Which online brokers have 2 factor authentication?

Archived From: Finance
  • Page :
  • 1
  • Text Only
Voting History
rated:
I know TD Ameritrade does not, they use the old system where they ask you personal questions. Any recs on brokers who are more up to date with their security?

Member Summary
Staff Summary
  • Also categorized in:
Thanks for visiting FatWallet.com. Join for free to remove this ad.

Vanguard does.

IB does. Either smartphone app to generate the key or a credit card form factor code generator. No useless "security questions" whatsoever defined or requirements to change password at intervals. Smartphone App supports read only login ( no need to enter pw/key to just view account, just reopen app. To trade must enter password and use security device).

When my security device was replaced a few months ago though, they told me they were only issuing physical electronic security devices for $1M accounts now. Not sure if that's really the case, though. (They sent me one anyway when i asked).

Not a traditional broker but I also use Wealthfront in addition to TD Ameritrade. They have 2FA. On TD Ameritrade my security question answers come from a password generator. If I ever have to speak the answer to someone, let alone a call center person in India, I'm screwed.

Fidelity does but they do not advertise it (last I checked which was long time ago). I have a Symantec "VIP Access" app on my phone that generates code every minute. This is real 2FA (token), not text-message bullshit.

Edit: Found this cool web page - https://twofactorauth.org/

You can also opt out of two factor for trading but still have it for account management and withdrawals at IB.

Powza said:   Fidelity does but they do not advertise it (last I checked which was long time ago). I have a Symantec "VIP Access" app on my phone that generates code every minute. This is real 2FA (token), not text-message bullshit.

Edit: Found this cool web page - https://twofactorauth.org/

"Text-message bullshit" is legitimate 2FA.

The two factors being something you know (your password) and something you have (your phone).

Chargum85 said:   Powza said:   Fidelity does but they do not advertise it (last I checked which was long time ago). I have a Symantec "VIP Access" app on my phone that generates code every minute. This is real 2FA (token), not text-message bullshit.

Edit: Found this cool web page - https://twofactorauth.org/

"Text-message bullshit" is legitimate 2FA.

The two factors being something you know (your password) and something you have (your phone).

Loopholes being gsm SIM card cloning(meaning having the phone in possession is not really a requirement), text messages aren't encrypted and several entities can intercept them, and the more realistic threat that many companies allow password resets based solely on a text message (so, someone gains access to phone temporarily, they can go look at your text message history then go to those websites and reset the passwords). If they allow a password reset based on the text message, then it's down to 1 factor - just possession of the phone.

Didn't we just had another thread on this? It's always better to enabled 2FA then not and no 2FA, including a separate dongle can stop a determined group from gaining access to your account.

Also, Vanguard have something new, call voice authentication. I have it enabled but don't have all the detail on it.

Bend3r said:   
Chargum85 said:   
Powza said:   Fidelity does but they do not advertise it (last I checked which was long time ago). I have a Symantec "VIP Access" app on my phone that generates code every minute. This is real 2FA (token), not text-message bullshit.

Edit: Found this cool web page - https://twofactorauth.org/

"Text-message bullshit" is legitimate 2FA.

The two factors being something you know (your password) and something you have (your phone).

Loopholes being gsm SIM card cloning(meaning having the phone in possession is not really a requirement), text messages aren't encrypted and several entities can intercept them, and the more realistic threat that many companies allow password resets based solely on a text message (so, someone gains access to phone temporarily, they can go look at your text message history then go to those websites and reset the passwords). If they allow a password reset based on the text message, then it's down to 1 factor - just possession of the phone.

  You forgot porting the phone and the text-message code is frequently displayed on iPhone lock screens.

Chargum85 said:   
Powza said:   Fidelity does but they do not advertise it (last I checked which was long time ago). I have a Symantec "VIP Access" app on my phone that generates code every minute. This is real 2FA (token), not text-message bullshit.

Edit: Found this cool web page - https://twofactorauth.org/

"Text-message bullshit" is legitimate 2FA.

The two factors being something you know (your password) and something you have (your phone).

Text message is not something you have. If you think otherwise you are naive.

Your physical phone (the device) *is* something you have but receiving text message on this device does not equal to something you have (the possession factor).
Text message authentication is nothing more than additional out-of-band authentication over insecure channel. Better than just password but doesn't add a whole lot of security.

E*Trade also have the physical security device.

Separately, don't you guys have VPN on your cells? Or does that not stop hackers decrypting the transmissions?



Disclaimer: By providing links to other sites, FatWallet.com does not guarantee, approve or endorse the information or products available at these sites, nor does a link indicate any association with or endorsement by the linked site to FatWallet.com.

Thanks for visiting FatWallet.com. Join for free to remove this ad.

While FatWallet makes every effort to post correct information, offers are subject to change without notice.
Some exclusions may apply based upon merchant policies.
© 1999-2017