Issues with Fidelity Two-Factor Authentication (2FA)

Have a question about your personal investments? No matter how simple or complex, you can ask it here.
Post Reply
Topic Author
careerdata
Posts: 329
Joined: Sat Sep 09, 2017 7:12 pm

Issues with Fidelity Two-Factor Authentication (2FA)

Post by careerdata »

Has anyone had an issue with Fidelity's two-factor authentication (2FA) not working? I set 2FA up several months ago with Fidelity. It worked correctly for a while but then it just stopped. I had it set up to call me with the one-time passcode but now when I enter my username and password it lets me right into my Fidelity.com account. I have never once had an issue where my Vanguard account let me in without requiring the one-time passcode.

Today I called into Fidelity to see if they could figure out what the issue was and all they could think to do was reset the authentication. They said that should fix it but I went back in after the call and it still allowed me into the account without the passcode. My security setting on the website says I have 2FA activated anytime I check it so I am not sure what to do next to get it working again.

I don't know if these factors mean anything but I always use the same computer, a MacBook, to access my account and I always use Chrome as the browser.

Any suggestions?

Thanks!

Joe
User avatar
walkabout
Posts: 889
Joined: Wed May 25, 2011 8:28 am
Location: Northern Alabama

Re: Issues with Fidelity Two-Factor Authentication (2FA)

Post by walkabout »

Often, sites with 2FA allow you to say that you ”trust” the computer you are using. If you answer “yes”, the site won’t prompt you for your 2FA code for future logins from that computer. Maybe you gave some indication to the site that you would like to skip 2FA from this computer in the future?

Two ways to test:
1. Open a “private” or “incognito” tab from your browser and try logging in. This might prompt you for your 2FA code.
2. Try loggin in from a completely different computer. This should definitely prompt you for your 2FA code.
User avatar
anon_investor
Posts: 15111
Joined: Mon Jun 03, 2019 1:43 pm

Re: Issues with Fidelity Two-Factor Authentication (2FA)

Post by anon_investor »

careerdata wrote: Sat Oct 16, 2021 7:02 pm Has anyone had an issue with Fidelity's two-factor authentication (2FA) not working? I set 2FA up several months ago with Fidelity. It worked correctly for a while but then it just stopped. I had it set up to call me with the one-time passcode but now when I enter my username and password it lets me right into my Fidelity.com account. I have never once had an issue where my Vanguard account let me in without requiring the one-time passcode.

Today I called into Fidelity to see if they could figure out what the issue was and all they could think to do was reset the authentication. They said that should fix it but I went back in after the call and it still allowed me into the account without the passcode. My security setting on the website says I have 2FA activated anytime I check it so I am not sure what to do next to get it working again.

I don't know if these factors mean anything but I always use the same computer, a MacBook, to access my account and I always use Chrome as the browser.

Any suggestions?

Thanks!

Joe
Are you using 2FA via SMS or the Symantec VIP Access app?
dave1054
Posts: 275
Joined: Wed Apr 01, 2009 7:50 am

Re: Issues with Fidelity Two-Factor Authentication (2FA)

Post by dave1054 »

Walkabout is correct. I had same issue. You must have clicked yes when asked if you trust this computer. Never had this issue with Vanguard. You will need to reset 2FA and never click yes if that question pops up again
JimmyK
Posts: 30
Joined: Sat Jul 04, 2020 12:01 pm

Re: Issues with Fidelity Two-Factor Authentication (2FA)

Post by JimmyK »

It appears Fidelity has elected for users to bypass a passcode being sent on computer's IP addresses that they recognize. Vanguard has true 2FA, where a passcode is always sent to your phone even if they recognize your IP address. I believe this has nothing to do with accepting login account storage with your userid/password. Many companies are also struggling with voice recognition security. I recommend you use a computer solely dedicated to financial transactions, operating system always immediately updated, and a strong password to login into your computer. Keep this dedicated computer away from internet surfing and email clicks.
Topic Author
careerdata
Posts: 329
Joined: Sat Sep 09, 2017 7:12 pm

Re: Issues with Fidelity Two-Factor Authentication (2FA)

Post by careerdata »

walkabout wrote: Sat Oct 16, 2021 8:07 pm Often, sites with 2FA allow you to say that you ”trust” the computer you are using. If you answer “yes”, the site won’t prompt you for your 2FA code for future logins from that computer. Maybe you gave some indication to the site that you would like to skip 2FA from this computer in the future?

Two ways to test:
1. Open a “private” or “incognito” tab from your browser and try logging in. This might prompt you for your 2FA code.
2. Try loggin in from a completely different computer. This should definitely prompt you for your 2FA code.
Thank you! I tried with the same computer (MacBook) but by opening up a) Safari and then b) Incognito under Chrome and sure enough both pinged me to ask for the passcode. Next, I shut down the MacBook and then rebooted to see if Chrome would also now ping me to request the passcode but it brought me right into the Fidelity language page without requesting the passcode. I did not check the "remember this computer" box on either Safari or Incognito so I could use those going forward but I am hoping I can figure out how to get Chrome to reset as that is my default browser with all my bookmarks.
marcopolo
Posts: 8411
Joined: Sat Dec 03, 2016 9:22 am

Re: Issues with Fidelity Two-Factor Authentication (2FA)

Post by marcopolo »

