Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
Vanguard and Yubikey
Old 09-16-2017, 12:50 PM   #1
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Chuckanut's Avatar
 
Join Date: Aug 2011
Location: West of the Mississippi
Posts: 9,567
Vanguard and Yubikey

So, I was looking at Vanguard's 2FA and noticed it uses a Yubikey device.

Great? Maybe not.

A customer still has to also register for the text msg codes. if the Yubikey is unavailable then they use the text message method.

In my mind this defeats the purpose of the Yubikey which is to eliminate the text msg method entirely since it is less secure than a time based system like the Yubikey or an Authenticator app.

Comments?
__________________

__________________
The worst decisions are usually made in times of anger and impatience.
Chuckanut is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 09-16-2017, 01:24 PM   #2
Administrator
Alan's Avatar
 
Join Date: Jul 2005
Location: Eee ba gum
Posts: 25,025
Yesterday I traded in my iPhone for a new one and while it was relatively painless, simply retrieving the last backup from the iCloud to the new phone then Google Authenticator lost its contents for GMail, LastPass etc and although it was a bit of pain it turned out to be pretty easy to log on using the backup method of logging on with a code being sent to the phone on record. This tells me that a hacker armed with enough knowledge can bypass the authentication device.

The exception was HSBC which uses its own mobile app to generate an authentication code to make transactions to payees or banks that one has not previously set up and made transactions to. Without going into extensive details there was not a simple workaround by simply sending a text message to my phone.

ETA
I don't use Yubikey with Vanguard so don't know the process when losing it.
__________________

__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Enough private pension and SS income to cover all needs
Alan is offline   Reply With Quote
Old 09-16-2017, 02:00 PM   #3
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 9,921
Been pondering 2FA setups the past couple days.

SSA 2FA has a bit of a chicken and egg thing going on too.

SSA has SMS only as 2FA with an option to get in by email as an alternate way.

But, if I lose my phone, I can get in by email. But if I use email as an option, then isn't that self-defeating? Then all some hacker needs is my email and password which is what the SMS text was supposed to prevent in the first place. Unless I'm missing something.
__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is online now   Reply With Quote
Old 09-16-2017, 02:34 PM   #4
Administrator
Alan's Avatar
 
Join Date: Jul 2005
Location: Eee ba gum
Posts: 25,025
Quote:
Originally Posted by easysurfer View Post
Been pondering 2FA setups the past couple days.

SSA 2FA has a bit of a chicken and egg thing going on too.

SSA has SMS only as 2FA with an option to get in by email as an alternate way.

But, if I lose my phone, I can get in by email. But if I use email as an option, then isn't that self-defeating? Then all some hacker needs is my email and password which is what the SMS text was supposed to prevent in the first place. Unless I'm missing something.
I use Gmail with 2FA using Google Authenticator so a hacker attempting to get into my SSA account would also have to get through my 2FA protection on my GMail. But as I just discovered, if I lose my Google Authenticator setup then I can restore it using a text message
__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Enough private pension and SS income to cover all needs
Alan is offline   Reply With Quote
Old 09-16-2017, 02:45 PM   #5
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 9,921
Quote:
Originally Posted by Alan View Post
I use Gmail with 2FA using Google Authenticator so a hacker attempting to get into my SSA account would also have to get through my 2FA protection on my GMail. But as I just discovered, if I lose my Google Authenticator setup then I can restore it using a text message

Really? That's pretty crazy.

On the SSA situation I mentioned, perhaps not that bad if the email verification has to go through the security questions. I may have to test out.
__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is online now   Reply With Quote
Old 09-16-2017, 03:50 PM   #6
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
MRG's Avatar
 
Join Date: Apr 2013
Posts: 8,323
Quote:
Originally Posted by easysurfer View Post
Really? That's pretty crazy.

On the SSA situation I mentioned, perhaps not that bad if the email verification has to go through the security questions. I may have to test out.
I just did this and I do believe you have to go though challenge questions after the 2FA.
MRG is online now   Reply With Quote
Old 09-16-2017, 04:58 PM   #7
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Chuckanut's Avatar
 
Join Date: Aug 2011
Location: West of the Mississippi
Posts: 9,567
Quote:
Originally Posted by Alan View Post
I use Gmail with 2FA using Google Authenticator so a hacker attempting to get into my SSA account would also have to get through my 2FA protection on my GMail. But as I just discovered, if I lose my Google Authenticator setup then I can restore it using a text message
With Google Authentictor you can print a list of one-time only authorization codes. Keep it in a vary safe place, and if you lose the Authenticator App or the device it's on, you have the key to get in and turn off 2FA or, better yet, reset it.
__________________
The worst decisions are usually made in times of anger and impatience.
Chuckanut is offline   Reply With Quote
Old 09-16-2017, 05:42 PM   #8
Administrator
Alan's Avatar
 
