I've paid a lot of attention to password security. Then just remembered the old call-in password to Vanguard (enhanced security password) I set up years ago. It is vulnerable in maybe two ways: (1) the rep can see it which is really a no-no for password security, (2) to be memorable it is usually short and easy to say to the rep.
So I've changed over to the voice verification which is somewhat like a voice fingerprint. It was easy to set up by just calling up the rep. I think it is best to use a clear landline phone when setting it up. I tried it afterwords on two phones and it worked nicely. You do not need to remember the pass phrase as they prompt you with the phrase during the call-in.
Anyway, thought I would pass this on to others who might be behind the times like I was. Here are two links from VG on this: