[Vanguard] Anybody know how to make "Yes, I plan to log in from this device in the future" actually work?

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
tibbitts
Posts: 23717
Joined: Tue Feb 27, 2007 5:50 pm

Re: Anybody know how to make "Yes, I plan to log in from this device in the future" actually work?

Post by tibbitts »

Silence Dogood wrote: Wed Feb 23, 2022 10:11 am I don't think it should even be an option - two factors should always be required.

Also, why is there such a bias against the second factor (something you have)? If I had to choose, I would forgo the first factor (something you know - your password) instead. It would be much more difficult for someone to steal my Yubikey than it would be for someone to steal my password.
I'd be okay with requiring a second factor with that being my fingerprint or some sort of face scan, as long as that could reliably identify me. Obviously I wouldn't want it to be some physical device I had to have with me.
User avatar
bertilak
Posts: 10725
Joined: Tue Aug 02, 2011 5:23 pm
Location: East of the Pecos, West of the Mississippi

Re: Anybody know how to make "Yes, I plan to log in from this device in the future" actually work?

Post by bertilak »

tibbitts wrote: Wed Feb 23, 2022 10:40 am
nordsteve wrote: Tue Feb 22, 2022 8:50 pm It has nothing to do with "bad IT." Vanguard needs to defend against cookie stealing attacks.

I just spent several weeks in a well known hotel. Fidelity repeatedly prompted me for the 2FA code on the hotel wifi. Same machine and browser, on my home network, no repeated prompts.
The problem is: same network/IP, same computer, not even close the browser... yet still get prompted after setting the preference to not to be in your profile and during the initial login process.
I would try two things:
1. Another browser.
2. Resetting all settings to default.
May neither drought nor rain nor blizzard disturb the joy juice in your gizzard. -- Squire Omar Barker (aka S.O.B.), the Cowboy Poet
tibbitts
Posts: 23717
Joined: Tue Feb 27, 2007 5:50 pm

Re: Anybody know how to make "Yes, I plan to log in from this device in the future" actually work?

Post by tibbitts »

bertilak wrote: Wed Feb 23, 2022 11:04 am
tibbitts wrote: Wed Feb 23, 2022 10:40 am
nordsteve wrote: Tue Feb 22, 2022 8:50 pm It has nothing to do with "bad IT." Vanguard needs to defend against cookie stealing attacks.

I just spent several weeks in a well known hotel. Fidelity repeatedly prompted me for the 2FA code on the hotel wifi. Same machine and browser, on my home network, no repeated prompts.
The problem is: same network/IP, same computer, not even close the browser... yet still get prompted after setting the preference to not to be in your profile and during the initial login process.
I would try two things:
1. Another browser.
2. Resetting all settings to default.
When the problem first occurred I experienced it on both Chrome and Firefox before complaining to Vanguard. Vanguard seemed vaguely familiar with the problem but not that interested. I should probably try Edge; I'll do that and try to remember to post the results, although that obviously isn't a solution available to everyone (outside of the Windows community, that I know of.)
aaaaaa111111
Posts: 153
Joined: Tue Jan 04, 2022 3:29 pm

-----

Post by aaaaaa111111 »

-----
Last edited by aaaaaa111111 on Fri Nov 10, 2023 2:53 pm, edited 1 time in total.
H-Town
Posts: 5905
Joined: Sun Feb 26, 2017 1:08 pm

Re: Anybody know how to make "Yes, I plan to log in from this device in the future" actually work?

Post by H-Town »

tibbitts wrote: Wed Feb 23, 2022 10:43 am
Silence Dogood wrote: Wed Feb 23, 2022 10:11 am I don't think it should even be an option - two factors should always be required.

Also, why is there such a bias against the second factor (something you have)? If I had to choose, I would forgo the first factor (something you know - your password) instead. It would be much more difficult for someone to steal my Yubikey than it would be for someone to steal my password.
I'd be okay with requiring a second factor with that being my fingerprint or some sort of face scan, as long as that could reliably identify me. Obviously I wouldn't want it to be some physical device I had to have with me.
Wasn't there a public outrage because the IRS requires face recognition?
Time is the ultimate currency.
Silence Dogood
Posts: 1660
Joined: Tue Feb 01, 2011 8:22 pm

Re: Anybody know how to make "Yes, I plan to log in from this device in the future" actually work?

Post by Silence Dogood »

tibbitts wrote: Wed Feb 23, 2022 10:43 am
Silence Dogood wrote: Wed Feb 23, 2022 10:11 am I don't think it should even be an option - two factors should always be required.

Also, why is there such a bias against the second factor (something you have)? If I had to choose, I would forgo the first factor (something you know - your password) instead. It would be much more difficult for someone to steal my Yubikey than it would be for someone to steal my password.
I'd be okay with requiring a second factor with that being my fingerprint or some sort of face scan, as long as that could reliably identify me. Obviously I wouldn't want it to be some physical device I had to have with me.
So you prefer biometrics (something you are) over a security key (something you have)?

I wouldn't consider a personal preference to be obvious. Personally, I prefer security keys over biometrics.
FactualFran
Posts: 2776
Joined: Sat Feb 21, 2015 1:29 pm

Re: Anybody know how to make "Yes, I plan to log in from this device in the future" actually work?

Post by FactualFran »

tibbitts wrote: Wed Feb 23, 2022 10:40 am The problem is: same network/IP, same computer, not even close the browser... yet still get prompted after setting the preference to not to be in your profile and during the initial login process.
Likely, the login process checks the setting of whether to always use 2FA before checking whether the I plan to log in from this device in the future option had been used during the previous login process. Changing the option at the Vanguard web site about whether 2FA is always to be used has no effect on the current session. The setting will be used during the session established by the next login.

