Yubikey and Vanguard use cases

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
Post Reply
Topic Author
RubyTuesday
Posts: 2241
Joined: Fri Oct 19, 2012 11:24 am

Yubikey and Vanguard use cases

Post by RubyTuesday »

I currently access my Vanguard account using multiple methods:

1) using browser on MacBook Pro (MBP)

2) using Vanguard app on iPhone 7

3) using Vanguard app on iPad Pro

4) using browser on iPhone 7 (when app isn’t available at times)

5) using browser on iPad Pro (when app isn’t available at times)

I’m in process of better securing my Vanguard and gmail accounts with 2FA using Yubikeys.

I understand the process for using the keys on MBP, but not sure about using on iPhone and iPad either with the Vanguard app or with browser.

I will soon have multiple NFC enabled Yubikeys and one with a lightning connector for iPad.

Anyone using Yubikeys with iPhone and or iPad in any of the above use cases?

Any feedback or guidance appreciated.
RT
“Doing nothing is better than being busy doing nothing.” – Lao Tzu
Topic Author
RubyTuesday
Posts: 2241
Joined: Fri Oct 19, 2012 11:24 am

Re: Yubikey and Vanguard use cases

Post by RubyTuesday »

Here’s what I’m trying for now. Criticism welcome.

1) Created new gmail account with google voice number that will only be used for financial 2FA texts.
2) Secured this google account with Yubikey
2a) iPhone built in key also used and allows approving access from my phone
3) Changed Vanguard to use this number for receiving verification codes by SMS.
4) registered same yubikey to access vanguard account (but left security codes enrolled with new google voice)

Now when I log on to Vanguard, I have to use the Yubikey. If I don’t have the key, I can have a code sent to google voice. To get into google voice, I have to either have the yubikey or authenticate on my phone.

Any major holes?

I don’t think the google voice is subject to stolen SIM issues.
I believe the 2a still uses a key within iPhone and is secure / not subject to theft/spoofing

Thoughts?
“Doing nothing is better than being busy doing nothing.” – Lao Tzu
Topic Author
RubyTuesday
Posts: 2241
Joined: Fri Oct 19, 2012 11:24 am

Re: Yubikey and Vanguard use cases

Post by RubyTuesday »

Adding some notes based on experiments yesterday…
RubyTuesday wrote: Fri May 28, 2021 10:50 am I currently access my Vanguard account using multiple methods:

1) using browser on MacBook Pro (MBP)
This worked as anticipated. Added security key to account (Yubikey) and changed security codes settings to use new google voice number as backup (May experiment with getting rid of this later).

2) using Vanguard app on iPhone 7

3) using Vanguard app on iPad Pro
This was a little surprising. After I added security keys and required either key or security code for every time I log on, I expected to have to logon with apps again, but did not. Turns out that if you have enabled Touch ID logon, you don’t have to use key/code. I disabled the Touch ID and now the app recognizes that I’m on browser that doesn’t support security key and requires security code. I successfully sent code to google voice and logged on.

4) using browser on iPhone 7 (when app isn’t available at times)

5) using browser on iPad Pro (when app isn’t available at times)
Doesn’t seem to support security key so had to use security codes to google voice, which worked fine.

I’m in process of better securing my Vanguard and gmail accounts with 2FA using Yubikeys.

I understand the process for using the keys on MBP, but not sure about using on iPhone and iPad either with the Vanguard app or with browser.

I will soon have multiple NFC enabled Yubikeys and one with a lightning connector for iPad.

Anyone using Yubikeys with iPhone and or iPad in any of the above use cases?

Any feedback or guidance appreciated.
RT
Based on my experiments, I’ll have to leave the security codes to google voice channel in place if I want to access via iPhone or iPad.

When I get my additional security keys, including one with lightning connector, I may try again with the keys on iOS (not hopeful it will work).

I’ll also explore turning off security code to google voice AFTER enabling Touch ID with the thought that the app may be able to stay authorized but all other access will require security key.
“Doing nothing is better than being busy doing nothing.” – Lao Tzu
pescador
Posts: 40
Joined: Wed Mar 14, 2012 1:49 pm

Re: Yubikey and Vanguard use cases

Post by pescador »

So are you saying that the yubikey does not work with your iPhone app? Is using the app a back door to avoid using the key?
rebellovw
Posts: 1748
Joined: Tue Aug 16, 2016 4:30 pm

Re: Yubikey and Vanguard use cases

Post by rebellovw »

I'm using iPhone X - which supports 5NFC yubikey (oldest iphone to do this) - I just hold it up to my camera. I don't access anything on my iPad. My Macbook Pro and PC - just use the USB/USBc.

Works like a champ.

I'm a fido customer - wish they supported Yubikey!

Sounds like a good time/reason to upgrade your iPhone.
Post Reply