No, please don’t try. I’m not extending an open invitation to anyone, but my 401k company is putting us at risk. We recently changed 401k vendors and yesterday in the mail I received my welcome letter and access PIN.
What you see here is at the bottom of the letter, an invitation to write down my social security number along with my PIN, then clip it out and save it. Anyone at work reading this? Well good, here is my advice:
- DON”T write down your SSN
- DO shred the letter and
- DO change your PIN
- The website application doesn’t force me to change the PIN. Come on now. Andy, the ITGuy, count me in for your campaign to make vendors force us all to change the default passwords.
- The letter actually invites or perhaps encourages you to write down your SSN, PIN then clip and save it. Even some 15 years ago when I got my first ATM card, the bank strongly cautioned against writing down my PIN anywhere.
Note: even though the image above says “nCircle Network Security”, we didn’t send out the letters. They were sent by the 401k company. So don’t think for a moment this is some common practice to nCircle. Whats more, I bet every person from many organizations using this large, nationwide company have all been put at risk.
Comments (2)
Andrew,
Are you asking your HR people to complain, and ensure that the 401k company does better in the future?
Posted by Adam | February 24, 2007 11:57 AM
Posted on February 24, 2007 11:57
Yes, sorry, should have included the positive as well as the negative.
I've already engaged with HR to send an email with my suggestions to all our participants as well as follow up with the 401k company. The good news is I apparently wasn't the only one who had concerns. I received a number of emails from employees making similar complaints. Its good to know that the people I work with are conscious to this as well.
--S
Posted by storms | February 24, 2007 2:13 PM
Posted on February 24, 2007 14:13