Your 401K money might not be as safe as you think, according to an investigative story on mutual fund customer security written by Susan Antilla, Founding Fellow at TheStreet Foundation. A whistleblower contacted Antilla about security concerns at Vanguard, the largest mutual fund, after discovering that access can be gained to online accounts even with typographical errors made on online prompts such as the ‘secret question.’ When brought to Vanguard’s attention, the firm told Antilla that it has recently put in additional security measures. Antilla also found a similar problem at Charles Schwab (SCHW), and was told by Schwab that the problem will be fixed by the end of the year. Antilla said mutual fund companies are constantly balancing security against customer convenience, and securities experts told her companies don't want to make access to customer accounts so difficult that they lose customers to a competitor. Antilla said most of the firms give some guarantee that they will pay you back if there is unauthorized access to your account, but only if the customer takes some responsibility. Customers are required to have an online password unique to their account, firewall and anti-spyware protection on their computer, and they also must regularly check their accounts.