JimmyK wrote: Sat Oct 16, 2021 10:20 pm It appears Fidelity has elected for users to bypass a passcode being sent on computer's IP addresses that they recognize. Vanguard has true 2FA, where a passcode is always sent to your phone even if they recognize your IP address. I believe this has nothing to do with accepting login account storage with your userid/password. Many companies are also struggling with voice recognition security. I recommend you use a computer solely dedicated to financial transactions, operating system always immediately updated, and a strong password to login into your computer. Keep this dedicated computer away from internet surfing and email clicks.
I doubt it has anything to do with IP addresses.
It is typically done through cookies in your browser.
You are given an option to say if the computer you are using is a trusted device. If so a cookie, often with a limited lifetime is stored specific to that browser that bypasses the 2FA just for that device using that browser.
This is a quite common feature of many web sites that use 2FA
If you don't want this to happen, you can say no, or you can use private or incognito mode which disables saving of those cookies.
Once in a while you get shown the light, in the strangest of places if you look at it right.
marcopolo
Posts: 8411
Joined: Sat Dec 03, 2016 9:22 am

Re: Issues with Fidelity Two-Factor Authentication (2FA)

Post by marcopolo »

careerdata wrote: Sat Oct 16, 2021 10:39 pm
walkabout wrote: Sat Oct 16, 2021 8:07 pm Often, sites with 2FA allow you to say that you ”trust” the computer you are using. If you answer “yes”, the site won’t prompt you for your 2FA code for future logins from that computer. Maybe you gave some indication to the site that you would like to skip 2FA from this computer in the future?

Two ways to test:
1. Open a “private” or “incognito” tab from your browser and try logging in. This might prompt you for your 2FA code.
2. Try loggin in from a completely different computer. This should definitely prompt you for your 2FA code.
Thank you! I tried with the same computer (MacBook) but by opening up a) Safari and then b) Incognito under Chrome and sure enough both pinged me to ask for the passcode. Next, I shut down the MacBook and then rebooted to see if Chrome would also now ping me to request the passcode but it brought me right into the Fidelity language page without requesting the passcode. I did not check the "remember this computer" box on either Safari or Incognito so I could use those going forward but I am hoping I can figure out how to get Chrome to reset as that is my default browser with all my bookmarks.
Delete your cookies in the browser that is doing this.
Once in a while you get shown the light, in the strangest of places if you look at it right.
Topic Author
careerdata
Posts: 329
Joined: Sat Sep 09, 2017 7:12 pm

Re: Issues with Fidelity Two-Factor Authentication (2FA)

Post by careerdata »

dave1054 wrote: Sat Oct 16, 2021 8:31 pm Walkabout is correct. I had same issue. You must have clicked yes when asked if you trust this computer. Never had this issue with Vanguard. You will need to reset 2FA and never click yes if that question pops up again
Thank you! Fidelity said they reset my 2FA today but I guess Chrome is still remembering that I must have checked the "remember this computer" box in the past. Maybe the 2FA reset on Fidelity's end is not immediate. I will try again tomorrow on Chrome to see what happens unless you or someone in the community is aware of how I can reset that on my end.

Joe
marcopolo
Posts: 8411
Joined: Sat Dec 03, 2016 9:22 am

Re: Issues with Fidelity Two-Factor Authentication (2FA)

Post by marcopolo »

careerdata wrote: Sat Oct 16, 2021 10:43 pm
dave1054 wrote: Sat Oct 16, 2021 8:31 pm Walkabout is correct. I had same issue. You must have clicked yes when asked if you trust this computer. Never had this issue with Vanguard. You will need to reset 2FA and never click yes if that question pops up again
Thank you! Fidelity said they reset my 2FA today but I guess Chrome is still remembering that I must have checked the "remember this computer" box in the past. Maybe the 2FA reset on Fidelity's end is not immediate. I will try again tomorrow on Chrome to see what happens unless you or someone in the community is aware of how I can reset that on my end.

Joe
Go into chrome settings and delete your cookies.
That will cause it to forget that you told it this was a trusted computer.
Once in a while you get shown the light, in the strangest of places if you look at it right.
Topic Author
careerdata
Posts: 329
Joined: Sat Sep 09, 2017 7:12 pm

Re: Issues with Fidelity Two-Factor Authentication (2FA)

Post by careerdata »

marcopolo wrote: Sat Oct 16, 2021 10:40 pm
JimmyK wrote: Sat Oct 16, 2021 10:20 pm It appears Fidelity has elected for users to bypass a passcode being sent on computer's IP addresses that they recognize. Vanguard has true 2FA, where a passcode is always sent to your phone even if they recognize your IP address. I believe this has nothing to do with accepting login account storage with your userid/password. Many companies are also struggling with voice recognition security. I recommend you use a computer solely dedicated to financial transactions, operating system always immediately updated, and a strong password to login into your computer. Keep this dedicated computer away from internet surfing and email clicks.
I doubt it has anything to do with IP addresses.
It is typically done through cookies in your browser.
You are given an option to say if the computer you are using is a trusted device. If so a cookie, often with a limited lifetime is stored specific to that browser that bypasses the 2FA just for that device using that browser.
This is a quite common feature of many web sites that use 2FA
If you don't want this to happen, you can say no, or you can use private or incognito mode which disables saving of those cookies.
Thank you! I cleared the cookies on Chrome and tried logging into Fidelity.com again and it prompted me to request the passcode! I will remember this for the future in case I forget and check the "remember this device" box by mistake when using one of the sites I have 2FA activated.