Exactly what happens depends on details of the login process; details that Vanguard likely does not want to reveal.
tibbitts
Posts: 23717
Joined: Tue Feb 27, 2007 5:50 pm

Re: Anybody know how to make "Yes, I plan to log in from this device in the future" actually work?

Post by tibbitts »

H-Town wrote: Wed Feb 23, 2022 11:56 am
tibbitts wrote: Wed Feb 23, 2022 10:43 am
Silence Dogood wrote: Wed Feb 23, 2022 10:11 am I don't think it should even be an option - two factors should always be required.

Also, why is there such a bias against the second factor (something you have)? If I had to choose, I would forgo the first factor (something you know - your password) instead. It would be much more difficult for someone to steal my Yubikey than it would be for someone to steal my password.
I'd be okay with requiring a second factor with that being my fingerprint or some sort of face scan, as long as that could reliably identify me. Obviously I wouldn't want it to be some physical device I had to have with me.
Wasn't there a public outrage because the IRS requires face recognition?
I found the facial scan on ID.me (for the IRS) to be difficult to set up, but as far I know that's only a one-time requirement. It would have to work a lot more transparently for Vanguard, more like a fingerprint scan does. However the point of the displeasure with the IRS was that until a few weeks ago, it was being presented as the only way to use the service going forward. I would want Vanguard to give multiple 2FA alternatives, and wouldn't suggest they require facial recognition as the only 2FA option.
tibbitts
Posts: 23717
Joined: Tue Feb 27, 2007 5:50 pm

Re: Anybody know how to make "Yes, I plan to log in from this device in the future" actually work?

Post by tibbitts »

FactualFran wrote: Wed Feb 23, 2022 12:01 pm
tibbitts wrote: Wed Feb 23, 2022 10:40 am The problem is: same network/IP, same computer, not even close the browser... yet still get prompted after setting the preference to not to be in your profile and during the initial login process.
Likely, the login process checks the setting of whether to always use 2FA before checking whether the I plan to log in from this device in the future option had been used during the previous login process. Changing the option at the Vanguard web site about whether 2FA is always to be used has no effect on the current session. The setting will be used during the session established by the next login.

Exactly what happens depends on details of the login process; details that Vanguard likely does not want to reveal.
But everybody is both checking the "remember" box on the login form AND setting their profile to only use 2FA for unrecognized computers.
tibbitts
Posts: 23717
Joined: Tue Feb 27, 2007 5:50 pm

Re: Anybody know how to make "Yes, I plan to log in from this device in the future" actually work?

Post by tibbitts »

Silence Dogood wrote: Wed Feb 23, 2022 11:57 am
tibbitts wrote: Wed Feb 23, 2022 10:43 am
Silence Dogood wrote: Wed Feb 23, 2022 10:11 am I don't think it should even be an option - two factors should always be required.

Also, why is there such a bias against the second factor (something you have)? If I had to choose, I would forgo the first factor (something you know - your password) instead. It would be much more difficult for someone to steal my Yubikey than it would be for someone to steal my password.
I'd be okay with requiring a second factor with that being my fingerprint or some sort of face scan, as long as that could reliably identify me. Obviously I wouldn't want it to be some physical device I had to have with me.
So you prefer biometrics (something you are) over a security key (something you have)?

I wouldn't consider a personal preference to be obvious. Personally, I prefer security keys over biometrics.
I don't want to be dependent on a second device I need to have with me whenever I want to log on, or that I can easily lose. It might be okay to have the 2FA be something like authenticator software, as long as it could be integrated onto the PC/mac and not something you'd need a separate device (key, phone, etc.) for. But that would make you somewhat more vulnerable to having a single device compromised; the biometric situation seemingly less so.
FactualFran
Posts: 2776
Joined: Sat Feb 21, 2015 1:29 pm

Re: Anybody know how to make "Yes, I plan to log in from this device in the future" actually work?

Post by FactualFran »

tibbitts wrote: Wed Feb 23, 2022 1:27 pm But everybody is both checking the "remember" box on the login form AND setting their profile to only use 2FA for unrecognized computers.
Not everybody is both checking the "remember" box on the login form AND setting their profile to only use 2FA for unrecognized computers. I don't check either.

The behavior likely depends on the details of the Vanguard login process. It may be necessary to change the 2FA profile setting, logout, and login (to start a new session with the changed 2FA profile setting) for the "remember" box on the login form to have an effect.
User avatar
PinotGris
Posts: 1115
Joined: Tue Feb 14, 2012 8:38 pm

Re: Anybody know how to make "Yes, I plan to log in from this device in the future" actually work?

Post by PinotGris »

financeperchance wrote: Mon Feb 21, 2022 9:34 pm
"This code expires in 10 minutes.
Enter the security code to enable the next button."
This Vanguard 2F authentication is getting frustrating. Macbook Safari I logged in this morning, clicked the box... and just now this evening I have to do the 2F authentication again. I don't always carry my phone with me everywhere around the house, so this is a pain.

Is there some browser or operating system that actually remembers your choice? Thank you.
It is a dysfunction of the site. Nothing works. If it works, it reverts back to not working. It is a stupid system. Whatever settings you set should stay as is. The rep. blamed Firefox. I think it has to do with cookies but my other secure sites work fine, like my bank and credit cards. I just got a request to review my experience with Vanguard and I kvetched plenty.
tibbitts
Posts: 23717
Joined: Tue Feb 27, 2007 5:50 pm

Re: Anybody know how to make "Yes, I plan to log in from this device in the future" actually work?

