and, again, the third bucket, which is availing yourself of the optional security measures that you can get here at Vanguard or otherwise.

Ellen Rinaldi: We’ve trained you well.

Emily Farrell: I know. I feel like I have learned so much. I always do, but the first thing I’m going to go do tonight is lock down my son’s credit.

Ellen Rinaldi: There you go, it’s your son. Sorry, it’s your son’s credit.

Emily Farrell: Oh, it’s fine. Well, any future kids. I’m going to call my friend and have her do it for her daughter too.

Ellen Rinaldi: Good.

Emily Farrell: Because we just don’t want them running up any kind of shopping bills either. Still too early for that.

So anyway, I want to just make sure that we’ve covered a lot of the different questions. I think a lot of the questions do kind of touch on similar types of topics and probably some of the same advice for different questions. But this, I think, kind of gets to the heart of it and what you had talked about in the beginning, Ellen. Tracy asks us, “How secure is Vanguard’s website when I’m online viewing my account?”

Ellen Rinaldi: Vanguard’s website itself, and I’ll refer to something that Jeff said, we assume that every device that is connecting to Vanguard is compromised. We have to. We have to make sure that your website is always protected so that nothing gets by that firewall other than an authenticated person. And, as we said before, the Vanguard website itself is tested and is protected by a multiple number of cyber protections that you never see—you never know. So can you feel confident after you’ve signed on with your user name and password?

Emily Farrell: And security code.

Ellen Rinaldi: And security code, that’s right. And security code, thank you. Can you feel confident that you are in a safe place to move your assets, to decide whether or not you’re going to change your balance in any way or your allocations? Yes, you can.

Emily Farrell: So it really truly gets to that partnership piece.

Ellen Rinaldi: Absolutely.

Emily Farrell: You’ve done the right steps in advance and then Vanguard on the other side is doing their part.

Ellen Rinaldi: Breathe a sigh of relief.

Jeffrey Lampinski: Yes. I’d like to mention just one other feature of our website, and other institutions offer this. We offer something called “green bar reassurance.”

Ellen Rinaldi: Oh the green bar.

Emily Farrell: Green bar reassurance, okay.

Ellen Rinaldi: It’s at the top.

Jeffrey Lampinski: With certain browsers, and I think it is Chrome and IE, when clients log on to vanguard.com, the bar at the very top will turn green. Now there’s the padlock there. You see that all the time. That padlock can be spoofed quite frankly. The green bar reassurance is very, very difficult to spoof. And you can go so far as to click on the padlock. It will show you that you’re at vanguard.com. You can actually go in and interrogate our certificates, the certificates that we exchange. You can actually get to the certificate authority that issued the certificate.

Ellen Rinaldi: That’s right.

Jeffrey Lampinski: You can see that the certificate is valid; they’re dated. All of that information is there if you want to interrogate it. But that’s a feature we offer. We pay a few more dollars for that, but it gives our clients some level of assurance that they’re not at a phishing site. They’re not at a malicious site that appears to be Vanguard.

Emily Farrell: Okay. So kind of like an “imposter site” if you will.

Jeffrey Lampinski: Yes.

Emily Farrell: So just to recap that: So it’s at the top of your browser, and you’d be looking at where vanguard.com would be or the website—it’ll be green.

Jeffrey Lampinski: Turn green, yes.

Ellen Rinaldi: For certain browsers.

Jeffrey Lampinski: Yes. And there’s some information on that in the Security Center. There’s actually some information on green bar reassurance.

Ellen Rinaldi: You could spend a long time on our Security Center.

Emily Farrell: Yes. Yes. Lots of stuff there.

Ellen Rinaldi: Grab a cup of coffee, sit down in the morning, and read through.

Emily Farrell: Yes. Just not on an open Wi-Fi network.

Ellen Rinaldi: There you go!

Jeffrey Lampinski: Precisely.

Emily Farrell: All right, so we have one last qualifying question. And believe it or not, we’re actually getting close to time. But Grace just wants to know, “What is ‘botnet’?”

Ellen Rinaldi: Great question. Would you like to take that and then I’ll do color commentary?

Jeffrey Lampinski: “Bot” is short for robot. So if a device anywhere out there attached to the internet is compromised and taken over by a bad actor, that bad actor then uses that device as a robot. They use that device to attack their ultimate victim.

A “botnet” is perhaps 1,000, 10,000 of these compromised devices around the world that could well be your desktop.

Ellen Rinaldi: At home.

Jeffrey Lampinski: Frankly, it could be an iKettle anymore, and if these internet of things devices, it could be a thermostat. But they’ve compromised these around the globe, let’s say 10,000, and then all 10,000 are used to either shoot out phishing emails and amass a phishing email campaign or aimed at a particular company to try to take down their website—something called the distributed denial-of-service attack. That’s a botnet. Just think of thousands of robots; they’re actually compromised devices that are being used by the bad actors.

Ellen Rinaldi: Like a picture of all these computers marching at you, right? That’s what it is.

Emily Farrell: And honestly in the least technical sense, it’s the idea, frankly, that there’s lots of risk out there and you really do need to take the right steps. So I mentioned that we are, believe it or not, out of time.

Ellen Rinaldi: That went fast.

Jeffrey Lampinski: Very fast.

Emily Farrell: And with all the notes and things that I need to do tonight—and probably many, many people at home as well too—before we close out, I just wanted to check in to see if there were any final thoughts that you would want to leave our viewers at home with before we sign off for the night. Ellen?

Ellen Rinaldi: I’d say what I’ve already said is that there is a lot in your own hands. There’s a lot you could do to protect yourself.

Emily Farrell: Absolutely.

Ellen Rinaldi: There’s a lot we’re responsible for and we make sure that we do that. And anyway we can help our shareholders, we will do so.

Emily Farrell: Absolutely. Well, definitely a lot to do, a lot to think about, and thank you both so much for all of these valuable insights. I found it really helpful, and I’m sure I’m not alone tonight.

So, again, believe it or not, we are out of time. So before we sign off, I just wanted to ask our audience if they wouldn’t mind just to take a minute. Right on your screen right now is a red Survey widget. We’d love to hear your thoughts about tonight’s discussion as well as different options for webcast discussions in the future.

I want to thank you both so much for being with us. And if anybody missed a section of this really valuable conversation, don’t worry. In just a few weeks, we’ll send you an email with a link to view highlights of today’s webcast along with transcripts for your convenience.

Another plug while you’re here, just check out our new podcast series, The Planner and the Geek, featuring Vanguard’s own Maria Bruno and Joel Dickson. You can access the latest episode from the Resource widget. So, again, just take a moment, select that red Survey widget, and it’s right at the bottom of your screen. We really appreciate your feedback and love any suggestions for future topics.

Now from all of us here at Vanguard, thanks once again for joining us. Have a great evening.

Important information

This webcast is for educational purposes only. We recommend that you consult a tax or financial advisor about your individual situation.

© 2018 The Vanguard Group, Inc. All rights reserved.