Yubikey only at Vanguard now possible.

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
Post Reply
Topic Author
pragmatist
Posts: 31
Joined: Sat Sep 10, 2016 8:46 pm

Yubikey only at Vanguard now possible.

Post by pragmatist »

Hello everyone,

Today I was able to disable security codes via SMS/Phone call while continuing to use the enrolled Yubikey security keys. It appears they listened to us. You can disable security codes by going to my accounts -> profile & settings -> security code and disabling there. Enjoy the increased security!

Edited to add:

Yubikeys are physical security keys that provide a second factor for login authentication similar to receiving a text message with a code. They connect via USB ports or NFC. Vanguard uses the universal second factor (FIDO U2F) function of the keys which is widely considered to represent the highest standard of 2-factor authentication. At Vanguard, one enters their username and password, and then inserts the yubikey into a USB port, touches the key, and is then logged in. Previously, one had to enroll in security codes via SMS or phone call as a backup to the security key option, which defeats the purpose of the higher security provided by the keys.

If anyone wants to explain further or correct me, please feel free since I am no expert.

pragmatist
Last edited by pragmatist on Thu May 27, 2021 7:02 am, edited 1 time in total.
grok87
Posts: 10512
Joined: Tue Feb 27, 2007 8:00 pm

Re: Yubikey only at Vanguard now possible.

Post by grok87 »

pragmatist wrote: Thu May 27, 2021 6:38 am Hello everyone,

Today I was able to disable security codes via SMS/Phone call while continuing to use the enrolled Yubikey security keys. It appears they listened to us. You can disable security codes by going to my accounts -> profile & settings -> security code and disabling there. Enjoy the increased security!

pragmatist
thanks pragmatist.
perhaps you can do an ELI5 (explain it like i'm 5 years old) for everyone. What is a yubikey, how does it work at Vanguard (now).
cheers,
grok
RIP Mr. Bogle.
User avatar
RickBoglehead
Posts: 7877
Joined: Wed Feb 14, 2018 8:10 am
Location: In a house

Re: Yubikey only at Vanguard now possible.

Post by RickBoglehead »

If true, amazing that they wouldn't communicate that...
Avid user of forums on variety of interests-financial, home brewing, F-150, EV, home repair, etc. Enjoy learning & passing on knowledge. It's PRINCIPAL, not PRINCIPLE. I ADVISE you to seek ADVICE.
User avatar
anon_investor
Posts: 15122
Joined: Mon Jun 03, 2019 1:43 pm

Re: Yubikey only at Vanguard now possible.

Post by anon_investor »

I would perfect Vanguard would allow for the use of an authenticator app.
User avatar
southerndoc
Posts: 1266
Joined: Wed Apr 22, 2009 7:07 pm
Location: Atlanta

Re: Yubikey only at Vanguard now possible.

Post by southerndoc »

This is a great find! Vanguard should make this information better known. They may not want to though because if someone loses access to their Yubikey, they'll have to call Vanguard to restore access.
User avatar
southerndoc
Posts: 1266
Joined: Wed Apr 22, 2009 7:07 pm
Location: Atlanta

Re: Yubikey only at Vanguard now possible.

Post by southerndoc »

RickBoglehead wrote: Thu May 27, 2021 6:45 am If true, amazing that they wouldn't communicate that...
It's true. I just went through and did it. When I logged back in, it didn't give me an option to get a security code. Yubikey was my only option.
mhlambert
Posts: 39
Joined: Fri Jan 25, 2013 12:31 pm

Re: Yubikey only at Vanguard now possible.

Post by mhlambert »

Can you register more than one YubiKey?
Topic Author
pragmatist
Posts: 31
Joined: Sat Sep 10, 2016 8:46 pm

Re: Yubikey only at Vanguard now possible.

Post by pragmatist »

mhlambert wrote: Thu May 27, 2021 10:51 am Can you register more than one YubiKey?
Up to four keys
rebellovw
Posts: 1748
Joined: Tue Aug 16, 2016 4:30 pm

Re: Yubikey only at Vanguard now possible.