Post by tibbitts »

FactualFran wrote: Wed Feb 23, 2022 2:39 pm
tibbitts wrote: Wed Feb 23, 2022 1:27 pm But everybody is both checking the "remember" box on the login form AND setting their profile to only use 2FA for unrecognized computers.
Not everybody is both checking the "remember" box on the login form AND setting their profile to only use 2FA for unrecognized computers. I don't check either.

The behavior likely depends on the details of the Vanguard login process. It may be necessary to change the 2FA profile setting, logout, and login (to start a new session with the changed 2FA profile setting) for the "remember" box on the login form to have an effect.
Well, I meant that everybody complaining is setting those options. I understand that not everyone wants that behavior.

The result of my Edge test today is that the same problem occurs with that browser. Again, "remember" specified on the login screen, no closing the browser, account options set to only require 2FA on unrecognized devices.
000
Posts: 8211
Joined: Thu Jul 23, 2020 12:04 am

Re: Anybody know how to make "Yes, I plan to log in from this device in the future" actually work?

Post by 000 »

H-Town wrote: Wed Feb 23, 2022 8:09 am It seems like Vanguard unintentionally gives you heath benefit here. You gotta stand up, walk up and down a flight of stairs. That’s good right? Now if only it finds a way to make us walk 2 miles to get the passcode for every time we log in.
Sometimes (like today and yesterday) Vanguard even automatically logs me out due to 15 minutes inactivity, then when I click the button to log back in (still in the same browser session to be clear), I get hit with ANOTHER 2FA demand. That is buggy. Why do you insist on defending clearly buggy technology?
H-Town
Posts: 5905
Joined: Sun Feb 26, 2017 1:08 pm

Re: Anybody know how to make "Yes, I plan to log in from this device in the future" actually work?

Post by H-Town »

000 wrote: Wed Feb 23, 2022 4:41 pm
H-Town wrote: Wed Feb 23, 2022 8:09 am It seems like Vanguard unintentionally gives you heath benefit here. You gotta stand up, walk up and down a flight of stairs. That’s good right? Now if only it finds a way to make us walk 2 miles to get the passcode for every time we log in.
Sometimes (like today and yesterday) Vanguard even automatically logs me out due to 15 minutes inactivity, then when I click the button to log back in (still in the same browser session to be clear), I get hit with ANOTHER 2FA demand. That is buggy. Why do you insist on defending clearly buggy technology?
Funny I haven't run into that bug yet... must be something I didn't do?

Just a different perspective, take a step back and the problem won't be as big as you think.
Time is the ultimate currency.
exodusNH
Posts: 10347
Joined: Wed Jan 06, 2021 7:21 pm

Re: Anybody know how to make "Yes, I plan to log in from this device in the future" actually work?

Post by exodusNH »

RubyTuesday wrote: Wed Feb 23, 2022 7:24 am
exodusNH wrote: Tue Feb 22, 2022 7:48 am
financeperchance wrote: Mon Feb 21, 2022 10:02 pm
exodusNH wrote: Mon Feb 21, 2022 9:47 pm It something on Vanguard's end. Sometimes it works for days, other times it stops working immediately.
Incredible. I'm starting to get a sense for what people mean when they say Vg is having issues with its tech department.
mhalley wrote: Mon Feb 21, 2022 9:53 pm Use a google voice number for the 2FA so you don’t need your phone?
I love this idea and will do that. Thank you!
Not all sites support Google voice numbers.
But Vanguard, the site OP is dealing with, does.

OP search other threads here for convenient but still highly secure 2FA approaches with Vanguard, Yubico Yubikeys and Google Voice. Many threads.
I wasn't attempting to suggest otherwise. I was warning him it's not a universal solution to the problem, and probably isn't contractually guaranteed by Vanguard.
exodusNH
Posts: 10347
Joined: Wed Jan 06, 2021 7:21 pm

Re: Anybody know how to make "Yes, I plan to log in from this device in the future" actually work?

Post by exodusNH »

Silence Dogood wrote: Wed Feb 23, 2022 11:57 am
tibbitts wrote: Wed Feb 23, 2022 10:43 am
Silence Dogood wrote: Wed Feb 23, 2022 10:11 am I don't think it should even be an option - two factors should always be required.

Also, why is there such a bias against the second factor (something you have)? If I had to choose, I would forgo the first factor (something you know - your password) instead. It would be much more difficult for someone to steal my Yubikey than it would be for someone to steal my password.
I'd be okay with requiring a second factor with that being my fingerprint or some sort of face scan, as long as that could reliably identify me. Obviously I wouldn't want it to be some physical device I had to have with me.
So you prefer biometrics (something you are) over a security key (something you have)?

I wouldn't consider a personal preference to be obvious. Personally, I prefer security keys over biometrics.
I agree. I don't think biometrics should be used. First, you have no way to dispute or change your "key" when something goes wrong. They don't handle issues, such as losing a finger / hand, well. I don't trust companies to do the right thing with something I can't change, beyond multilating myself!
Angst
Posts: 2968
Joined: Sat Jun 09, 2007 11:31 am

Re: Anybody know how to make "Yes, I plan to log in from this device in the future" actually work?