Greatly appreciated!

Joe
Topic Author
careerdata
Posts: 329
Joined: Sat Sep 09, 2017 7:12 pm

Re: Issues with Fidelity Two-Factor Authentication (2FA)

Post by careerdata »

marcopolo wrote: Sat Oct 16, 2021 10:49 pm
careerdata wrote: Sat Oct 16, 2021 10:43 pm
dave1054 wrote: Sat Oct 16, 2021 8:31 pm Walkabout is correct. I had same issue. You must have clicked yes when asked if you trust this computer. Never had this issue with Vanguard. You will need to reset 2FA and never click yes if that question pops up again
Thank you! Fidelity said they reset my 2FA today but I guess Chrome is still remembering that I must have checked the "remember this computer" box in the past. Maybe the 2FA reset on Fidelity's end is not immediate. I will try again tomorrow on Chrome to see what happens unless you or someone in the community is aware of how I can reset that on my end.

Joe
Go into chrome settings and delete your cookies.
That will cause it to forget that you told it this was a trusted computer.
Clearing the cookies was the magic solution to get Fidelity's 2FA to start working once again on Chrome. It doesn't appear that resetting 2FA at Fidelity earlier today had any impact on my MacBook so it was definitely the cookies causing the issue and, of course, me checking the "remember this device" box apparently at some point. So bad on me!

Many thanks for helping solve the mystery!

Joe
Topic Author
careerdata
Posts: 329
Joined: Sat Sep 09, 2017 7:12 pm

Re: Issues with Fidelity Two-Factor Authentication (2FA)

Post by careerdata »

JimmyK wrote: Sat Oct 16, 2021 10:20 pm It appears Fidelity has elected for users to bypass a passcode being sent on computer's IP addresses that they recognize. Vanguard has true 2FA, where a passcode is always sent to your phone even if they recognize your IP address. I believe this has nothing to do with accepting login account storage with your userid/password. Many companies are also struggling with voice recognition security. I recommend you use a computer solely dedicated to financial transactions, operating system always immediately updated, and a strong password to login into your computer. Keep this dedicated computer away from internet surfing and email clicks.
I really appreciate this advice! Although I was able to get Chrome to recognize 2FA by following the helpful recommendation of other responders to clear the cookies, the reality is that my MacBook is very old and I have a newer ThinkPad that has the latest operating system. So I am going to do as you suggested and use the ThinkPad for checking our bank accounts, paying the credit cards off each month, and checking Fidelity and Vanguard, where all our retirement accounts are.

Your comment on Vanguard is interesting in that I think I have checked the "remember this device" box or something similar on their website but, come rain or shine, Vanguard's website always forces me to go through 2FA. Maybe Fidelity can do something similar to foolproof the process for end-users like me who unintentionally disable 2FA on their computers.

My passwords would likely be classified as weak so I need to do some work on that as well!

Thank you again for your very helpful advice!

Joe
Topic Author
careerdata
Posts: 329
Joined: Sat Sep 09, 2017 7:12 pm

Re: Issues with Fidelity Two-Factor Authentication (2FA)

Post by careerdata »

anon_investor wrote: Sat Oct 16, 2021 8:12 pm
careerdata wrote: Sat Oct 16, 2021 7:02 pm Has anyone had an issue with Fidelity's two-factor authentication (2FA) not working? I set 2FA up several months ago with Fidelity. It worked correctly for a while but then it just stopped. I had it set up to call me with the one-time passcode but now when I enter my username and password it lets me right into my Fidelity.com account. I have never once had an issue where my Vanguard account let me in without requiring the one-time passcode.

Today I called into Fidelity to see if they could figure out what the issue was and all they could think to do was reset the authentication. They said that should fix it but I went back in after the call and it still allowed me into the account without the passcode. My security setting on the website says I have 2FA activated anytime I check it so I am not sure what to do next to get it working again.

I don't know if these factors mean anything but I always use the same computer, a MacBook, to access my account and I always use Chrome as the browser.

Any suggestions?

Thanks!

Joe
Are you using 2FA via SMS or the Symantec VIP Access app?
I was using 2FA via SMS. Is the Symantec app something that provides ever better security? We have just over $1 million in our 401(k)s and Roth IRAs split between Fidelity and Vanguard and that is most of our current net worth so the more security the better. We still rent so most of our remaining net worth is in our Bank of America savings account, which I do not believe has 2FA currently, but I will see if we can get that added as well to make things even tighter.

Thanks!

Joe
brad.clarkston
Posts: 1726
Joined: Fri Jan 03, 2014 7:31 pm
Location: Kansas City, MO

Re: Issues with Fidelity Two-Factor Authentication (2FA)

Post by brad.clarkston »

JimmyK wrote: Sat Oct 16, 2021 10:20 pm It appears Fidelity has elected for users to bypass a passcode being sent on computer's IP addresses that they recognize. Vanguard has true 2FA, where a passcode is always sent to your phone even if they recognize your IP address. I believe this has nothing to do with accepting login account storage with your userid/password. Many companies are also struggling with voice recognition security. I recommend you use a computer solely dedicated to financial transactions, operating system always immediately updated, and a strong password to login into your computer. Keep this dedicated computer away from internet surfing and email clicks.

