Fidelity just added the ability to use any Authenticator app with standard TOTP multi-factor support. TOTP stands for Time-based One-Time Password. This includes Google Authenticator, Microsoft Authenticator, Duo, and 1Password. Previously, you were limited to the non-standard Symantic VIP app. This was announced on the Fidelity subreddit from an official moderator.
I’m not a security expert, but view this is a positive development since Authenticator apps are considered a better form of multi-factor authentication (MFA) than SMS text messages, as your text messages can be intercepted within the mobile networks via “SIM swap” or other method. (This why you should also add a password to your cellular provider to authorize any porting, and a SIM PIN (iPhone) or SIM Lock (Android) on your actual phone.) Authenticator apps are more securely linked a specific device as the number resets every 30 seconds and doesn’t travel over the internet or any other network (unless your phone is hacked with malware). Directions:
Here’s how to enroll an authenticator app through the Fidelity mobile app:
Open the Fidelity mobile app and select the Profile icon.
Select General settings and then Authenticator app.
Toggle Authenticator app on.
Copy the secret key.
Follow your authenticator app’s instructions to connect it to your Fidelity account using the secret key.
Go back to the Fidelity mobile app and select Next. Paste in the 6-digit code from the authenticator app to complete the enrollment.
Once you’re enrolled, you’ll get an authenticator-app challenge at any Fidelity login unless you already indicated that your device is a trusted one.
You must first enable the Authenticator option via your Fidelity app on smartphone. (Enrollment on desktop is coming.) After that, you can use Authenticator apps on your desktop browser logins as well. If you had Symantec VIP enabled previously, enabling the Authenticator option will automatically deactivate the Symantec VIP and use your designated Authenticator app instead.
The gold standard of MFA remains a physical device like a YubiKey, but that is more expensive and less convenient. As of this writing (August 2024), Fidelity does not officially support any third-party hardware authentication devices like Yubikey.
A brief MFA definition from PC World:
What Is Multi-Factor Authentication?
As the name implies, MFA means you use more than one type of authentication to unlock an online account or app. Usually, the first factor is your password. MFA means you add another factor in addition to that password. Experts classify authentication factors into three groups:Something you know (a password, for example).
Something you have (a physical object).
Something you are (a fingerprint or other biometric trait).
When you use an authenticator app, you bolster the password you know with your token, smartphone, or smartwatch.
As a side note, Vanguard does not support standard Authenticator apps, but it does support FIDO2-certified physical security keys like Yubikey. Most newer Android phones can also be set up as a FIDO2 key. Vanguard has also starting using their smartphone app as another factor.
thank you for this post. —— mymoneyblog , 8.19.2024 , monday.
###