Post by Angst »

I'm inclined to blame Vanguard, but what do I know? Well, this I do know: On my home network, using Firefox on a laptop only I ever use, I have no problems accessing either my bank's 2FA protected website nor Fidelity's. But Vanguard's? It's amazingly random. I'd say something like 25% of my logins require 2FA, but it's so random. I rarely delete cookies and FF isn't set to do it automatically. I think rarely, if ever, have I gotten consecutive 2FA requests, but it is surely an annoyance. I also know that Vanguard's present mix of old/new webpage design is a mess, and lucky you if you don't also have your company's 401(k) administered by Vanguard.
FactualFran
Posts: 2776
Joined: Sat Feb 21, 2015 1:29 pm

Re: Anybody know how to make "Yes, I plan to log in from this device in the future" actually work?

Post by FactualFran »

tibbitts wrote: Wed Feb 23, 2022 3:05 pm The result of my Edge test today is that the same problem occurs with that browser. Again, "remember" specified on the login screen, no closing the browser, account options set to only require 2FA on unrecognized devices.
"Remember this device" worked with Edge for me. I have rarely used Edge and strongly suspect that I have never previously logged in to the Vanguard web site using Edge.

A preliminary test was
  • With usual browser (not Edge)
    • Enter username and password on Vanguard login web page.
    • Enter security code sent to mobile phone to complete login selecting No for "Remember this device?"
    • Change profile option at Vanguard to not use 2FA with recognized device (profile option had been always use 2FA).
  • With Edge
    • Enter username and password on Vanguard login web page.
    • Enter security code sent to mobile phone to complete login selecting Yes for "Remember this device?"
    • Logout.
    • Enter username and password on Vanguard login web page. The login completed without a security code.
A more extensive test started about two hours later. In the meantime, I logged out both browsers from Vanguard and connected to a different internet service provider. With Edge
  • Enter username and password on Vanguard login web page.
  • Enter security code sent to mobile phone to complete login selecting Yes for "Remember this device?"
  • Do nothing for about 15 minutes; Vanguard account web page was automatically replaced by a "Your session has expired" Vanguard web page.
  • Click on "log back in" link on the "Your session has expired" Vanguard web page.
  • Enter username and password on Vanguard login web page. The login completed without a security code.
  • Exit Edge
  • Disconnect from internet and reconnect about 2 hours later.
  • Start Edge and enter username and password on Vanguard login web page. The login completed without a security code.
So, "Yes, I plan to login in from this device in the future" actually works. I have no idea what others are doing that interferes with it working for them.
tibbitts
Posts: 23717
Joined: Tue Feb 27, 2007 5:50 pm

Re: Anybody know how to make "Yes, I plan to log in from this device in the future" actually work?

Post by tibbitts »

FactualFran wrote: Wed Feb 23, 2022 11:34 pm
tibbitts wrote: Wed Feb 23, 2022 3:05 pm The result of my Edge test today is that the same problem occurs with that browser. Again, "remember" specified on the login screen, no closing the browser, account options set to only require 2FA on unrecognized devices.
"Remember this device" worked with Edge for me. I have rarely used Edge and strongly suspect that I have never previously logged in to the Vanguard web site using Edge.

A preliminary test was
  • With usual browser (not Edge)
    • Enter username and password on Vanguard login web page.
    • Enter security code sent to mobile phone to complete login selecting No for "Remember this device?"
    • Change profile option at Vanguard to not use 2FA with recognized device (profile option had been always use 2FA).
  • With Edge
    • Enter username and password on Vanguard login web page.
    • Enter security code sent to mobile phone to complete login selecting Yes for "Remember this device?"
    • Logout.
    • Enter username and password on Vanguard login web page. The login completed without a security code.
A more extensive test started about two hours later. In the meantime, I logged out both browsers from Vanguard and connected to a different internet service provider. With Edge
  • Enter username and password on Vanguard login web page.
  • Enter security code sent to mobile phone to complete login selecting Yes for "Remember this device?"
  • Do nothing for about 15 minutes; Vanguard account web page was automatically replaced by a "Your session has expired" Vanguard web page.
  • Click on "log back in" link on the "Your session has expired" Vanguard web page.
  • Enter username and password on Vanguard login web page. The login completed without a security code.
  • Exit EdgeI'
  • Disconnect from internet and reconnect about 2 hours later.
  • Start Edge and enter username and password on Vanguard login web page. The login completed without a security code.
So, "Yes, I plan to login in from this device in the future" actually works. I have no idea what others are doing that interferes with it working for them.
I've been able to bypass 2FA for up to about 24hrs, seemingly randomly, with Chrome. I only tried Edge today so I can't say if I'll ever be able to do 24hrs or more with that; my first attempt failed after about an hour. But I'm not counting 24hrs as "working."
crefwatch
Posts: 2500
Joined: Sun Apr 15, 2007 1:07 pm
Location: New Jersey, USA
Contact:

Re: Anybody know how to make "Yes, I plan to log in from this device in the future" actually work?

Post by crefwatch »

I have adjusted my Vanguard security profile, and still get 2FA for 90% of my home desktop logins. I wonder if Firefox is involved? BTW, I have to delete and re-type at least the last character of my (pre-filled) username and password for the Login button to do anything.
bpr
Posts: 50
Joined: Fri Aug 21, 2015 1:20 pm

Re: Anybody know how to make "Yes, I plan to log in from this device in the future" actually work?

Post by bpr »

TropikThunder wrote: Mon Feb 21, 2022 11:00 pm
financeperchance wrote: Mon Feb 21, 2022 10:02 pm
exodusNH wrote: Mon Feb 21, 2022 9:47 pm It something on Vanguard's end. Sometimes it works for days, other times it stops working immediately.
Incredible. I'm starting to get a sense for what people mean when they say Vg is having issues with its tech department.
Sounds more like a user issue than a Vanguard issue IMO. There’s a profile setting where you can either ask it to only do 2FA from unrecognized computers, or to do 2FA from all computers. If it’s set to “all computers” (which is the default security setting for most websites I believe, not just Vanguard), then each and every login will require the 2FA security code even if it’s a computer you told Vanguard to remember. I don’t recall any financial website I’ve logged into that remembers your computer unless you ask it to. But that’s not a bug, it’s a feature one can select.