This is not a purple vs green agreement about what broker you think is better. 2FA is an open format there is not multiple ways of doing it.
This is simply a user issue with the way browsers work.

The best advice I can give is to go into every browser you have and turn off it's terrible password manager. Then check the "never remember" on passwords and cookies. Install ether BitWarden (open source), 1password, or LasPass for a better password manager.
70% AVGE | 20% FXNAX | 10% T-Bill/Muni
User avatar
VictorStarr
Posts: 746
Joined: Sat Jan 04, 2020 9:13 pm
Location: Washington

Re: Issues with Fidelity Two-Factor Authentication (2FA)

Post by VictorStarr »

careerdata wrote: Sat Oct 16, 2021 7:02 pm Has anyone had an issue with Fidelity's two-factor authentication (2FA) not working? I set 2FA up several months ago with Fidelity. It worked correctly for a while but then it just stopped. I had it set up to call me with the one-time passcode but now when I enter my username and password it lets me right into my Fidelity.com account. I have never once had an issue where my Vanguard account let me in without requiring the one-time passcode.

Today I called into Fidelity to see if they could figure out what the issue was and all they could think to do was reset the authentication. They said that should fix it but I went back in after the call and it still allowed me into the account without the passcode. My security setting on the website says I have 2FA activated anytime I check it so I am not sure what to do next to get it working again.

I don't know if these factors mean anything but I always use the same computer, a MacBook, to access my account and I always use Chrome as the browser.

Any suggestions?

Thanks!

Joe
Joe,

I've never had such experience. Did you check that 2FA is enabled?
You can see 2FA setting in Security Center:

https://digital.fidelity.com/ftgw/digit ... board/view

Extra login security
2-Factor Authentication at Login: ON

It is highly recommended to enable app soft token instead of SMS for 2FA.
Follow instruction on this page: https://www.fidelity.com/security/soft-tokens/overview
User avatar
VictorStarr
Posts: 746
Joined: Sat Jan 04, 2020 9:13 pm
Location: Washington

Re: Issues with Fidelity Two-Factor Authentication (2FA)

Post by VictorStarr »

careerdata wrote: Sat Oct 16, 2021 11:32 pm I was using 2FA via SMS. Is the Symantec app something that provides ever better security? We have just over $1 million in our 401(k)s and Roth IRAs split between Fidelity and Vanguard and that is most of our current net worth so the more security the better. We still rent so most of our remaining net worth is in our Bank of America savings account, which I do not believe has 2FA currently, but I will see if we can get that added as well to make things even tighter.
Yes, 2FA with software token provides way better security than SMS.
The same Symantec authenticator app is used by Fidelity, Schwab and E*Trade, and it is very simple to use.
User avatar
anon_investor
Posts: 15111
Joined: Mon Jun 03, 2019 1:43 pm

Re: Issues with Fidelity Two-Factor Authentication (2FA)

Post by anon_investor »

careerdata wrote: Sat Oct 16, 2021 11:32 pm
anon_investor wrote: Sat Oct 16, 2021 8:12 pm
careerdata wrote: Sat Oct 16, 2021 7:02 pm Has anyone had an issue with Fidelity's two-factor authentication (2FA) not working? I set 2FA up several months ago with Fidelity. It worked correctly for a while but then it just stopped. I had it set up to call me with the one-time passcode but now when I enter my username and password it lets me right into my Fidelity.com account. I have never once had an issue where my Vanguard account let me in without requiring the one-time passcode.

Today I called into Fidelity to see if they could figure out what the issue was and all they could think to do was reset the authentication. They said that should fix it but I went back in after the call and it still allowed me into the account without the passcode. My security setting on the website says I have 2FA activated anytime I check it so I am not sure what to do next to get it working again.

I don't know if these factors mean anything but I always use the same computer, a MacBook, to access my account and I always use Chrome as the browser.

Any suggestions?

Thanks!

Joe
Are you using 2FA via SMS or the Symantec VIP Access app?
I was using 2FA via SMS. Is the Symantec app something that provides ever better security? We have just over $1 million in our 401(k)s and Roth IRAs split between Fidelity and Vanguard and that is most of our current net worth so the more security the better. We still rent so most of our remaining net worth is in our Bank of America savings account, which I do not believe has 2FA currently, but I will see if we can get that added as well to make things even tighter.

Thanks!

Joe
Yes 2FA with the Symantec VIP app is much more.secure than via SMS. It is free, you just have to install the app and call Fidelity to set it up. Bank of America does have 2FA via SMS, which you should ensure is enabled.
classicindexer
Posts: 207
Joined: Tue Apr 09, 2019 10:43 am

Re: Issues with Fidelity Two-Factor Authentication (2FA)

Post by classicindexer »

careerdata wrote: Sat Oct 16, 2021 11:32 pm
anon_investor wrote: Sat Oct 16, 2021 8:12 pm
careerdata wrote: Sat Oct 16, 2021 7:02 pm Has anyone had an issue with Fidelity's two-factor authentication (2FA) not working? I set 2FA up several months ago with Fidelity. It worked correctly for a while but then it just stopped. I had it set up to call me with the one-time passcode but now when I enter my username and password it lets me right into my Fidelity.com account. I have never once had an issue where my Vanguard account let me in without requiring the one-time passcode.

