I forgot the password for the brokerage account associated with my 401k, so I called the number on the website to get a new password. The only verification to get a new password they needed was my DOB, the last 4 digits of my SSN and my address. Then they just gave me a new password orally instead of emailing it to me.

What's scary about this is that there are probably dozens of companies that have these three of my pieces of information, every financial institution I have an account with, every doctors office I've been to and others. It would be incredibly easy for someone who had access to any one of these companies databases to have gotten into my account and transferred all my money somewhere.

Not something I feel all that comfortable with...