Profile and Account Settings -> Security Code settings -> Frequency. Select either

(1) “Only when Vanguard doesn't recognize my computer or device”
During logon, you have the option for us to remember (or recognize) the computer or device that you're using to access your accounts. We won't prompt you to enter your security code on computers or devices that we recognize if you choose this frequency. For your protection, we will send you a security code and ask you to enter it when you log on from a computer or device that we don't recognize.

-or-

(2) Every time I log on.
Important: This means you'll need to be near the phone you've indicated during setup every time you log on to vanguard.com or our mobile apps.
I have same issue even with option 1 selected. I use chrome.
Motostash
Posts: 55
Joined: Sun Jan 30, 2022 6:53 am

Re: Anybody know how to make "Yes, I plan to log in from this device in the future" actually work?

Post by Motostash »

financeperchance wrote: Tue Feb 22, 2022 9:18 pm
Motostash wrote: Tue Feb 22, 2022 7:38 am Only check 1x/month and it might suddenly stop bothering you.
Not everyone is so privileged that they only need to do one transaction a month, but congratulations for being there yourself.
Do you really need more than 1 login worth of transactionS per month? How does that optimize your sit? Are you really staying the course?

I've got a ways to go before I'll feel privileged, but I'm glad to not be stressing myself out with the daily nail-biting logins anymore. I just told myself to stop, and my line of best fit is exactly the same. Try it before you knock it.

Don't forget: tech is supposed to make life easier. If it's not, you are its slave. Flip the table, or just call me a gaslighter and move on.
KarenC
Posts: 264
Joined: Mon Apr 27, 2015 7:25 am

Re: Anybody know how to make "Yes, I plan to log in from this device in the future" actually work?

Post by KarenC »

FactualFran wrote: Wed Feb 23, 2022 11:34 pm
tibbitts wrote: Wed Feb 23, 2022 3:05 pm The result of my Edge test today is that the same problem occurs with that browser. Again, "remember" specified on the login screen, no closing the browser, account options set to only require 2FA on unrecognized devices.
"Remember this device" worked with Edge for me. I have rarely used Edge and strongly suspect that I have never previously logged in to the Vanguard web site using Edge.

[…]

So, "Yes, I plan to login in from this device in the future" actually works. I have no idea what others are doing that interferes with it working for them.
I also use Edge, but I've seen a difference of how "Yes, I plan to log in from this device in the future" behaves. In the past, when I've checked that box (and confirmed I'm me using the 2FA), it seemed to last until the next browser or OS update. Recently, I've been seeing it much more often; this is all from the same browser, OS, not using a VPN or suchlike, not clearing out my cookies, same set of browser extensions.

One thing that has changed for me is that I've been performing much more transactions than normal, which makes me wonder if VG on the backend invalidates the "remembered device" when certain financial activity occurs. This spate of transactions will soon come to an end, so I'll have more anecdata after that.
"The first principle is that you must not fool yourself—and you are the easiest person to fool." — Richard P. Feynman
User avatar
oldcomputerguy
Moderator
Posts: 17932
Joined: Sun Nov 22, 2015 5:50 am
Location: Tennessee

Re: Anybody know how to make "Yes, I plan to log in from this device in the future" actually work?

Post by oldcomputerguy »

000 wrote: Mon Feb 21, 2022 10:40 pm No, I see the same issue intermittently. It is actually annoying enough that I will transfer soon.
I just did. Moved all my Vanguard holdings to Schwab. Went extremely smoothly.
There is only one success - to be able to spend your life in your own way. (Christopher Morley)
User avatar
steve r
Posts: 1300
Joined: Mon Feb 13, 2012 7:34 pm
Location: Connecticut

Re: Anybody know how to make "Yes, I plan to log in from this device in the future" actually work?

Post by steve r »

Same issue here. I found that it matters if we last checked my account or another VG account (DW's).

Personally, I do not find it at all annoying tough. I would much rather VG or anyone else be too cautious (trigger 2F for any reason at all) than not cautious enough. The fact that this is becoming a long thread suggests others feel strongly different.
"Owning the stock market over the long term is a winner's game. Attempting to beat the market is a loser's game. ..Don't look for the needle in the haystack. Just buy the haystack." Jack Bogle
fourwheelcycle
Posts: 1968
Joined: Sun May 25, 2014 5:55 pm

Re: Anybody know how to make "Yes, I plan to log in from this device in the future" actually work?

Post by fourwheelcycle »

Gee, this is getting to be a long thread. When it first began, I did not post because no one seemed to be identifying cookie management as the key factor. Now many people have focused on cookie management, yet many others are still complaining. I don't have a magic answer, but I will note my experience. I previously used Safari, on my Mac computers, along with an excellent app called Cookie 6 that lets you check the cookies you want to keep, then the app deletes all other cookies each time you close your browser. As long as I did not log-in to Vanguard with my VPN turned on, Cookie 6 enabled me to log-in without a new 2FA cycle until "something happened" to wipe out my Vanguard cookies. The cycles were pretty long and I never felt compelled to figure out whether the "something" was a mistake by me, an update of MacOS or Safari, or something done by Vanguard.

