Are there financial institution that implement hardware keys correctly

Non-investing personal finance issues including insurance, credit, real estate, taxes, employment and legal issues such as trusts and wills.
Post Reply
Topic Author
gavinsiu
Posts: 4539
Joined: Sun Nov 14, 2021 11:42 am

Are there financial institution that implement hardware keys correctly

Post by gavinsiu »

Vanguard has had hardware key 2FA for a long time, but has always an allowed a SMS fallback. Yahoo mail also implemented hardware key but allow fallback. Bank of America announced recently that it is now implemented Yubikey, but also allows SMS fallback. In fact, the only account that seems to implement hardware key properly is my google account. I was able to remove SMS and email fallback.

Are there actually institution that implements hardware keys correctly?
User avatar
samsoes
Posts: 2802
Joined: Tue Mar 05, 2013 8:12 am
Location: Northeast Rat Race

Re: Are there financial institution that implement hardware keys correctly

Post by samsoes »

gavinsiu wrote: Sun Aug 07, 2022 1:25 pm Vanguard has had hardware key 2FA for a long time, but has always an allowed a SMS fallback. Yahoo mail also implemented hardware key but allow fallback. Bank of America announced recently that it is now implemented Yubikey, but also allows SMS fallback. In fact, the only account that seems to implement hardware key properly is my google account. I was able to remove SMS and email fallback.

Are there actually institution that implements hardware keys correctly?
I have security key 2FA with Schwab and disabled 2FA codes by SMS.
"Happiness Is Not My Companion" - Gen. Gouverneur K. Warren. | (Avatar is the statue of Gen. Warren atop Little Round Top @ Gettysburg National Military Park.)
Topic Author
gavinsiu
Posts: 4539
Joined: Sun Nov 14, 2021 11:42 am

Re: Are there financial institution that implement hardware keys correctly

Post by gavinsiu »

samsoes wrote: Sun Aug 07, 2022 1:27 pm I have security key 2FA with Schwab and disabled 2FA codes by SMS.
Ah yes, Schwab does not use Yubikey but one of the rotating number fobs?
User avatar
samsoes
Posts: 2802
Joined: Tue Mar 05, 2013 8:12 am
Location: Northeast Rat Race

Re: Are there financial institution that implement hardware keys correctly

Post by samsoes »

gavinsiu wrote: Sun Aug 07, 2022 1:29 pm
samsoes wrote: Sun Aug 07, 2022 1:27 pm I have security key 2FA with Schwab and disabled 2FA codes by SMS.
Ah yes, Schwab does not use Yubikey but one of the rotating number fobs?
Yes, Symantec. Hardware key and also Symantec app. Not a Yubikey, yes, but the ability to disable SMS 2FA is golden.
"Happiness Is Not My Companion" - Gen. Gouverneur K. Warren. | (Avatar is the statue of Gen. Warren atop Little Round Top @ Gettysburg National Military Park.)
User avatar
cowdogman
Posts: 2072
Joined: Sat Dec 16, 2017 6:44 pm
Location: Washington State

Re: Are there financial institution that implement hardware keys correctly

Post by cowdogman »

You probably already know this but the standard workaround for the SMS issue is to use Google Voice for SMS messages. Those messages are available only thru the Google Voice app and by email--that is, outside the services offered by the cell service companies via the SIM.

I agree it is silly for Vanguard et al. not to allow SMS messages to be turned off.
User avatar
cowdogman
Posts: 2072
Joined: Sat Dec 16, 2017 6:44 pm
Location: Washington State

Re: Are there financial institution that implement hardware keys correctly

Post by cowdogman »

Duplicate
GAAP
Posts: 2556
Joined: Fri Apr 08, 2016 12:41 pm

Re: Are there financial institution that implement hardware keys correctly

Post by GAAP »

cowdogman wrote: Mon Aug 08, 2022 1:26 pm You probably already know this but the standard workaround for the SMS issue is to use Google Voice for SMS messages. Those messages are available only thru the Google Voice app and by email--that is, outside the services offered by the cell service companies via the SIM.

I agree it is silly for Vanguard et al. not to allow SMS messages to be turned off.
Of course, there are occasions where the provider won't accept a Google Voice number for SMS. I've hit that before -- thankfully not with any of my current financial providers.
“Adapt what is useful, reject what is useless, and add what is specifically your own.” ― Bruce Lee
User avatar
cowdogman
Posts: 2072
Joined: Sat Dec 16, 2017 6:44 pm
Location: Washington State

Re: Are there financial institution that implement hardware keys correctly

Post by cowdogman »

GAAP wrote: Tue Aug 09, 2022 11:08 am
cowdogman wrote: Mon Aug 08, 2022 1:26 pm You probably already know this but the standard workaround for the SMS issue is to use Google Voice for SMS messages. Those messages are available only thru the Google Voice app and by email--that is, outside the services offered by the cell service companies via the SIM.

I agree it is silly for Vanguard et al. not to allow SMS messages to be turned off.
Of course, there are occasions where the provider won't accept a Google Voice number for SMS. I've hit that before -- thankfully not with any of my current financial providers.
Yes, Chase won't accept a Google number. Actually, it will accept it, but Chase won't send the codes when needed and the user will need to call Chase to provide a cell number (after a lot of security questions) so the user can get back into the account.
OpenMinded1
Posts: 1576
Joined: Wed Feb 05, 2020 8:27 am

Re: Are there financial institution that implement hardware keys correctly

Post by OpenMinded1 »

I use security keys, but the situation I described in the following thread has me a little concerned. https://www.bogleheads.org/forum/viewt ... p?t=382758
Post Reply