Most financial institutions have some type of two-factor authentication (2FA) now when you log into your account. You need something besides your username and password to access your account.

Using 2FA is better than not using it, but different forms of 2FA aren’t created equal. When you have a choice, use a stronger form of 2FA.

Table of ContentsThe Weakest Link: Password ResetGoogle Voice for SMSSecure Your EmailSymantec VIPBuy Hardware TokenRegister Token with FidelityYubikeyAdd Yubikey to Google AccountRegister Yubikey with VanguardSymantec VIP On YubikeyThe Weakest Link: Password Reset

Before banks and brokers implemented 2FA, the emphasis had been on the strength of your password — make it long and include mixed case letters, numbers, and symbols. With 2FA, the weakest link shifted to the password reset path. Criminals don’t bother cracking your password when they can just reset it.

As a drill, go through the “forgot password” process for your accounts and see which items are needed to reset your password. Those are the things you need to secure.

Google Voice for SMS

Some financial institutions send security codes by SMS text message to a mobile phone number on file. This is weak because a mobile phone number can be hijacked through SIM swapping. A criminal can reset your password and gain access to your accounts after they hijack your mobile phone number.

You should get a Google Voice number and only use that number for your financial accounts. A Google Voice number is less prone to getting hijacked. Install the Google Voice app on your phone and read the security codes in the Google Voice app. Don’t forward text messages sent to your Google Voice number.

Your Google Voice number is secure after you secure your Google account. Google supports using a hardware key (see the Yubikey section later in this post) or a mobile authenticator app.

Some places refuse to send security codes to Google Voice numbers. I would avoid using them if they send security codes by SMS text message but they don’t support Google Voice numbers. That’s one reason I closed my account with Ally Bank.

Secure Your Email

Some financial institutions send security codes and password resets by email. That means you must secure your email. If a criminal hacks into your email, they can get the security code and reset the password to your bank or brokerage accounts.

If you Gmail, Google offers Advanced Protection with a hardware key (see the Yubikey section later in this post) or a mobile authenticator app.

Symantec VIP

Fidelity, Charles Schwab, and E*Trade support the free Symantec VIP mobile app on your phone. The app generates a six-digit security code that you use with your username and password.

A mobile app is more secure than text messages because it’s tied to a physical device, not to a phone number that can be hijacked remotely. However, you won’t be able to log in to your accounts if you lose your phone. Malware on your phone can also potentially read your security codes.

If you upgrade to a different phone, you can reinstall the app but the Symantec VIP credential ID can’t be transferred to your new phone. You’ll have to link a new credential ID to your login.

Buy Hardware Token

Many people don’t know you can actually buy a hardware token for Symantec VIP. The hardware token isn’t connected to the Internet. Malware on your phone can’t read it. You won’t lose it if you lose your phone. You won’t have to change your credential when you upgrade your phone.

Go to the official Symantec VIP website. Click on “Buy Hardware Token” on the top right. The first link “Buy Security Token” sends you to the token sold on Amazon.

A Symantec VIP hardware token costs only $12.50 as I’m writing this. You can register the same token at Fidelity, Schwab, E*Trade, and anywhere else that also uses Symantec VIP.

Register Token with Fidelity

You must call Fidelity customer service to link the serial number of the security token to your login.

Fidelity requires separate tokens for separate logins. Get two tokens if you’re married and both of you have Fidelity accounts.

Yubikey

Vanguard supports Yubikey, which is a hardware key that you plug into a USB port on your computer.

The least expensive Yubikey costs $25 or $29 on the manufacturer’s website, depending on the type of USB port on your computer. You should buy two Yubikeys. The second key serves as a backup in case you lose one.

Add Yubikey to Google Account

If you’d like to use Yubikeys to secure your Google account, enroll in Google’s Advanced Protection Program. Google sells Titan Security Keys but Yubikeys will work for both Google and Vanguard.

Register Yubikey with Vanguard

To register your Yubikeys with Vanguard, click on “Profile & account settings” on the top right after you log in.

Click on the Security tab and then “Security key.”

Repeat the process to add your second key. A married couple can register the same two Yubikeys with Vanguard for their separate logins. This way the two keys can work interchangeably for both logins.

Symantec VIP On Yubikey

For those who are more technically inclined, you can actually put a Symantec VIP credential on a Yubikey. It requires a more expensive version of Yubikey that has two “slots.”

This blog post by engineer Paul Sambolin gives details on putting Symantec VIP on a Yubikey for E*Trade:

Secure E-Trade account with Symantec VIP on Yubikey

After the Symantec VIP credential is put on a Yubikey, it works similarly for Fidelity and Charles Schwab.

This is too much work than it’s worth in my opinion because a Symantec VIP token is both inexpensive and straightforward. Go at it if you enjoy playing with technology.

***

Buying security hardware costs more than using text messages or a mobile app, but the extra security and peace of mind are worth it.

Brokerage firms in general have better support for security hardware because they tend to deal with larger amounts of money. Most banks are still stuck at sending SMS text messages. It’s one reason that I closed my online savings account and favor using a money market fund now.

Learn the Nuts and Bolts I put everything I use to manage my money in a book. My Financial Toolbox guides you to a clear course of action.Read Reviews

The post Security Hardware for Vanguard, Fidelity, and Schwab Accounts appeared first on The Finance Buff.