Today I called into Fidelity to see if they could figure out what the issue was and all they could think to do was reset the authentication. They said that should fix it but I went back in after the call and it still allowed me into the account without the passcode. My security setting on the website says I have 2FA activated anytime I check it so I am not sure what to do next to get it working again.

I don't know if these factors mean anything but I always use the same computer, a MacBook, to access my account and I always use Chrome as the browser.

Any suggestions?

Thanks!

Joe
Are you using 2FA via SMS or the Symantec VIP Access app?
I was using 2FA via SMS. Is the Symantec app something that provides ever better security? We have just over $1 million in our 401(k)s and Roth IRAs split between Fidelity and Vanguard and that is most of our current net worth so the more security the better. We still rent so most of our remaining net worth is in our Bank of America savings account, which I do not believe has 2FA currently, but I will see if we can get that added as well to make things even tighter.

Thanks!

Joe
Yes 2FA apps are more secure than using SMS for 2FA codes. If you change 2FA at Fidelity to Symantec VIP the remember this computer option goes away. You will have to enter the code from the Symantec VIP app every time you login to the Fidelity web site or when you access the Fidelity mobile app on a phone.
User avatar
oldcomputerguy
Moderator
Posts: 17878
Joined: Sun Nov 22, 2015 5:50 am
Location: Tennessee

Re: Issues with Fidelity Two-Factor Authentication (2FA)

Post by oldcomputerguy »

careerdata wrote: Sat Oct 16, 2021 11:32 pmI was using 2FA via SMS. Is the Symantec app something that provides ever better security?
Fidelity: 2-factor authentication by VIP Access

As others have noted here, yes, the VIP Access app provides better security. SMS 2FA is widely known to be vulnerable to a SIM swap attack.

SIM Swap Attacks are making SMS Two-Factor Authentication Obsolete

I use the VIP Access app for our Fidelity accounts. The app is associated with your particular username and password. In our case, my wife and I each have logins (since we each have IRA accounts at Fidelity), so we have two instances of the app running, one on my phone and one on her iPad. My app install on my iPhone is tied to my login, hers on her iPad is tied to her login. We've used the app for years and have never had an issue.
There is only one success - to be able to spend your life in your own way. (Christopher Morley)
Blanco 5.0
Posts: 16
Joined: Sat Oct 09, 2021 6:52 am

Re: Issues with Fidelity Two-Factor Authentication (2FA)

Post by Blanco 5.0 »

OK, I am not particularly computer literate. I am a Vanguard customer and don't want my account to be hacked. I use a 20 digit password that was randomly generated via Norton Security. Moreover, I use a Yubikey dongle connected to my Mac to authenticate each time I log into the account.

What else do i need to do?
Topic Author
careerdata
Posts: 329
Joined: Sat Sep 09, 2017 7:12 pm

Re: Issues with Fidelity Two-Factor Authentication (2FA)

Post by careerdata »

anon_investor wrote: Sun Oct 17, 2021 3:12 am
careerdata wrote: Sat Oct 16, 2021 11:32 pm
anon_investor wrote: Sat Oct 16, 2021 8:12 pm
careerdata wrote: Sat Oct 16, 2021 7:02 pm Has anyone had an issue with Fidelity's two-factor authentication (2FA) not working? I set 2FA up several months ago with Fidelity. It worked correctly for a while but then it just stopped. I had it set up to call me with the one-time passcode but now when I enter my username and password it lets me right into my Fidelity.com account. I have never once had an issue where my Vanguard account let me in without requiring the one-time passcode.

Today I called into Fidelity to see if they could figure out what the issue was and all they could think to do was reset the authentication. They said that should fix it but I went back in after the call and it still allowed me into the account without the passcode. My security setting on the website says I have 2FA activated anytime I check it so I am not sure what to do next to get it working again.

I don't know if these factors mean anything but I always use the same computer, a MacBook, to access my account and I always use Chrome as the browser.

Any suggestions?

Thanks!

Joe
Are you using 2FA via SMS or the Symantec VIP Access app?
I was using 2FA via SMS. Is the Symantec app something that provides ever better security? We have just over $1 million in our 401(k)s and Roth IRAs split between Fidelity and Vanguard and that is most of our current net worth so the more security the better. We still rent so most of our remaining net worth is in our Bank of America savings account, which I do not believe has 2FA currently, but I will see if we can get that added as well to make things even tighter.

Thanks!

Joe
Yes 2FA with the Symantec VIP app is much more.secure than via SMS. It is free, you just have to install the app and call Fidelity to set it up. Bank of America does have 2FA via SMS, which you should ensure is enabled.
Thank you! I did look briefly at the Bank of America web site and it wasn't the easiest for me to pick out the 2FA via SMS option but I will take a closer look. I am sure it is there somewhere but I just had a crazy busy week at work.

