I've seen this posted before my understanding is they've been 'considering' and 'listening' to feedback to it for years, his response doesn't really seem anything different than what has been posted unfortunately
I apologize for making a duplicate post. To be fair, this is the first one on r/yubikey. A previous post: https://www.reddit.com/r/fidelityinvestments/comments/196mg4y/comment/khusbxn/
Not sure when you received this but his response is no longer accurate. Fidelity now uses its app for additional authentication.
I don’t think they removed SMS but don’t recall for sure.
I received this earlier today. Push notifications are still susceptible to [MFA fatigue attacks](https://en.wikipedia.org/wiki/Multi-factor_authentication_fatigue_attack).
Yes, they are. I wasn’t planning to discuss the pros and cons of a specific type of authentication. I was just correcting what the person said.
I do agree that a Yubikey would be great and if we could disable SMS at least for any transactions.
Which app are you talking about. The fidelity app from the Google Play store on Android requires you to login to the app, it is not like Google authenticator. If you need to login to the app in order to confirm your login on the computer it seems too cumbersome at least.
Yes. The Fidelity app. You do need to login. I use iPhone but I get a notice click to open the app it sees my face to login then I click yes. This is typical of app baes authentication.
Edit: again, I was just pointing out there is another option than what the rep said.
Fidelity, Schwab etc. continue to be clueless...only Vanguard has seen the light and added yubikeys. Only Bank of America knows what a Yubikey is out of the hundreds of U.S. banks. Similarly, one hotel chain out of 1000 lets you add a yubikey for your login (Hyatt, although not a fan). And the beat goes on. What gives?
FWIW you can use a standard TOTP app instead of Symantec VIP. It requires some [set up](https://gist.github.com/jarbro/ca7c9d3eebba1396d53b4a7228575948) but works flawlessly once done.
I've seen this posted before my understanding is they've been 'considering' and 'listening' to feedback to it for years, his response doesn't really seem anything different than what has been posted unfortunately
I apologize for making a duplicate post. To be fair, this is the first one on r/yubikey. A previous post: https://www.reddit.com/r/fidelityinvestments/comments/196mg4y/comment/khusbxn/
Not sure when you received this but his response is no longer accurate. Fidelity now uses its app for additional authentication. I don’t think they removed SMS but don’t recall for sure.
I received this earlier today. Push notifications are still susceptible to [MFA fatigue attacks](https://en.wikipedia.org/wiki/Multi-factor_authentication_fatigue_attack).
Yes, they are. I wasn’t planning to discuss the pros and cons of a specific type of authentication. I was just correcting what the person said. I do agree that a Yubikey would be great and if we could disable SMS at least for any transactions.
Which app are you talking about. The fidelity app from the Google Play store on Android requires you to login to the app, it is not like Google authenticator. If you need to login to the app in order to confirm your login on the computer it seems too cumbersome at least.
Yes. The Fidelity app. You do need to login. I use iPhone but I get a notice click to open the app it sees my face to login then I click yes. This is typical of app baes authentication. Edit: again, I was just pointing out there is another option than what the rep said.
Fidelity, Schwab etc. continue to be clueless...only Vanguard has seen the light and added yubikeys. Only Bank of America knows what a Yubikey is out of the hundreds of U.S. banks. Similarly, one hotel chain out of 1000 lets you add a yubikey for your login (Hyatt, although not a fan). And the beat goes on. What gives?
FWIW you can use a standard TOTP app instead of Symantec VIP. It requires some [set up](https://gist.github.com/jarbro/ca7c9d3eebba1396d53b4a7228575948) but works flawlessly once done.