New Vanguard Mobile Security feature

[Earl E Retyre]

I am just curious if anyone has signed up for the new Vanguard security mobile feature ... looks like you can set it up so that whenever someone logs on to your Vanguard account from a device that they do not recognize that it sends a code to your mobile phone that must be entered. Thoughts on if this is good idea for additional security? Does it work well?

 

[M Paquette]

Yes, this is a good idea.

It's called two-factor authentication. Something you know (password) and something you have (cellphone). I have this turned on everywhere I can.

Vanguard has the option of only sending a new code to the phone if they don't recognize the computer. The computer, once it has been used once for login, will retain a 'cookie' set by Vanguard that tells them they have seen the computer (really, the web browser on that computer) in association with that user account before.

This is like their old system that limited access to an account from only one computer, with the mobile passcode to authenticate a new computer, rather than calling Customer Service when you got locked out due to a lost cookie on a browser update.

 

[fritz]

Yes, this is a good idea.

It's called two-factor authentication. Something you know (password) and something you have (cellphone). I have this turned on everywhere I can.

Vanguard has the option of only sending a new code to the phone if they don't recognize the computer. The computer, once it has been used once for login, will retain a 'cookie' set by Vanguard that tells them they have seen the computer (really, the web browser on that computer) in association with that user account before.

This is like their old system that limited access to an account from only one computer, with the mobile passcode to authenticate a new computer, rather than calling Customer Service when you got locked out due to a lost cookie on a browser update.

+1 Whats not to like. I have our firefox browser set to wipe all cookies/history upon exit - asks every time, but good security feature.

 

[Alan]

I am just curious if anyone has signed up for the new Vanguard security mobile feature ... looks like you can set it up so that whenever someone logs on to your Vanguard account from a device that they do not recognize that it sends a code to your mobile phone that must be entered. Thoughts on if this is good idea for additional security? Does it work well?

I signed for this as soon I was aware of it, and it works well.

 

[MRG]

What happens if you drop your cell in the sink? I'm sure there's a workaround?

Sent from my SAMSUNG-SGH-I337 using Early Retirement Forum mobile app

 

[M Paquette]

What happens if you drop your cell in the sink? I'm sure there's a workaround?

Pop out the SIM card, wipe it dry, and pop it in one of the old spare flip phones. You know, the ones in the back of the bottom drawer.

You can set the account to require a texted passcode via the phone for every login, or only when it sees a device without the saved cookie, so this might not be immediate doom for you.

If you don't have a spare phone or otherwise cannot reactivate the cellular number, you will have to call up Vanguard and convince them that you are you, just like the old system where you could lock your login to only a single computer.

 

[donheff]

I set it to txt unrecognized devices. Texting every time you login is a lot more secure but too much of a PITA for me to go for it now. If I start hearing about breaches I will opt in to the higher level.

 

[fritz]

What happens if you drop your cell in the sink? I'm sure there's a workaround?

Sent from my SAMSUNG-SGH-I337 using Early Retirement Forum mobile app

We use Google Voice to ring through to our cell phone(s). Have Google Voice set up to email/transcribe all calls, and also to go to Google Chat (your Gmail account). Messages/Texts will show up in Google Voice and Gmail account. If we were to not have/lose cell phone access, just have to have Google Voice open in a separate browser tab, and it will immediately show up there with the code as well (will always go to Google Voice and Gmail). I've used this approach numerous times, it it works well...

FYI - Also use Google Voice app (Google Play Store) to mask our true cell phone number(s) on outgoing calls. It displays our Google voice number to the place/person we're calling instead of our actual cell phone number(s). Eliminates losing your actual cell phone number(s) forever to marketing/spam callers. Google Voice allows you to permanently block all those calls (will automatically indicate "not in service" and hang up in the future). Set up Google Voice "contacts" to ring directly through to cell phone(s), and all unknown callers set up for call screening (have to state their name). This stops all those annoying marketing/scam calls dead in their tracks (hardly ever does a scammer/marketer/autodialer get through the process - and you can reject the call then).

 

[Alan]

I set it to txt unrecognized devices. Texting every time you login is a lot more secure but too much of a PITA for me to go for it now. If I start hearing about breaches I will opt in to the higher level.

+1

I so rarely use a different device or clear out cookies that I rarely have to do the text message thing.

As mentioned above, if you lose or break your phone you can log on from a recognized device and change the option back to no text message needed.

 

[MRG]

Thanks sounds like several options for recovery. That was my only concern, stupidly locking myself out.

Sent from my SAMSUNG-SGH-I337 using Early Retirement Forum mobile app

 

[mpeirce]

Vanguard mentions that this feature blocks access to services like Mint.com

Should I use this service if I've registered with a data aggregation service?

You may experience issues using financial aggregation tools such as Mint.com, CashEdge, or Yodlee if you sign up to receive security codes. You may not be able to view your accounts through these tools. Also, you may receive a security code when the aggregation tool attempts to log on to your accounts.

Maybe in the future they'll specifically support these services while still supporting this extra level of security.

 

[ExFlyBoy5]

We use Google Voice to ring through to our cell phone(s). Have Google Voice set up to email/transcribe all calls, and also to go to Google Chat (your Gmail account). Messages/Texts will show up in Google Voice and Gmail account. If we were to not have/lose cell phone access, just have to have Google Voice open in a separate browser tab, and it will immediately show up there with the code as well (will always go to Google Voice and Gmail). I've used this approach numerous times, it it works well...

+1 for this. It works well...unless of course you use two tier authentication for your Google account...then it can get fishy if you don't have access to your phone. I have had to recover a Google password where I had *no* way to have them send it to a "recognized" email or phone #. When this happened, they go through a multi-layered series of questions; dates, locations, contacts, etc. and once they establish enough parameters to determine you are legit, it will let you in. I was truly amazed at how well it worked. The beauty of the two tier system is that I can have a simple password and not some hokey thing I can't remember.

 

[stephenson]

I didn't know this function was widely available, yet ... so, I signed up with Vanguard and started working down list with other funds companies .... some are not yet capable, so when I found they weren't i asked when there were going to be.

 

[Lsbcal]

+1

I so rarely use a different device or clear out cookies that I rarely have to do the text message thing.

As mentioned above, if you lose or break your phone you can log on from a recognized device and change the option back to no text message needed.

...or just call them up I imagine. BTW, I have a security password for when I call in. I think this is optional but I've had it for years.