Joe
User avatar
anon_investor
Posts: 15111
Joined: Mon Jun 03, 2019 1:43 pm

Re: Issues with Fidelity Two-Factor Authentication (2FA)

Post by anon_investor »

careerdata wrote: Sat Oct 23, 2021 1:31 pm
anon_investor wrote: Sun Oct 17, 2021 3:12 am
careerdata wrote: Sat Oct 16, 2021 11:32 pm
anon_investor wrote: Sat Oct 16, 2021 8:12 pm
careerdata wrote: Sat Oct 16, 2021 7:02 pm Has anyone had an issue with Fidelity's two-factor authentication (2FA) not working? I set 2FA up several months ago with Fidelity. It worked correctly for a while but then it just stopped. I had it set up to call me with the one-time passcode but now when I enter my username and password it lets me right into my Fidelity.com account. I have never once had an issue where my Vanguard account let me in without requiring the one-time passcode.

Today I called into Fidelity to see if they could figure out what the issue was and all they could think to do was reset the authentication. They said that should fix it but I went back in after the call and it still allowed me into the account without the passcode. My security setting on the website says I have 2FA activated anytime I check it so I am not sure what to do next to get it working again.

I don't know if these factors mean anything but I always use the same computer, a MacBook, to access my account and I always use Chrome as the browser.

Any suggestions?

Thanks!

Joe
Are you using 2FA via SMS or the Symantec VIP Access app?
I was using 2FA via SMS. Is the Symantec app something that provides ever better security? We have just over $1 million in our 401(k)s and Roth IRAs split between Fidelity and Vanguard and that is most of our current net worth so the more security the better. We still rent so most of our remaining net worth is in our Bank of America savings account, which I do not believe has 2FA currently, but I will see if we can get that added as well to make things even tighter.

Thanks!

Joe
Yes 2FA with the Symantec VIP app is much more.secure than via SMS. It is free, you just have to install the app and call Fidelity to set it up. Bank of America does have 2FA via SMS, which you should ensure is enabled.
Thank you! I did look briefly at the Bank of America web site and it wasn't the easiest for me to pick out the 2FA via SMS option but I will take a closer look. I am sure it is there somewhere but I just had a crazy busy week at work.

Joe
It is under "Profile & Settings" and then under "Security Center", thought it appears that 2FA is always on for me, it can't be turned off, though I can have it do it for every login or only for unrecognized devices.
Topic Author
careerdata
Posts: 329
Joined: Sat Sep 09, 2017 7:12 pm

Re: Issues with Fidelity Two-Factor Authentication (2FA)

Post by careerdata »

oldcomputerguy wrote: Sun Oct 17, 2021 7:40 am
careerdata wrote: Sat Oct 16, 2021 11:32 pmI was using 2FA via SMS. Is the Symantec app something that provides ever better security?
Fidelity: 2-factor authentication by VIP Access

As others have noted here, yes, the VIP Access app provides better security. SMS 2FA is widely known to be vulnerable to a SIM swap attack.

SIM Swap Attacks are making SMS Two-Factor Authentication Obsolete

I use the VIP Access app for our Fidelity accounts. The app is associated with your particular username and password. In our case, my wife and I each have logins (since we each have IRA accounts at Fidelity), so we have two instances of the app running, one on my phone and one on her iPad. My app install on my iPhone is tied to my login, hers on her iPad is tied to her login. We've used the app for years and have never had an issue.
Thank you so much for sharing your experience and providing the links! I have not ever accessed our Fidelity or Vanguard accounts from our iPhones or our iPads. We just invest in index funds from our respective employer's payrolls and once a year we make Roth IRA contributions so not a lot of account access currently. I do, however, check our accounts at least every Saturday to document the values for a quick-and-dirty net worth snapshot and to also look at any transactions that occurred, mostly did our 401(k) payroll contributions get invested as expected, as we are both on biweekly payroll schedules but alternating so a 401(k) contribution is made every Friday in one of our accounts.

Once my wife passes her NCLEX and begins work as a full-time nurse we are hoping to build up our brokerage account with whatever is left from her paycheck after she defers up to the full match on her 401(k). As a result, there will likely be more interaction with the Fidelity brokerage account in the future. Maybe then we will consider downloading the Fidelity app on our iPhones but we probably need to upgrade the phones first. We are both using older iPhones: I am using iPhone 6 Plus and she is using iPhone 6s. I think my wife said previously that even if I wanted to download the Fidelity app that my iPhone was likely too old and would not be supported by Fidelity! Hopefully, the newer phones will be even more secure than what we have today.

I have our two Vanguard accounts now set up for 2FA with SMS. I selected the option to require a passcode on every login as opposed to only when Vanguard did not recognize the computer we are using. It doesn't look like the Fidelity equivalent of VIP Access is currently available with Vanguard 401(k) accounts.

Regards,

Joe
Topic Author
careerdata
Posts: 329
Joined: Sat Sep 09, 2017 7:12 pm

Re: Issues with Fidelity Two-Factor Authentication (2FA)

Post by careerdata »

anon_investor wrote: Sat Oct 23, 2021 1:36 pm
careerdata wrote: Sat Oct 23, 2021 1:31 pm
anon_investor wrote: Sun Oct 17, 2021 3:12 am
careerdata wrote: Sat Oct 16, 2021 11:32 pm
anon_investor wrote: Sat Oct 16, 2021 8:12 pm

Are you using 2FA via SMS or the Symantec VIP Access app?
I was using 2FA via SMS. Is the Symantec app something that provides ever better security? We have just over $1 million in our 401(k)s and Roth IRAs split between Fidelity and Vanguard and that is most of our current net worth so the more security the better. We still rent so most of our remaining net worth is in our Bank of America savings account, which I do not believe has 2FA currently, but I will see if we can get that added as well to make things even tighter.

Thanks!

Joe
Yes 2FA with the Symantec VIP app is much more.secure than via SMS. It is free, you just have to install the app and call Fidelity to set it up. Bank of America does have 2FA via SMS, which you should ensure is enabled.
Thank you! I did look briefly at the Bank of America web site and it wasn't the easiest for me to pick out the 2FA via SMS option but I will take a closer look. I am sure it is there somewhere but I just had a crazy busy week at work.

Joe
It is under "Profile & Settings" and then under "Security Center", thought it appears that 2FA is always on for me, it can't be turned off, though I can have it do it for every login or only for unrecognized devices.
Thank you! I just set it up and tested it a couple of times. The first time it called me back there was no voice for 40 seconds and then I was told to request another passcode but the next two attempts were faster and cleaner as far as the call back to me and how quickly the passcode was provided. It is nice in that it gives you the option to have a phone call or text sent and you can select either phone number that is set up for our account--mine or my wife's--so either of us can check the account as long as we have our phones handy.

Thanks again!

Joe
User avatar
oldcomputerguy
Moderator
Posts: 17878
Joined: Sun Nov 22, 2015 5:50 am
Location: Tennessee

Re: Issues with Fidelity Two-Factor Authentication (2FA)

Post by oldcomputerguy »

careerdata wrote: Sat Oct 23, 2021 2:18 pm Thank you so much for sharing your experience and providing the links! I have not ever accessed our Fidelity or Vanguard accounts from our iPhones or our iPads.
Neither do I. The Symantec app runs on the device, and provides the code you need to log in. Once it's set up and connected to your account on the Fidelity end, you'll need the code provided by the app to log in to your account regardless of whether you're accessing your account from the Fidelity app or from a desktop computer's browser.
There is only one success - to be able to spend your life in your own way. (Christopher Morley)
chance
Posts: 152
Joined: Mon Jun 11, 2007 9:55 pm

Re: Issues with Fidelity Two-Factor Authentication (2FA)

Post by chance »

One time I had problems receiving the codes from Fidelity's 2FA but I think it was a problem on my end with push notifications (just needed to turn my phone to airplane mode and then back on to get it working).

But having said that I really don't like Fidelity's overall security compared to Vanguard. With Fidelity after I enter my username and password I get prompted for how I want to receive a code (by text or email). Neither of these options is ideal and I don't want to be asked. It should automatically default to your set preference. Also with Vanguard I have registered a security key which is much more secure. Finally, when I get logged into Fidelity I don't see a time of last login anywhere like I do at Vanguard. I feel this provides some additional assurance that no one has logged into the account since my last login.
User avatar
anon_investor
Posts: 15111
Joined: Mon Jun 03, 2019 1:43 pm

Re: Issues with Fidelity Two-Factor Authentication (2FA)

Post by anon_investor »

chance wrote: Sat Oct 23, 2021 9:59 pm One time I had problems receiving the codes from Fidelity's 2FA but I think it was a problem on my end with push notifications (just needed to turn my phone to airplane mode and then back on to get it working).

But having said that I really don't like Fidelity's overall security compared to Vanguard. With Fidelity after I enter my username and password I get prompted for how I want to receive a code (by text or email). Neither of these options is ideal and I don't want to be asked. It should automatically default to your set preference. Also with Vanguard I have registered a security key which is much more secure. Finally, when I get logged into Fidelity I don't see a time of last login anywhere like I do at Vanguard. I feel this provides some additional assurance that no one has logged into the account since my last login.
With Fidelity you should really use the authenticator app versus SMS 2FA. It feels more secure than Vanguard, which you can bypass the security key by logging in via the mobile app, where it defaults back to SMS 2FA. So if a bad guy does a sim swap and has your login, they can get into your Vanguard account via the mobile app. At least with Fidelity if you use the authenticator app (Symantec VIP), then bad guys can't defeat 2FA with a sim swap.
chance
Posts: 152
Joined: Mon Jun 11, 2007 9:55 pm

Re: Issues with Fidelity Two-Factor Authentication (2FA)

Post by chance »

anon_investor wrote: Sat Oct 23, 2021 10:05 pm
chance wrote: Sat Oct 23, 2021 9:59 pm One time I had problems receiving the codes from Fidelity's 2FA but I think it was a problem on my end with push notifications (just needed to turn my phone to airplane mode and then back on to get it working).

But having said that I really don't like Fidelity's overall security compared to Vanguard. With Fidelity after I enter my username and password I get prompted for how I want to receive a code (by text or email). Neither of these options is ideal and I don't want to be asked. It should automatically default to your set preference. Also with Vanguard I have registered a security key which is much more secure. Finally, when I get logged into Fidelity I don't see a time of last login anywhere like I do at Vanguard. I feel this provides some additional assurance that no one has logged into the account since my last login.
With Fidelity you should really use the authenticator app versus SMS 2FA. It feels more secure than Vanguard, which you can bypass the security key by logging in via the mobile app, where it defaults back to SMS 2FA. So if a bad guy does a sim swap and has your login, they can get into your Vanguard account via the mobile app. At least with Fidelity if you use the authenticator app (Symantec VIP), then bad guys can't defeat 2FA with a sim swap.
I really wish Fidelity would just use a security key or at least support other authenticator apps like Google Authenticator. I don't want to have to install another separate app. Or would the Symantec app also support other common sites that use authenticators for 2FA in which case I could delete the Google Authenticator?
User avatar
anon_investor
Posts: 15111
Joined: Mon Jun 03, 2019 1:43 pm

Re: Issues with Fidelity Two-Factor Authentication (2FA)

Post by anon_investor »

chance wrote: Sat Oct 23, 2021 10:26 pm
anon_investor wrote: Sat Oct 23, 2021 10:05 pm
chance wrote: Sat Oct 23, 2021 9:59 pm One time I had problems receiving the codes from Fidelity's 2FA but I think it was a problem on my end with push notifications (just needed to turn my phone to airplane mode and then back on to get it working).

But having said that I really don't like Fidelity's overall security compared to Vanguard. With Fidelity after I enter my username and password I get prompted for how I want to receive a code (by text or email). Neither of these options is ideal and I don't want to be asked. It should automatically default to your set preference. Also with Vanguard I have registered a security key which is much more secure. Finally, when I get logged into Fidelity I don't see a time of last login anywhere like I do at Vanguard. I feel this provides some additional assurance that no one has logged into the account since my last login.
With Fidelity you should really use the authenticator app versus SMS 2FA. It feels more secure than Vanguard, which you can bypass the security key by logging in via the mobile app, where it defaults back to SMS 2FA. So if a bad guy does a sim swap and has your login, they can get into your Vanguard account via the mobile app. At least with Fidelity if you use the authenticator app (Symantec VIP), then bad guys can't defeat 2FA with a sim swap.
I really wish Fidelity would just use a security key or at least support other authenticator apps like Google Authenticator. I don't want to have to install another separate app. Or would the Symantec app also support other common sites that use authenticators for 2FA in which case I could delete the Google Authenticator?
It can be used at a lot of other websites, you can find a list on the Symantec Vip website: https://vip.symantec.com/
User avatar
VictorStarr
Posts: 746
Joined: Sat Jan 04, 2020 9:13 pm
Location: Washington

Re: Issues with Fidelity Two-Factor Authentication (2FA)

Post by VictorStarr »

chance wrote: Sat Oct 23, 2021 10:26 pm I really wish Fidelity would just use a security key or at least support other authenticator apps like Google Authenticator. I don't want to have to install another separate app. Or would the Symantec app also support other common sites that use authenticators for 2FA in which case I could delete the Google Authenticator?
- Symantec VIP is used by a number of financial sites including Fidelity, Schwab, and E*Trade. The VIP app is ergonomic and easy to use.
- You can use Google Authenticator (or Authy) instead of Symantec VIP, here are instructions: https://locima.com/2019/06/01/replacing ... -totp-app/ but it is out of reach for majority of people
- Different systems require different authenticator apps, I have four installed on my phone. It is better to accept the reality and have an extra app installed.
Topic Author
careerdata
Posts: 329
Joined: Sat Sep 09, 2017 7:12 pm

Re: Issues with Fidelity Two-Factor Authentication (2FA)

Post by careerdata »

oldcomputerguy wrote: Sun Oct 17, 2021 7:40 am
careerdata wrote: Sat Oct 16, 2021 11:32 pmI was using 2FA via SMS. Is the Symantec app something that provides ever better security?
Fidelity: 2-factor authentication by VIP Access

As others have noted here, yes, the VIP Access app provides better security. SMS 2FA is widely known to be vulnerable to a SIM swap attack.

SIM Swap Attacks are making SMS Two-Factor Authentication Obsolete

I use the VIP Access app for our Fidelity accounts. The app is associated with your particular username and password. In our case, my wife and I each have logins (since we each have IRA accounts at Fidelity), so we have two instances of the app running, one on my phone and one on her iPad. My app install on my iPhone is tied to my login, hers on her iPad is tied to her login. We've used the app for years and have never had an issue.
Thank you for the links and helpful advice! Before I complete the setup for VIP Access with Fidelity do you know if this will cause an issue with the Fidelity planning tool that allows you to link outside accounts using eMoney? I wanted to create one location where I could look at our net worth weekly and also have a location that my wife could access in case something ever happened to me. I now have linked to the Fidelity planning software our Vanguard 401(k) accounts, my wife's student loans from nursing school, and our joint Bank of America checking and savings accounts. If we purchase a home in the future it looks like I could link the mortgage to the planning tool as well.

Regards,

Joe
User avatar
oldcomputerguy
Moderator
Posts: 17878
Joined: Sun Nov 22, 2015 5:50 am
Location: Tennessee

Re: Issues with Fidelity Two-Factor Authentication (2FA)

Post by oldcomputerguy »

careerdata wrote: Sun Oct 24, 2021 3:46 pm Thank you for the links and helpful advice! Before I complete the setup for VIP Access with Fidelity do you know if this will cause an issue with the Fidelity planning tool that allows you to link outside accounts using eMoney?
I'm sorry, I don't know the impact of VIP Access use on that (if any), as I don't use eMoney or any other account aggregator. I believe some here do, and might be able to answer your question.
There is only one success - to be able to spend your life in your own way. (Christopher Morley)
Post Reply