However, I recently switched to Chrome as my main browser because, aside from cookie issues, I sometimes bump into websites that do not work well with Safari. Unfortunately, I have not been able to find an app that works with Chrome the way Cookie 6 works with Safari, i.e., that lets me check which cookies I want to preserve and deletes the rest every time I close Chrome. Now I seem to have fewer random website problems, but I also have much shorter cycles between new 2FA requirements at Vanguard. As they say, "You make your choices and you live with what you get". As they also say, "Life is Good" - but it is not perfect.
rkhusky
Posts: 17764
Joined: Thu Aug 18, 2011 8:09 pm

Re: Anybody know how to make "Yes, I plan to log in from this device in the future" actually work?

Post by rkhusky »

steve r wrote: Sun Feb 27, 2022 6:52 am Personally, I do not find it at all annoying tough. I would much rather VG or anyone else be too cautious (trigger 2F for any reason at all) than not cautious enough. The fact that this is becoming a long thread suggests others feel strongly different.
Hopefully it is not the same people complaining now, who have complained in the past about Vanguard not being secure enough.
rkhusky
Posts: 17764
Joined: Thu Aug 18, 2011 8:09 pm

Re: Anybody know how to make "Yes, I plan to log in from this device in the future" actually work?

Post by rkhusky »

oldcomputerguy wrote: Sun Feb 27, 2022 6:43 am
000 wrote: Mon Feb 21, 2022 10:40 pm No, I see the same issue intermittently. It is actually annoying enough that I will transfer soon.
I just did. Moved all my Vanguard holdings to Schwab. Went extremely smoothly.
No brokerage is perfect:
viewtopic.php?p=6540013#p6540013
viewtopic.php?f=1&t=339869

You just have to choose which imperfections bother you the least.
Tanelorn
Posts: 2370
Joined: Thu May 01, 2014 9:35 pm

Re: Anybody know how to make "Yes, I plan to log in from this device in the future" actually work?

Post by Tanelorn »

PinotGris wrote: Wed Feb 23, 2022 3:03 pm It is a dysfunction of the site. Nothing works. If it works, it reverts back to not working. It is a stupid system. Whatever settings you set should stay as is. The rep. blamed Firefox. I think it has to do with cookies but my other secure sites work fine, like my bank and credit cards. I just got a request to review my experience with Vanguard and I kvetched plenty.
I agree. It’s a bad system and doesn’t even do what it says it will do properly. I remember I must have hit that 2FA thing 6 times in the same day, from the same computer, having checked their “remember box” dutifully every time.

Maybe if they would allow a time-out setting so it wouldn’t log you out after 15 minutes or whatever so you only had to log in 1-2/day when not actively using the site, this would be less of a hassle.
Angst
Posts: 2968
Joined: Sat Jun 09, 2007 11:31 am

Re: Anybody know how to make "Yes, I plan to log in from this device in the future" actually work?

Post by Angst »

+1

Perhaps if Vanguard demonstrated at least a slight level of interest in what a forum like the Bogleheads is saying about it and its website... Just a token, occasional hint of a presence in the forum could go a long way, but mere anecdotes we've seen posted about Vanguard watching us don't impress me at all.

I believe we merit at least a modicum of interaction with Vanguard.
anita bahth
Posts: 184
Joined: Tue Dec 14, 2021 3:33 pm

Re: Anybody know how to make "Yes, I plan to log in from this device in the future" actually work?

Post by anita bahth »

Shouldn't people be concerned that their life savings are at a company whose IT they don't trust? If they seem inept, isn't there a nagging worry of the company being hacked? otoh is the thinking that if they have their security set so high that it even annoys regular customers, then it must be extra safe in that sense?

btw there's the opposite thread here somewhere of someone complaining that their bank doesn't require 2FA every time and it made them uneasy. I think they actually left that bank over it.
chuckb84
Posts: 628
Joined: Wed Oct 21, 2015 10:41 am
Location: New Mexico

Re: Anybody know how to make "Yes, I plan to log in from this device in the future" actually work?

Post by chuckb84 »

I have the same problem. I've always assumed that is because I'm on a Mac with Safari. The Blue Cross web page has exactly the same problem.

I don't know if this is a browser/OS related issue, but it simply doesn't work. I think it is, and that's just bad design.
JackoC
Posts: 4714
Joined: Sun Aug 12, 2018 11:14 am

Re: Anybody know how to make "Yes, I plan to log in from this device in the future" actually work?

Post by JackoC »

itsmeagain wrote: Tue Feb 22, 2022 7:32 pm It's another example of Vanguard's lousy technology. It used to work consistently until maybe 6-12 months ago. That is, I could say I was using a personal device, and it would rememeber without sending a code. I still use the same lap top, but now it doesn't respond consistently. I only log on from a personal device, so at least it's just a small inconvenience.
I've had same experience as you and some others. When Vang first did 2FA, the check box which said 'private device' disabled 2FA for some time, weeks or more. Now at the very least the time setting until it lapses back to 2FA has been drastically shortened. I can sometimes avoid the 2FA if I log back on within minutes, or I seem to recall that still happening sometimes even recently though not 100% sure, but by the next day it's always forgotten. I'll try the profile changing stuff somebody suggested but I'm sure it used to work just by answering 'private device' and now it basically doesn't. It would seem Vanguard should have disclosed this if it's a policy change, or else it's a bug. But I'd also count it as Vanguard's bug if a slightly different operating system or major browser made it not work.