Join Date: Jul 2005
Location: Eee ba gum
Posts: 25,025
Quote:
Originally Posted by Chuckanut View Post
With Google Authentictor you can print a list of one-time only authorization codes. Keep it in a vary safe place, and if you lose the Authenticator App or the device it's on, you have the key to get in and turn off 2FA or, better yet, reset it.
I did do this. Problem is the safe place I put the list is back home in England
__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Enough private pension and SS income to cover all needs
Alan is offline   Reply With Quote
Old 09-16-2017, 06:53 PM   #9
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 9,921
Quote:
Originally Posted by MRG View Post
I just did this and I do believe you have to go though challenge questions after the 2FA.
I wanted to test this myself but couldn't. When trying to enable email to receive a code, I didn't even receive a code to do the initial enabling.

Been much longer than the at least two minutes wait. In fact, tried 3 times but no go.

I'll have to give a shot another time. I suppose, at the very least if I lose my phone, I can visit a SSA office .
__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is online now   Reply With Quote
Old 09-16-2017, 07:01 PM   #10
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
MRG's Avatar
 
Join Date: Apr 2013
Posts: 8,323
Quote:
Originally Posted by easysurfer View Post
I wanted to test this myself but couldn't. When trying to enable email to receive a code, I didn't even receive a code to do the initial enabling.

Been much longer than the at least two minutes wait. In fact, tried 3 times but no go.

I'll have to give a shot another time. I suppose, at the very least if I lose my phone, I can visit a SSA office .
I had a helpdesk person on the phone with me, who had just unlocked my account. My email was instant(well almost).

Good luck.
MRG is online now   Reply With Quote
Old 09-16-2017, 08:11 PM   #11
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 9,921
Quote:
Originally Posted by MRG View Post
I had a helpdesk person on the phone with me, who had just unlocked my account. My email was instant(well almost).

Good luck.
Thanks. I went ahead and had some dinner. Just got back on now and see that the emails did arrive (though later than the 10 minutes, so the codes probably were expired). I'll have to try again another time. But not critical as I don't plan on losing my phone anytime soon .
__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is online now   Reply With Quote
Old 09-16-2017, 08:16 PM   #12
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Chuckanut's Avatar
 
Join Date: Aug 2011
Location: West of the Mississippi
Posts: 9,567
Quote:
Originally Posted by Alan View Post
I did do this. Problem is the safe place I put the list is back home in England
Sheesh! MI6 already has the list.

and

The Russians already have the list. Ask them for the codes.
__________________
The worst decisions are usually made in times of anger and impatience.
Chuckanut is offline   Reply With Quote
Old 09-16-2017, 08:19 PM   #13
Administrator
Alan's Avatar
 
Join Date: Jul 2005
Location: Eee ba gum
Posts: 25,025
Quote:
Originally Posted by Chuckanut View Post
Sheesh! MI6 already has the list!
Yes indeed
__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Enough private pension and SS income to cover all needs
Alan is offline   Reply With Quote
Old 09-17-2017, 07:31 AM   #14
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
donheff's Avatar
 
Join Date: Feb 2006
Location: Washington, DC
Posts: 9,527
All of this makes me wonder about SSA. I don't get SS (30+ years as a Fed) so don't pay a lot of attention. But DW will be filing for Medicare this year and SS next. I tried to setup a MySS account for her and was told they can't do it for this SSN. That reminded me that I had the same response when I tried it for myself a few years back (out of curiosity). It turned out that SS checks with the major credit bureaus to verify identity of users signing up for MySS accounts. We have our credit frozen so no go. Unfreezing would be a PITA.

My question to all of you gurus is how important is an online SS account? Can't she just sign up over the phone? Once a direct deposit is set up I can't see much reason for her to keep contacting SS.
__________________
Every man is, or hopes to be, an Idler. -- Samuel Johnson
donheff is online now   Reply With Quote
Old 09-17-2017, 07:46 AM   #15
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 9,921
Quote:
Originally Posted by donheff View Post
All of this makes me wonder about SSA. I don't get SS (30+ years as a Fed) so don't pay a lot of attention. But DW will be filing for Medicare this year and SS next. I tried to setup a MySS account for her and was told they can't do it for this SSN. That reminded me that I had the same response when I tried it for myself a few years back (out of curiosity). It turned out that SS checks with the major credit bureaus to verify identity of users signing up for MySS accounts. We have our credit frozen so no go. Unfreezing would be a PITA.

