Fidelity two-factor authentication change?

PointBreeze

Recycles dryer sheets
Joined
Jul 7, 2017
Messages
357
Location
Pittsburgh
All of a sudden this morning, when I logged in using the browser and laptop I always used, the Fidelity website wanted to verify me by sending a push notification to the Fidelity app on my iPad. I have instructed Fidelity to "trust this device" and never do two-factor authentication on my laptop.

So I complied, and checked the box to "never ask me again on this device." Then logged off and tried it again, and it's asking again. Rinse and repeat, no change.

When I went to the security section of my Profile on the site, it shows that I have no trusted devices. Has anyone else had this problem?
 
Have you cleared your PC's cookies recently or changed the settings?
 
Last edited:
Have you cleared your PC's cookies recently or changed the settings?

No, I haven't. I know that's a good thing to do in this situation, but I'm procrastinating doing that, because it messes up the "remember this device" for all the other sites I use the browser for.

I guess I'll bite the bullet...

Thanks!
 
No, I haven't. I know that's a good thing to do in this situation, but I'm procrastinating doing that, because it messes up the "remember this device" for all the other sites I use the browser for.

I guess I'll bite the bullet...

Thanks!
What browser are you using? On Firefox, you can clear cookies and site data for just one domain.
1731598328755.png


1731598339575.png
 
I haven't - but I don't consent to my financial institutions recognizing my devices.
 
Assuming this is intentional, I’d be glad Fidelity is taking security seriously. Most of the information bad guys need to spoof our identities is out in the Dark Web. And there are a lot of bad people out there.
 
I had a similar experience where for months Fidelity wouldn't remember that I chose to remember device (desktop in my case). Then suddenly, the computer got remembered.
 
I have never been able to get Fido to "remember this device" no matter how many times I check that box. It's not THAT big a deal to receive and type in the code, so I have just put up with it.
 
One other thing to try is to check your privacy/tracking settings in Firefox. If you have disabled third party cookies or "tracking cookies", you might try enabling them for the Fidelity domain. Another thing to try in cases like these is disabling any ad blockers (like uBlock Origin) for the domain you're having trouble with.
 
I never use the "trust this device", I want the 2FA each and every time, that's why I signed up for it!
I don't understand the rationale behind not allowing "trust this device". The vast, vast majority of hacking is done remotely, by bad guys sitting in Russia, Nigeria, etc. Not allowing "trust this device" is meant to prevent someone with physical access to your device from logging in to, say, your Fidelity account if they don't also have physical access to your phone (or Yubikey, etc.). It makes no sense to me to have Fidelity not trust the browser I use from my Windows desktop or my Linux laptop, as those devices are under my physical control at all times. If one of those devices happened to be stolen, the bad guy still would have no access to the browser I use to login to Fidelity, because he wouldn't know my device PIN or password. And even if they somehow managed to break into the device and access my browser, Fidelity's security protocols would almost certainly trigger a 2FA due to the change in IP address.

TL ; DR: It is quite safe to enable "trust this device" for websites/apps you access from devices that you have physical control over. Never "trust this device" when using a public or shared computer, tablet, etc. This is the scenario that "trust this device" was designed for.
 
I never use the "trust this device", I want the 2FA each and every time, that's why I signed up for it!
The cookie that gets created when you trust it the first time means doing it more times provides no better security. Someone would have to have that cookie which is not a risk unless you lost your machine somehow.
 
I don't understand the rationale behind not allowing "trust this device". The vast, vast majority of hacking is done remotely, by bad guys sitting in Russia, Nigeria, etc. Not allowing "trust this device" is meant to prevent someone with physical access to your device from logging in to, say, your Fidelity account if they don't also have physical access to your phone (or Yubikey, etc.). It makes no sense to me to have Fidelity not trust the browser I use from my Windows desktop or my Linux laptop, as those devices are under my physical control at all times. If one of those devices happened to be stolen, the bad guy still would have no access to the browser I use to login to Fidelity, because he wouldn't know my device PIN or password. And even if they somehow managed to break into the device and access my browser, Fidelity's security protocols would almost certainly trigger a 2FA due to the change in IP address.

TL ; DR: It is quite safe to enable "trust this device" for websites/apps you access from devices that you have physical control over. Never "trust this device" when using a public or shared computer, tablet, etc. This is the scenario that "trust this device" was designed for.

Honestly how much of a hassle is it? We do all financials on a stand alone Chromebook which is NEVER used for anything except our financial websites. Don't use the trust this device option. We log out of the chromebook after every use. Also have two factor on every important financial/investment site used on the chromebook. How much time does that take, literally almost no time. IMO it's prudent for us to use all the everyday safeguards available to us.
 
No problems logging in just now, and trusted device was recognized as usual.
 
I never use the "trust this device", I want the 2FA each and every time, that's why I signed up for it!
I have two-factor authentication turned on, just not for that browser on that laptop. At least, that is, until this morning.
 
One other thing to try is to check your privacy/tracking settings in Firefox. If you have disabled third party cookies or "tracking cookies", you might try enabling them for the Fidelity domain. Another thing to try in cases like these is disabling any ad blockers (like uBlock Origin) for the domain you're having trouble with.
Thanks, Sojourner! I’ve been using Edge with uBlock Origin for over a year on this laptop, and this is my first problem, but I’ll disable the ad blocker for Fidelity.
 

Latest posts

Back
Top Bottom