Since my kids give me unofficial permission to access their accounts (if anyone is going to say 'you're committing a crime by doing that without this or that bureaucrato-legalism, hire a lawyer immediately!' save it :happy ) this has become a significant nuisance. I have to first make sure they're available to text me the code, since we want the code to go to their phones. If it was just my account I wouldn't care much though I'd still be puzzled why there's still a check box for 'private device' which now seems to accomplish almost nothing.
JackoC
Posts: 4714
Joined: Sun Aug 12, 2018 11:14 am

Re: Anybody know how to make "Yes, I plan to log in from this device in the future" actually work?

Post by JackoC »

anita bahth wrote: Sun Feb 27, 2022 11:32 am Shouldn't people be concerned that their life savings are at a company whose IT they don't trust? If they seem inept, isn't there a nagging worry of the company being hacked? otoh is the thinking that if they have their security set so high that it even annoys regular customers, then it must be extra safe in that sense?

btw there's the opposite thread here somewhere of someone complaining that their bank doesn't require 2FA every time and it made them uneasy. I think they actually left that bank over it.
I see your point but as you further suggest there's no real way to know if annoying perhaps buggy aspects of security features signify security overkill that should make you 'annoyed yet reassured' or should make you fear incompetence may have generated errors in the other direction you won't know about until they bite you.

I think the only thing is to have some diversification among providers for the 'unknown unknown' risks you can't be sure they don't represent. I would never have almost all my assets anywhere. Although with Vanguard it's a pretty big %, albeit divided among several accounts (self, wife, trust and LLC entities). I have a bunch of bank accounts and, almost never logging onto them except at home on my own devices, I don't worry about the few banks that still don't require 2FA.
JDave
Posts: 591
Joined: Tue Oct 29, 2019 9:23 am

Re: Anybody know how to make "Yes, I plan to log in from this device in the future" actually work?

Post by JDave »

I have the same problem - intermittently VG doesn't recognize my computer, even if I log on twice on the same day, same computer, same browser never closed. It's hit and miss, no discernible pattern.
Tanelorn
Posts: 2370
Joined: Thu May 01, 2014 9:35 pm

Re: Anybody know how to make "Yes, I plan to log in from this device in the future" actually work?

Post by Tanelorn »

chuckb84 wrote: Sun Feb 27, 2022 1:01 pm I have the same problem. I've always assumed that is because I'm on a Mac with Safari.
Mac / Firefox is no better.
fourwheelcycle
Posts: 1968
Joined: Sun May 25, 2014 5:55 pm

Re: Anybody know how to make "Yes, I plan to log in from this device in the future" actually work?

Post by fourwheelcycle »

JackoC wrote: Sun Feb 27, 2022 2:02 pm Since my kids give me unofficial permission to access their accounts ... this has become a significant nuisance. I have to first make sure they're available to text me the code, since we want the code to go to their phones...
My children and their spouses have given me "View Only" permission for their Vanguard accounts. It was easy for them to do, online, with no paper forms or notary signatures required. If your children do the same, it will let you avoid the 2FA hassle.
000
Posts: 8211
Joined: Thu Jul 23, 2020 12:04 am

Re: Anybody know how to make "Yes, I plan to log in from this device in the future" actually work?

Post by 000 »

oldcomputerguy wrote: Sun Feb 27, 2022 6:43 am I just did. Moved all my Vanguard holdings to Schwab. Went extremely smoothly.
First LadyGeek, and now you. Vanguard is losing the bogleheads.org moderator team. Never thought I would see that happen.
JackoC
Posts: 4714
Joined: Sun Aug 12, 2018 11:14 am

Re: Anybody know how to make "Yes, I plan to log in from this device in the future" actually work?

Post by JackoC »

fourwheelcycle wrote: Sun Feb 27, 2022 4:02 pm
JackoC wrote: Sun Feb 27, 2022 2:02 pm Since my kids give me unofficial permission to access their accounts ... this has become a significant nuisance. I have to first make sure they're available to text me the code, since we want the code to go to their phones...
My children and their spouses have given me "View Only" permission for their Vanguard accounts. It was easy for them to do, online, with no paper forms or notary signatures required. If your children do the same, it will let you avoid the 2FA hassle.
I'm sometimes doing actual transactions they direct, though adding their accounts to the 'family view', read only, would help in some cases.
rkhusky
Posts: 17764
Joined: Thu Aug 18, 2011 8:09 pm

Re: Anybody know how to make "Yes, I plan to log in from this device in the future" actually work?

Post by rkhusky »

Tanelorn wrote: Sun Feb 27, 2022 3:47 pm
chuckb84 wrote: Sun Feb 27, 2022 1:01 pm I have the same problem. I've always assumed that is because I'm on a Mac with Safari.
Mac / Firefox is no better.
Works fine for me, with a cookie manager plugin.
Last edited by rkhusky on Sun Feb 27, 2022 9:02 pm, edited 1 time in total.
rkhusky
Posts: 17764
Joined: Thu Aug 18, 2011 8:09 pm

Re: Anybody know how to make "Yes, I plan to log in from this device in the future" actually work?

Post by rkhusky »

JackoC wrote: Sun Feb 27, 2022 8:51 pm
fourwheelcycle wrote: Sun Feb 27, 2022 4:02 pm
JackoC wrote: Sun Feb 27, 2022 2:02 pm Since my kids give me unofficial permission to access their accounts ... this has become a significant nuisance. I have to first make sure they're available to text me the code, since we want the code to go to their phones...
My children and their spouses have given me "View Only" permission for their Vanguard accounts. It was easy for them to do, online, with no paper forms or notary signatures required. If your children do the same, it will let you avoid the 2FA hassle.
I'm sometimes doing actual transactions they direct, though adding their accounts to the 'family view', read only, would help in some cases.
You can also get permission to transact.
fourwheelcycle
Posts: 1968
Joined: Sun May 25, 2014 5:55 pm

Re: Anybody know how to make "Yes, I plan to log in from this device in the future" actually work?