My question to all of you gurus is how important is an online SS account? Can't she just sign up over the phone? Once a direct deposit is set up I can't see much reason for her to keep contacting SS.
I have a MySS account now mainly to download my SS future estimates. Also, I have an account so no imposter could sign up in my place. Might be more useful as I get older and more SS stuff applies to me. As for the unfreezing, my credit wasn't frozen at the time of signing up. But did do a thaw (unfreeze for a set time, then automatically frozen back) on one credit bureau when signing up for Obamacare. Did that online and was easy, but did cost about $10 in my state.
__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is online now   Reply With Quote
Old 09-17-2017, 07:57 AM   #16
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
donheff's Avatar
 
Join Date: Feb 2006
Location: Washington, DC
Posts: 9,527
Quote:
Originally Posted by easysurfer View Post
I have a MySS account now mainly to download my SS future estimates. Also, I have an account so no imposter could sign up in my place. Might be more useful as I get older and more SS stuff applies to me. As for the unfreezing, my credit wasn't frozen at the time of signing up. But did do a thaw (unfreeze for a set time, then automatically frozen back) on one credit bureau when signing up for Obamacare. Did that online and was easy, but did cost about $10 in my state.
Maybe SSA will tel me what bureau they check. Unfreezing one would be OK, all four would be a PITA.
__________________
Every man is, or hopes to be, an Idler. -- Samuel Johnson
donheff is online now   Reply With Quote
Old 09-17-2017, 08:44 AM   #17
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 9,921
Quote:
Originally Posted by donheff View Post
Maybe SSA will tel me what bureau they check. Unfreezing one would be OK, all four would be a PITA.
Hopefully, they will tell you. As a last resort, you can also visit a SSA office to prove who you are and sign up without having to do any unfreezing. But depending on the place, can be nerve wracking too waiting in line.
__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is online now   Reply With Quote
Old 09-17-2017, 10:29 AM   #18
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Chuckanut's Avatar
 
Join Date: Aug 2011
Location: West of the Mississippi
Posts: 9,567
Quote:
Originally Posted by donheff View Post
It turned out that SS checks with the major credit bureaus to verify identity of users signing up for MySS accounts. We have our credit frozen so no go. Unfreezing would be a PITA.
I don't want to be argumentative, but.... Why is unfreezing an account a PITA? It can be done in 5 minutes as long as you don't lose your Pin. Lose the Pin and it is a PITA, but still not as big a PITA as letting some criminal get control of your MySS account with the Feds.
__________________
The worst decisions are usually made in times of anger and impatience.
Chuckanut is offline   Reply With Quote
Old 09-17-2017, 11:52 AM   #19
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Sunset's Avatar
 
Join Date: Jul 2014
Location: Spending the Kids Inheritance and living in Chicago
Posts: 7,579
Quote:
Originally Posted by Chuckanut View Post
I don't want to be argumentative, but.... Why is unfreezing an account a PITA? It can be done in 5 minutes as long as you don't lose your Pin. Lose the Pin and it is a PITA, but still not as big a PITA as letting some criminal get control of your MySS account with the Feds.
Because in states like IL it costs $10 per credit bureau. So it would be $40.
Sunset is offline   Reply With Quote
Old 09-17-2017, 04:29 PM   #20
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
donheff's Avatar
 
Join Date: Feb 2006
Location: Washington, DC
Posts: 9,527
Quote:
Originally Posted by Chuckanut View Post
I don't want to be argumentative, but.... Why is unfreezing an account a PITA? It can be done in 5 minutes as long as you don't lose your Pin. Lose the Pin and it is a PITA, but still not as big a PITA as letting some criminal get control of your MySS account with the Feds.
Quote:
Originally Posted by Sunset View Post
Because in states like IL it costs $10 per credit bureau. So it would be $40.
And you have to do it for three and now maybe even four credit bureaus. I have done it and it isn't a big deal but it is a Pita and I won't bother unless it makes it a lot easier for DW to file for SS.
__________________

__________________
Every man is, or hopes to be, an Idler. -- Samuel Johnson
donheff is online now   Reply With Quote
Reply

Tags
vanguard yubikey


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
YubiKey and LastPass bizlady FIRE and Money 19 09-16-2017 12:23 PM
All Vanguard or Vanguard AND Fidelity? bizlady FIRE and Money 50 06-25-2011 06:08 PM
Vanguard ETFs - hold with Vanguard Brokerage Services? nerdlet FIRE and Money 9 01-16-2010 05:53 PM
Vanguard Index funds vs. Vanguard ETFs Saver FIRE and Money 8 03-22-2008 01:26 PM

» Quick Links

 
All times are GMT -6. The time now is 09:45 AM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
×