Post by rebellovw »

Please Fidelity - do the same thing! I have yubikeys ready to go.
Dottie57
Posts: 12379
Joined: Thu May 19, 2016 5:43 pm
Location: Earth Northern Hemisphere

Re: Yubikey only at Vanguard now possible.

Post by Dottie57 »

rebellovw wrote: Thu May 27, 2021 10:54 am Please Fidelity - do the same thing! I have yubikeys ready to go.
I cannot find any reference to yubikey at Fidelity. They did offer it several years ago. I would feel better with yubikey as security.
prd1982
Posts: 1786
Joined: Sun Jan 08, 2017 3:43 pm

Re: Yubikey only at Vanguard now possible.

Post by prd1982 »

Does anyone know if Quicken downloads work with Yubikey enabled? I saw the question asked several times, but no answer. Thanks
MarkBarb
Posts: 908
Joined: Mon Aug 03, 2009 11:59 am

Re: Yubikey only at Vanguard now possible.

Post by MarkBarb »

grok87 wrote: Thu May 27, 2021 6:44 am
pragmatist wrote: Thu May 27, 2021 6:38 am Hello everyone,

Today I was able to disable security codes via SMS/Phone call while continuing to use the enrolled Yubikey security keys. It appears they listened to us. You can disable security codes by going to my accounts -> profile & settings -> security code and disabling there. Enjoy the increased security!

pragmatist
thanks pragmatist.
perhaps you can do an ELI5 (explain it like i'm 5 years old) for everyone. What is a yubikey, how does it work at Vanguard (now).
cheers,
grok
Are you familiar with 2-factor authentication? The concept is that, in order to access you account, you need 2 security "factors". They are usually something I know (a password) and something I have. The something I have part can come in many forms. The most common is using a cell phone for the second factor. The brokerage sends a text message with a code to your phone and you reply with the code. The problem is that text messages can be intercepted by someone that doesn't actually have the phone.

There are several alternatives to text messages that people use. One is to run an app on your phone called an Authenticator. Another method is use a small hardware key, like a Yubikey.

A Yubikey is a little device that you can plug into your computer's USB slot. Newer ones can also connect to your phone just by putting it near the back of your phone. The Yubikey confirms that you are who you say you are. This way, if someone steals or cracks your password, they still can't get in because they don't have your key.

In the past, Vanguard let you use a Yubikey as the second factor, but they also let you log in using text messages on your phone as a second factor. Because the text message approach isn't very secure, there wasn't much benefit to using a YubiKey. It would be like putting two locks on your door - one that was weak and one that was strong, but either will let you in. Vanguard did that (I presume) because they didn't want to deal with people loosing their Yubikey. If someone loses their phone, it's easy to replace. You can't replace a Yubikey.

If you want the best security, get a Yubikey. To be safe, get multiple keys so that you can still get in if you lose one. I keep one on me and one at home. My wife also has a pair. All four are keyed to our account. Use them to secure your brokerage account and your e-mail account.

Alternatively, you can use an Authenticator app. In broad terms, it converts your phone/computer into something like a Yubikey. It's more convenient, free, and slightly less secure.
Gaston
Posts: 1220
Joined: Wed Aug 21, 2013 7:12 pm

Re: Yubikey only at Vanguard now possible.

Post by Gaston »

MarkBarb wrote: Thu May 27, 2021 12:42 pm Alternatively, you can use an Authenticator app. In broad terms, it converts your phone/computer into something like a Yubikey. It's more convenient, free, and slightly less secure.
I did not know Vanguard supports the use of an authenticator app. Is this a new feature?
“My opinions are just that - opinions.”
Tex
Posts: 203
Joined: Sat Aug 07, 2010 11:19 am

Re: Yubikey only at Vanguard now possible.

Post by Tex »

They don’t support Authenticator apps. I think he was just comparing 2FA options, in general.
Gaston
Posts: 1220
Joined: Wed Aug 21, 2013 7:12 pm

Re: Yubikey only at Vanguard now possible.

Post by Gaston »

That’s a pity. I much prefer an Authenticator app to an SMS message.
“My opinions are just that - opinions.”
User avatar
kevinf
Posts: 848
Joined: Mon Aug 05, 2019 11:35 pm

Re: Yubikey only at Vanguard now possible.

Post by kevinf »

Good to hear, but my SMS account is a hardware token protected (different from the one used at Vanguard) Google Voice account, so I don't mind keeping that as a backup. Great news for everyone vulnerable to SMS hijacking though!
User avatar
StevieG72
Posts: 2214
Joined: Wed Feb 05, 2014 8:00 pm

Re: Yubikey only at Vanguard now possible.

Post by StevieG72 »

So I got a Yubikey recently and since I received it get this error at Vangaurd!?

'Security key service is temporarily unavailable. Please try again.'

Anyone else having issues?
Fools think their own way is right, but the wise listen to others.
User avatar
kevinf
Posts: 848
Joined: Mon Aug 05, 2019 11:35 pm

Re: Yubikey only at Vanguard now possible.

Post by kevinf »

Lately it's been dropping me back onto the log on screen after validating my key, but using the bookmarks I have to enter the site works to get me past the login once authed.
JohnFiscal
Posts: 1113
Joined: Mon Jan 06, 2014 3:28 pm
Location: US citizen now retired in Canada. Subject to income tax in both.

Re: Yubikey only at Vanguard now possible.

Post by JohnFiscal »

StevieG72 wrote: Thu May 27, 2021 6:14 pm So I got a Yubikey recently and since I received it get this error at Vangaurd!?

'Security key service is temporarily unavailable. Please try again.'

Anyone else having issues?
I've used Yubi keys with Vanguard for a number of years now. Only one time did I get the message you indicate. It only affected the log-in using the keys (other means of logging in were available). The "outage" lasted only for part of an evening, a few hours. Still was worrisome. But it was only that one time, for me.

Edit: it is working fine right now for me.
User avatar
warowits
Posts: 505
Joined: Tue Sep 29, 2015 2:38 am

Re: Yubikey only at Vanguard now possible.

Post by warowits »

What do you do if you lose your Yubikey, and how are thieves prevented from doing the same thing?
Makefile
Posts: 2657
Joined: Fri Apr 22, 2016 11:03 pm

Re: Yubikey only at Vanguard now possible.

Post by Makefile »

warowits wrote: Thu May 27, 2021 7:16 pm What do you do if you lose your Yubikey, and how are thieves prevented from doing the same thing?
I assume the "break glass in emergency" option is to call Vanguard and have your online account deleted and everything turned back to paper statements and confirmations, as would be for an account that had been opened by mail or by phone. Then, you could create an online account again. I would think (hope?) that the "create a new online account for a Vanguard account where online access was recently deleted" process is more stringent, possibly involving mailing something to you to authenticate you.
User avatar
StevieG72
Posts: 2214
Joined: Wed Feb 05, 2014 8:00 pm

Re: Yubikey only at Vanguard now possible.

Post by StevieG72 »

JohnFiscal wrote: Thu May 27, 2021 7:09 pm
StevieG72 wrote: Thu May 27, 2021 6:14 pm So I got a Yubikey recently and since I received it get this error at Vangaurd!?

'Security key service is temporarily unavailable. Please try again.'

Anyone else having issues?
I've used Yubi keys with Vanguard for a number of years now. Only one time did I get the message you indicate. It only affected the log-in using the keys (other means of logging in were available). The "outage" lasted only for part of an evening, a few hours. Still was worrisome. But it was only that one time, for me.

Edit: it is working fine right now for me.
So it was operator error! I was using a special character to name my security key, they are not allowed. I am set up now with security key required, no 2FA!
Fools think their own way is right, but the wise listen to others.
User avatar
StevieG72
Posts: 2214
Joined: Wed Feb 05, 2014 8:00 pm

Re: Yubikey only at Vanguard now possible.

Post by StevieG72 »

warowits wrote: Thu May 27, 2021 7:16 pm What do you do if you lose your Yubikey, and how are thieves prevented from doing the same thing?
I am assuming you would have to call Vangaurd, verify your identity and have them delete security key. "At Vangaurd, my voice is my password."
Fools think their own way is right, but the wise listen to others.
Blue456
Posts: 2152
Joined: Tue Jun 04, 2019 5:46 am

Re: Yubikey only at Vanguard now possible.

Post by Blue456 »

StevieG72 wrote: Thu May 27, 2021 7:26 pm
warowits wrote: Thu May 27, 2021 7:16 pm What do you do if you lose your Yubikey, and how are thieves prevented from doing the same thing?
I am assuming you would have to call Vangaurd, verify your identity and have them delete security key. "At Vangaurd, my voice is my password."
And how secure is that?
User avatar
StevieG72
Posts: 2214
Joined: Wed Feb 05, 2014 8:00 pm

Re: Yubikey only at Vanguard now possible.

Post by StevieG72 »

Good question! Calling Vangaurd for account access will always be an option, so the best we can do is control what we can. I assume the voice verification is pretty secure as they do not ask for any other verification.
Fools think their own way is right, but the wise listen to others.
User avatar
StevieG72
Posts: 2214
Joined: Wed Feb 05, 2014 8:00 pm

Re: Yubikey only at Vanguard now possible.

Post by StevieG72 »

pragmatist wrote: Thu May 27, 2021 6:38 am Hello everyone,

Today I was able to disable security codes via SMS/Phone call while continuing to use the enrolled Yubikey security keys. It appears they listened to us. You can disable security codes by going to my accounts -> profile & settings -> security code and disabling there. Enjoy the increased security!

Edited to add:

Yubikeys are physical security keys that provide a second factor for login authentication similar to receiving a text message with a code. They connect via USB ports or NFC. Vanguard uses the universal second factor (FIDO U2F) function of the keys which is widely considered to represent the highest standard of 2-factor authentication. At Vanguard, one enters their username and password, and then inserts the yubikey into a USB port, touches the key, and is then logged in. Previously, one had to enroll in security codes via SMS or phone call as a backup to the security key option, which defeats the purpose of the higher security provided by the keys.

If anyone wants to explain further or correct me, please feel free since I am no expert.

pragmatist
Thanks for posting this update, this was my ideal setup with Vangaurd, and I can finally utilize this method of access.
Fools think their own way is right, but the wise listen to others.
Blue456
Posts: 2152
Joined: Tue Jun 04, 2019 5:46 am

Re: Yubikey only at Vanguard now possible.

Post by Blue456 »

StevieG72 wrote: Fri May 28, 2021 5:33 am Good question! Calling Vangaurd for account access will always be an option, so the best we can do is control what we can. I assume the voice verification is pretty secure as they do not ask for any other verification.
Can you turn off voice verification and keep SMS verification (very secure with dedicated google phone number).?
nomas
Posts: 50
Joined: Sat Oct 27, 2007 10:15 am

Re: Yubikey only at Vanguard now possible.

Post by nomas »

Blue456 wrote: Fri May 28, 2021 5:42 am
StevieG72 wrote: Fri May 28, 2021 5:33 am Good question! Calling Vangaurd for account access will always be an option, so the best we can do is control what we can. I assume the voice verification is pretty secure as they do not ask for any other verification.
Can you turn off voice verification and keep SMS verification (very secure with dedicated google phone number).?
Yes, you can call Vanguard and ask them to turn off voice verification.

If you haven't do so already, you may want to consider telling the Vanguard rep you want to setup an "enhanced security password". You will be asked for this password whenever you call Vanguard.
grok87
Posts: 10512
Joined: Tue Feb 27, 2007 8:00 pm

Re: Yubikey only at Vanguard now possible.

Post by grok87 »

MarkBarb wrote: Thu May 27, 2021 12:42 pm
grok87 wrote: Thu May 27, 2021 6:44 am
pragmatist wrote: Thu May 27, 2021 6:38 am Hello everyone,

Today I was able to disable security codes via SMS/Phone call while continuing to use the enrolled Yubikey security keys. It appears they listened to us. You can disable security codes by going to my accounts -> profile & settings -> security code and disabling there. Enjoy the increased security!

pragmatist
thanks pragmatist.
perhaps you can do an ELI5 (explain it like i'm 5 years old) for everyone. What is a yubikey, how does it work at Vanguard (now).
cheers,
grok
Are you familiar with 2-factor authentication? The concept is that, in order to access you account, you need 2 security "factors". They are usually something I know (a password) and something I have. The something I have part can come in many forms. The most common is using a cell phone for the second factor. The brokerage sends a text message with a code to your phone and you reply with the code. The problem is that text messages can be intercepted by someone that doesn't actually have the phone.

There are several alternatives to text messages that people use. One is to run an app on your phone called an Authenticator. Another method is use a small hardware key, like a Yubikey.

A Yubikey is a little device that you can plug into your computer's USB slot. Newer ones can also connect to your phone just by putting it near the back of your phone. The Yubikey confirms that you are who you say you are. This way, if someone steals or cracks your password, they still can't get in because they don't have your key.

In the past, Vanguard let you use a Yubikey as the second factor, but they also let you log in using text messages on your phone as a second factor. Because the text message approach isn't very secure, there wasn't much benefit to using a YubiKey. It would be like putting two locks on your door - one that was weak and one that was strong, but either will let you in. Vanguard did that (I presume) because they didn't want to deal with people loosing their Yubikey. If someone loses their phone, it's easy to replace. You can't replace a Yubikey.

If you want the best security, get a Yubikey. To be safe, get multiple keys so that you can still get in if you lose one. I keep one on me and one at home. My wife also has a pair. All four are keyed to our account. Use them to secure your brokerage account and your e-mail account.

Alternatively, you can use an Authenticator app. In broad terms, it converts your phone/computer into something like a Yubikey. It's more convenient, free, and slightly less secure.
thank you
RIP Mr. Bogle.
mptfan
Posts: 7217
Joined: Mon Mar 05, 2007 8:58 am

Re: Yubikey only at Vanguard now possible.

Post by mptfan »

StevieG72 wrote: Thu May 27, 2021 7:23 pmI am set up now with security key required, no 2FA!
A security key is 2FA, by definition. It's the best method of 2FA.
rebellovw
Posts: 1748
Joined: Tue Aug 16, 2016 4:30 pm

Re: Yubikey only at Vanguard now possible.

Post by rebellovw »

warowits wrote: Thu May 27, 2021 7:16 pm What do you do if you lose your Yubikey, and how are thieves prevented from doing the same thing?
Hopefully it is the same as it is with google Advanced Security - a very long process taking a few days to confirm your identity. Certainly not a simple conversation with a call center rep. But who knows. Someone should test it and report back.
QinTX
Posts: 6
Joined: Fri May 28, 2021 8:47 am

Re: Yubikey only at Vanguard now possible.

Post by QinTX »

prd1982 wrote: Thu May 27, 2021 11:11 am Does anyone know if Quicken downloads work with Yubikey enabled? I saw the question asked several times, but no answer. Thanks
Yes they do
QinTX
Posts: 6
Joined: Fri May 28, 2021 8:47 am

Re: Yubikey only at Vanguard now possible.

Post by QinTX »

StevieG72 wrote: Thu May 27, 2021 6:14 pm So I got a Yubikey recently and since I received it get this error at Vangaurd!?

'Security key service is temporarily unavailable. Please try again.'

Anyone else having issues?
I had to delete and re-add when I got that.
QinTX
Posts: 6
Joined: Fri May 28, 2021 8:47 am

Re: Yubikey only at Vanguard now possible.

Post by QinTX »

warowits wrote: Thu May 27, 2021 7:16 pm What do you do if you lose your Yubikey, and how are thieves prevented from doing the same thing?
I have 2, one in a lock box and one I use daily....
rick51
Posts: 196
Joined: Mon Sep 14, 2009 7:33 pm
Location: Maryland

Re: Yubikey only at Vanguard now possible.

Post by rick51 »

To learn more go to Vanguard’s homepage scroll to the very bottom and click on security center and then scroll down to the topic on security keys.

Having read the latest news on Russian hacking
attempts, I’m more concerned about the safety of Vanguard’s computers versus my own.
Topic Author
pragmatist
Posts: 31
Joined: Sat Sep 10, 2016 8:46 pm

Re: Yubikey only at Vanguard now possible.

Post by pragmatist »

I've just learned that turning off the security codes breaks both android apps. Not sure about iPhone. So if you make use of those, you may need to keep the security codes enabled for now. Personally, I'm just going to stop using them.
RubyTuesday
Posts: 2241
Joined: Fri Oct 19, 2012 11:24 am

Re: Yubikey only at Vanguard now possible.

Post by RubyTuesday »

pragmatist wrote: Fri May 28, 2021 11:11 am I've just learned that turning off the security codes breaks both android apps. Not sure about iPhone. So if you make use of those, you may need to keep the security codes enabled for now. Personally, I'm just going to stop using them.
Does this mean using the NFC yubikey is not an option with the Vanguard app?
“Doing nothing is better than being busy doing nothing.” – Lao Tzu
Topic Author
pragmatist
Posts: 31
Joined: Sat Sep 10, 2016 8:46 pm

Re: Yubikey only at Vanguard now possible.

Post by pragmatist »

RubyTuesday wrote: Fri May 28, 2021 11:20 am
Does this mean using the NFC yubikey is not an option with the Vanguard app?
I'm using an old version of android, but no, not that I have seen.
User avatar
BolderBoy
Posts: 6753
Joined: Wed Apr 07, 2010 12:16 pm
Location: Colorado

Re: Yubikey only at Vanguard now possible.

Post by BolderBoy »

StevieG72 wrote: Fri May 28, 2021 5:33 amGood question! Calling Vangaurd for account access will always be an option, so the best we can do is control what we can. I assume the voice verification is pretty secure as they do not ask for any other verification.
Someone posted on the forum a couple of months ago that he set up voice verification with VG then experimented with it by asking his wife to speak into the phone and the verifier allowed his wife into his account. I don't remember the ultimate outcome of that discussion.
"Never underestimate one's capacity to overestimate one's abilities" - The Dunning-Kruger Effect
Silence Dogood
Posts: 1660
Joined: Tue Feb 01, 2011 8:22 pm

Re: Yubikey only at Vanguard now possible.

Post by Silence Dogood »

I recommend that all Bogleheads set this up.
warowits wrote: Thu May 27, 2021 7:16 pm What do you do if you lose your Yubikey, and how are thieves prevented from doing the same thing?
Make sure to have a backup key (Vanguard allows up to 4 keys to be registered)!

If you lose one, sign in with a backup key and "deregister" the lost one. I tested this out and it worked.
User avatar
ThereAreNoGurus
Posts: 970
Joined: Fri Jan 24, 2014 10:41 pm

Re: Yubikey only at Vanguard now possible.

Post by ThereAreNoGurus »

I just clicked the link to register a security key and received a blank page.

Guess I'll have to wait until Monday to talk to a Vanguard person about this.

(And yes, I was logged-in and not timed-out.)
Trade the news and you will lose.
Silence Dogood
Posts: 1660
Joined: Tue Feb 01, 2011 8:22 pm

Re: Yubikey only at Vanguard now possible.

Post by Silence Dogood »

ThereAreNoGurus wrote: Fri Jul 09, 2021 11:43 pm I just clicked the link to register a security key and received a blank page.

Guess I'll have to wait until Monday to talk to a Vanguard person about this.

(And yes, I was logged-in and not timed-out.)
I'm sorry to hear that; It was remarkably easy for me to set up.

Which web browser were you using? Were you able to reach someone at Vanguard?
Normchad
Posts: 5648
Joined: Thu Mar 03, 2011 6:20 am

Re: Yubikey only at Vanguard now possible.

Post by Normchad »

I’m intrigued. So much so that I have ordered one to play with. If I like it, I will use it to secure my gmail and vanguard accounts…..

Given the amount of money at stake, it seems irresponsible not to use strong 2FA on these accounts…..
Dottie57
Posts: 12379
Joined: Thu May 19, 2016 5:43 pm
Location: Earth Northern Hemisphere

Re: Yubikey only at Vanguard now possible.

Post by Dottie57 »

rebellovw wrote: Thu May 27, 2021 10:54 am Please Fidelity - do the same thing! I have yubikeys ready to go.
I used an RSA key generator to login to work remotely. Very secure.
User avatar
ThereAreNoGurus
Posts: 970
Joined: Fri Jan 24, 2014 10:41 pm

Re: Yubikey only at Vanguard now possible.

Post by ThereAreNoGurus »

Silence Dogood wrote: Tue Jul 13, 2021 4:32 pm
ThereAreNoGurus wrote: Fri Jul 09, 2021 11:43 pm I just clicked the link to register a security key and received a blank page.

Guess I'll have to wait until Monday to talk to a Vanguard person about this.

(And yes, I was logged-in and not timed-out.)
I'm sorry to hear that; It was remarkably easy for me to set up.

Which web browser were you using? Were you able to reach someone at Vanguard?
Good questions!

I must say, I was impressed with Vanguard today.

I called around 11:30am, so I figured I would have a long wait before getting a rep, but was connected to a rep in 1 or 2 minutes!

She hadn't run across that error before, so after we talked a bit, tried and failed with a few things, she transferred me to a tech rep. I did not have a long wait... 5 minutes max.

The tech rep also had not seen this problem before. She had some good suggestions to try, such as different browsers, but I was still getting the blank page (using updated Chrome and Edge). Then she had me try an incognito Chrome browser (in desperation... I think... haha) and I got the page!

That really surprised both of us, and she wanted to work with me more to figure out what was going on, such as trying to access Vanguard from my cell phone using the web (not the app). I thought that was an excellent suggestion, but unfortunately I had an appointment coming up, and had to go.

So later today, I tried Edge in their private browser and it worked. Firefox and Brave browsers do not. (Brave's private browser did not work either.) Opera worked just fine in regular mode.

I do have a VPN which perhaps might be messing something up. (I did mention this to both reps). I have been getting the same results whether running a VPN or not.

I might play with this some more to try to figure out what is different among the browsers that's causing this issue, but most importantly, of course, it looks like I should be able to use Yubikeys. (I have some arriving tomorrow.)

By the way, that page is the only page that has that problem. All of the other pages/links on the settings page work fine, such as security code, check-writing, etc.
Trade the news and you will lose.
sycamore
Posts: 6360
Joined: Tue May 08, 2018 12:06 pm

Re: Yubikey only at Vanguard now possible.

Post by sycamore »

ThereAreNoGurus wrote: Tue Jul 13, 2021 9:24 pm ...Then she had me try an incognito Chrome browser (in desperation... I think... haha) and I got the page!
...
Using incognito / private mode in browsers typically has the side effect of turning off all browser extensions. So your description makes me think you might have an ad-blocker extension (like uBlock Origin) installed. The ad-blocker could be inadvertently interfering with how Vanguard login is supposed to work.

