Are there financial institution that implement hardware keys correctly
Are there financial institution that implement hardware keys correctly
Vanguard has had hardware key 2FA for a long time, but has always an allowed a SMS fallback. Yahoo mail also implemented hardware key but allow fallback. Bank of America announced recently that it is now implemented Yubikey, but also allows SMS fallback. In fact, the only account that seems to implement hardware key properly is my google account. I was able to remove SMS and email fallback.
Are there actually institution that implements hardware keys correctly?
Are there actually institution that implements hardware keys correctly?
Re: Are there financial institution that implement hardware keys correctly
I have security key 2FA with Schwab and disabled 2FA codes by SMS.gavinsiu wrote: ↑Sun Aug 07, 2022 1:25 pm Vanguard has had hardware key 2FA for a long time, but has always an allowed a SMS fallback. Yahoo mail also implemented hardware key but allow fallback. Bank of America announced recently that it is now implemented Yubikey, but also allows SMS fallback. In fact, the only account that seems to implement hardware key properly is my google account. I was able to remove SMS and email fallback.
Are there actually institution that implements hardware keys correctly?
"Happiness Is Not My Companion" - Gen. Gouverneur K. Warren. |
(Avatar is the statue of Gen. Warren atop Little Round Top @ Gettysburg National Military Park.)
Re: Are there financial institution that implement hardware keys correctly
Yes, Symantec. Hardware key and also Symantec app. Not a Yubikey, yes, but the ability to disable SMS 2FA is golden.
"Happiness Is Not My Companion" - Gen. Gouverneur K. Warren. |
(Avatar is the statue of Gen. Warren atop Little Round Top @ Gettysburg National Military Park.)
Re: Are there financial institution that implement hardware keys correctly
You probably already know this but the standard workaround for the SMS issue is to use Google Voice for SMS messages. Those messages are available only thru the Google Voice app and by email--that is, outside the services offered by the cell service companies via the SIM.
I agree it is silly for Vanguard et al. not to allow SMS messages to be turned off.
I agree it is silly for Vanguard et al. not to allow SMS messages to be turned off.
Re: Are there financial institution that implement hardware keys correctly
Of course, there are occasions where the provider won't accept a Google Voice number for SMS. I've hit that before -- thankfully not with any of my current financial providers.cowdogman wrote: ↑Mon Aug 08, 2022 1:26 pm You probably already know this but the standard workaround for the SMS issue is to use Google Voice for SMS messages. Those messages are available only thru the Google Voice app and by email--that is, outside the services offered by the cell service companies via the SIM.
I agree it is silly for Vanguard et al. not to allow SMS messages to be turned off.
“Adapt what is useful, reject what is useless, and add what is specifically your own.” ― Bruce Lee
Re: Are there financial institution that implement hardware keys correctly
Yes, Chase won't accept a Google number. Actually, it will accept it, but Chase won't send the codes when needed and the user will need to call Chase to provide a cell number (after a lot of security questions) so the user can get back into the account.GAAP wrote: ↑Tue Aug 09, 2022 11:08 amOf course, there are occasions where the provider won't accept a Google Voice number for SMS. I've hit that before -- thankfully not with any of my current financial providers.cowdogman wrote: ↑Mon Aug 08, 2022 1:26 pm You probably already know this but the standard workaround for the SMS issue is to use Google Voice for SMS messages. Those messages are available only thru the Google Voice app and by email--that is, outside the services offered by the cell service companies via the SIM.
I agree it is silly for Vanguard et al. not to allow SMS messages to be turned off.
-
- Posts: 1576
- Joined: Wed Feb 05, 2020 8:27 am
Re: Are there financial institution that implement hardware keys correctly
I use security keys, but the situation I described in the following thread has me a little concerned. https://www.bogleheads.org/forum/viewt ... p?t=382758