That limitation should inspire the use of stronger 2FA like YubiKey, but also additional security gates within Fidelity to prevent unauthorized transactions. I understand that SIPC insurance doesn’t cover losses due to account hacking. I want the *maximum* level of protection for my Fidelity accounts. The bottom line is that Fidelity should make the process very clear for how to maintain the account protection promise while acknowledging that using a password manager is a best practice for security. Fidelity could provide a list of password managers for which Fidelity would maintain Fidelity's account protection guarantee. I would even be OK if Fidelity only protected such accounts by requiring three-factor authentication, such as VIP Access (or YubiKey) and also a thumb-print on their mobile device - for example. Instead, Fidelity should explicitly protect such user account when the customer uses an industry standard password manager and two-factor authentication. By my understanding, Fidelity's account protection promise is void when a customer uses a password manager to store Fidelity login credentials. I'm not sure.One thing I'd like Fidelity to add to their security promise is protection for those who use a password manager to store Fidelity login credentials. I'm not sure of all the security ramifications to do that maybe it's not more complicated than resetting someone who is using Symantec 2FA but I suspect it might be. I guess if they open it up to more apps and people lose access to the app database and don't have backups, Fidelity would have to turn off 2FA for them or set them back to using SMS. If you want to use a 2FA app, it's Symantec, if you lose or break your phone call us to reset it to a new device. My guess is most people do not understand this and don't backup even if it's available.įidelity has kept it simple for now. The more important point is do people using a 2FA authentication app even know or understand that if they lose their phone or it's broken and they do not have a backup, that they are going to have lots of headaches. However, Google Authenticator does not have that sort of backup option and if the person using it does not copy their keys to another device, they have no backup. The Microsoft Authenticator would be my 2nd choice to use after Aegis. Yes Microsoft does allow that option so that's a good thing. I've been with Fidelity for many years and they usually do a pretty good job with introducing and supporting new technologies. I think they will eventfully give us more 2FA options, but for now I'm OK with using Symantec VIP even though it is not my 2FA app of choice. I trust the Fidelity engineers call on this. That hurts every customer because it increases call wait time for everyone. Could you imagine the number of customer support calls Fidelity would get if people were allowed to use any 2FA app. Just read the reviews on Playstore for GA. I suspect most Fidelity customers do not. Now you and I might know how and why to make sure we have a backup of these keys. You need to back up to another device with GA. Apps like Google Authenticator do not have a way to do that. My personal 2FA app choice is Aegis because it allows me to backup my database of secret keys in encrypted form. I have not had any issues with it as I mentioned in another post and I am comfortable with it on my phone. If I lose my phone or it breaks I can just call them to transfer the 2FA capability to a new phone. I've concluded that Fidelity decided to go with the Symantec app because it it easiest for them to administer and support. However, after doing a bit of research in 2FA authenticator apps. I would not buy any Symantec product either.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |