One moment Dave DeSmidt had $179,000 in his 401(k) retirement account, the next he had nothing.

In the comments on the article, there is some skepticism that it would have been so easy to transfer such a large amount without verification, but the fact remains that somehow, someone managed to get his money. There’s a difficult balance to find between making financial web sites secure while at the same time making it easy for customers to make transactions. The two aims are often at odds with each other because high levels of security are often tedious.

In this case the difference between the owner of the 401(k) and the owner of the bank account would have been more than enough to raise a red flag and that shouldn’t affect honest people trying to make a withdrawal, so it seems like a no brainer. Performing transactions online is so easy, but that’s what makes them scary too. Additionally, there’s no guarantee that this would be resolved by doing what many people in the comments suggested doing, to move all their transactions to phone and regular mail. Thieves can still get to your mailbox (although it is harder because of the geography) and spoofing caller ID isn’t hard. They’re not resolving the problem, just changing it slightly.