In Chrome, browse to chrome://extensions/ to see what extensions you have installed. As a temporary test, turn off any blocker and then try to logon to Vanguard using your Yubikey. If it works, that suggests the ad-blocker is the culprit. And don't forget to turn the ad-blocker back on.

If it is indeed an ad-blocker that's interfering with things, you can still probably get it all to work together. One option is to configure your ad-blocker to not do any blocking for vanguard.com web site pages, or not on the specific login related pages. Another option is to be more selective and only allow certain 3rd party javascript sites to load and run (this option would take some trial and error to figure out).
Invisi8
Posts: 35
Joined: Sat Sep 23, 2017 3:40 pm

Re: Yubikey only at Vanguard now possible.

Post by Invisi8 »

I run Firefox with a script blocker; while Google Mail allows me to use my Yubikey with whitelisting the site, whenever I try to use it through Vanguard it errors and requires me to use SMS instead. I think Vanguard still has some work to do, but I’m glad they’re getting there slowly but surely.
User avatar
ThereAreNoGurus
Posts: 970
Joined: Fri Jan 24, 2014 10:41 pm

Re: Yubikey only at Vanguard now possible.

Post by ThereAreNoGurus »

sycamore wrote: Wed Jul 14, 2021 8:02 am
ThereAreNoGurus wrote: Tue Jul 13, 2021 9:24 pm ...Then she had me try an incognito Chrome browser (in desperation... I think... haha) and I got the page!
...
Using incognito / private mode in browsers typically has the side effect of turning off all browser extensions. So your description makes me think you might have an ad-blocker extension (like uBlock Origin) installed. The ad-blocker could be inadvertently interfering with how Vanguard login is supposed to work.

In Chrome, browse to chrome://extensions/ to see what extensions you have installed. As a temporary test, turn off any blocker and then try to logon to Vanguard using your Yubikey. If it works, that suggests the ad-blocker is the culprit. And don't forget to turn the ad-blocker back on.

If it is indeed an ad-blocker that's interfering with things, you can still probably get it all to work together. One option is to configure your ad-blocker to not do any blocking for vanguard.com web site pages, or not on the specific login related pages. Another option is to be more selective and only allow certain 3rd party javascript sites to load and run (this option would take some trial and error to figure out).
Heh... Nice call! Thanks!

That was it! Turned off the ad blocker for that page and it works. Very strange since there are no pop-ups on that page and every single other page on Vanguard's site works fine. But I know for sure it was the ad-blocker since turning it on and off repeatedly I get consistent results.

That page has no pop-ups and no exotic JS that is different from any other page, unless they are calling in some 3rd party JS or some-such. I didn't do a view source to see whether I can spot anything different.

Thanks again!
Trade the news and you will lose.
User avatar
Marmot
Posts: 592
Joined: Sun Oct 10, 2010 1:44 pm
Location: Phoenix, AZ

Re: Yubikey only at Vanguard now possible.

Post by Marmot »

I was looking at the Yubico site, how do you figure which type of key? Basically we have a combination of devices, Iphones, Ipads, a Dell desktop and laptop? I took the quiz on the website but an still a bit confused. Thanks.
Marty....don't go to the year 2020....Dr. Emmett Brown
User avatar
ThereAreNoGurus
Posts: 970
Joined: Fri Jan 24, 2014 10:41 pm

Re: Yubikey only at Vanguard now possible.

Post by ThereAreNoGurus »

Marmot wrote: Wed Jul 14, 2021 12:16 pm I was looking at the Yubico site, how do you figure which type of key? Basically we have a combination of devices, Iphones, Ipads, a Dell desktop and laptop? I took the quiz on the website but an still a bit confused. Thanks.
That quiz seemed fishy to me. No matter what my choices it almost always recommended two keys, one that was standard USB and one that was USB-C even though it appeared to me I did not need USB-C.
Trade the news and you will lose.
Post Reply