Post by fourwheelcycle »

JackoC wrote: Sun Feb 27, 2022 8:51 pm I'm sometimes doing actual transactions they direct, though adding their accounts to the 'family view', read only, would help in some cases.
Only one child sometimes asks me to help with actual transactions. He is computer savvy and screen shares with me so I can walk him through what he wants to do. Once is usually enough for a new type of transaction. Of course, the children can all use our shared Vanguard rep - they don't need me.
JackoC
Posts: 4714
Joined: Sun Aug 12, 2018 11:14 am

Re: Anybody know how to make "Yes, I plan to log in from this device in the future" actually work?

Post by JackoC »

rkhusky wrote: Sun Feb 27, 2022 8:59 pm
JackoC wrote: Sun Feb 27, 2022 8:51 pm
fourwheelcycle wrote: Sun Feb 27, 2022 4:02 pm
JackoC wrote: Sun Feb 27, 2022 2:02 pm Since my kids give me unofficial permission to access their accounts ... this has become a significant nuisance. I have to first make sure they're available to text me the code, since we want the code to go to their phones...
My children and their spouses have given me "View Only" permission for their Vanguard accounts. It was easy for them to do, online, with no paper forms or notary signatures required. If your children do the same, it will let you avoid the 2FA hassle.
I'm sometimes doing actual transactions they direct, though adding their accounts to the 'family view', read only, would help in some cases.
You can also get permission to transact.
Or the 2FA could just work the way it's supposed to, I could log on with them available to give me the code that comes to their phone, every so many weeks/months, click 'private device' and then be able to log on again without bothering them. The way we used to do it.
rkhusky
Posts: 17764
Joined: Thu Aug 18, 2011 8:09 pm

Re: Anybody know how to make "Yes, I plan to log in from this device in the future" actually work?

Post by rkhusky »

JackoC wrote: Mon Feb 28, 2022 8:25 am Or the 2FA could just work the way it's supposed to, I could log on with them available to give me the code that comes to their phone, every so many weeks/months, click 'private device' and then be able to log on again without bothering them. The way we used to do it.
That may violate Vanguard's terms of service. And it's so easy to just get your own login if you all have Vanguard accounts.
JackoC
Posts: 4714
Joined: Sun Aug 12, 2018 11:14 am

Re: Anybody know how to make "Yes, I plan to log in from this device in the future" actually work?

Post by JackoC »

rkhusky wrote: Mon Feb 28, 2022 9:17 am
JackoC wrote: Mon Feb 28, 2022 8:25 am Or the 2FA could just work the way it's supposed to, I could log on with them available to give me the code that comes to their phone, every so many weeks/months, click 'private device' and then be able to log on again without bothering them. The way we used to do it.
That may violate Vanguard's terms of service. And it's so easy to just get your own login if you all have Vanguard accounts.
See my earlier post, not interested in comments like that, just noting something which practically worked, now it doesn't.
FactualFran
Posts: 2776
Joined: Sat Feb 21, 2015 1:29 pm

Re: Anybody know how to make "Yes, I plan to log in from this device in the future" actually work?

Post by FactualFran »

tibbitts wrote: Wed Feb 23, 2022 11:56 pm I've been able to bypass 2FA for up to about 24hrs, seemingly randomly, with Chrome. I only tried Edge today so I can't say if I'll ever be able to do 24hrs or more with that; my first attempt failed after about an hour. But I'm not counting 24hrs as "working."
A few minutes ago, I logged in using about 108 hours after the previous login. I entered the username and password. The login completed without Vanguard sending a security code. The bypass continues to actually work.
tibbitts
Posts: 23717
Joined: Tue Feb 27, 2007 5:50 pm

Re: Anybody know how to make "Yes, I plan to log in from this device in the future" actually work?

Post by tibbitts »

FactualFran wrote: Mon Feb 28, 2022 1:03 pm
tibbitts wrote: Wed Feb 23, 2022 11:56 pm I've been able to bypass 2FA for up to about 24hrs, seemingly randomly, with Chrome. I only tried Edge today so I can't say if I'll ever be able to do 24hrs or more with that; my first attempt failed after about an hour. But I'm not counting 24hrs as "working."
A few minutes ago, I logged in using about 108 hours after the previous login. I entered the username and password. The login completed without Vanguard sending a security code. The bypass continues to actually work.
Interesting. I've had 100% failures after 24hrs (sometimes much less) with every browser I've tried, and I log in at least once a day.
rkhusky
Posts: 17764
Joined: Thu Aug 18, 2011 8:09 pm

Re: Anybody know how to make "Yes, I plan to log in from this device in the future" actually work?

Post by rkhusky »

I’ve gone 6+ months without needing 2FA. But I don’t update my browser or OS very often.
crefwatch
Posts: 2500
Joined: Sun Apr 15, 2007 1:07 pm
Location: New Jersey, USA
Contact:

Re: Anybody know how to make "Yes, I plan to log in from this device in the future" actually work?

Post by crefwatch »

JackoC wrote: Mon Feb 28, 2022 9:28 am See my earlier post, not interested in comments like that, just noting something which practically worked, now it doesn't.
Well, the point is that whether you want to hear it or not (and it may actually be against the law, IANAL), it WORKS, to some extent. I have Vanguard's POA for my mother's account and for my late MIL trust for my wife. When I do beat the Vanguard guard dogs, all those accounts appear together in one place with simple access, almost as if they were "mine."

When there is a 2FA problem, it's simply me and my phone.
Post Reply