Schwab acct. security tool
-
- Posts: 564
- Joined: Sat Jun 07, 2008 8:35 am
Schwab acct. security tool
I was one that changed to Schwab when the commisson free ETF's at TDA being discontinued notice came out.
Not that I do much trading, but Schwab gave me some very nice perks that I decided to take advantage of.
That said, I'm learning my way about the website - how things are set up etc. Phoned Schwab for a question and something came up about security of website - I asked about two-factor authentication.
Reply - 2FA is in the works, couldn't say when, but its coming. He also asked if I would like have a "security token" - it works just like a YubiKey. Revceived mine in the mail - it works nicely, and provides another layer of security - so easy to use. Only downside I suppose is if you lose it - there is a phone to call if you lose it. The rep said it was free to any account holder, no minimum account values.
Evelyn
Not that I do much trading, but Schwab gave me some very nice perks that I decided to take advantage of.
That said, I'm learning my way about the website - how things are set up etc. Phoned Schwab for a question and something came up about security of website - I asked about two-factor authentication.
Reply - 2FA is in the works, couldn't say when, but its coming. He also asked if I would like have a "security token" - it works just like a YubiKey. Revceived mine in the mail - it works nicely, and provides another layer of security - so easy to use. Only downside I suppose is if you lose it - there is a phone to call if you lose it. The rep said it was free to any account holder, no minimum account values.
Evelyn
Re: Schwab acct. security tool
I got one of those gizmos, but I haven't activated it yet. I do wonder about how they verify people if it is lost.
Everyone else I deal with seems to be okay with phoning or emailing, customer choice which, for two factor authentication, except Vanguard only phones, which is a nuisance at night.
What perks?
Everyone else I deal with seems to be okay with phoning or emailing, customer choice which, for two factor authentication, except Vanguard only phones, which is a nuisance at night.
What perks?
-
- Posts: 5561
- Joined: Fri Feb 23, 2007 7:21 pm
Re: Schwab acct. security tool
I also got one of those gizmos from Schwab but have not activated it. Nice to hear that it is easy to use.
Dave
Dave
Re: Schwab acct. security tool
You two bring up a good point. What happens if the 2FA "module" fails. What is the fallback and how quickly is it implemented?
My buddy had 2FA set up with USAA. The other night the 2FA "module" failed and locked him out of his accounts - there was no fallback, no one to call at that hour, nothing - he was simply locked out of his accounts. He told me that Vanguard has an automated fallback in case the 2FA system fails or goes down - regular username/password login. He uses a Yubikey for both places.
Once he could get into his USAA account again he disabled the 2FA.
My buddy had 2FA set up with USAA. The other night the 2FA "module" failed and locked him out of his accounts - there was no fallback, no one to call at that hour, nothing - he was simply locked out of his accounts. He told me that Vanguard has an automated fallback in case the 2FA system fails or goes down - regular username/password login. He uses a Yubikey for both places.
Once he could get into his USAA account again he disabled the 2FA.
"Never underestimate one's capacity to overestimate one's abilities" - The Dunning-Kruger Effect
-
- Posts: 684
- Joined: Tue Feb 07, 2017 2:23 pm
Re: Schwab acct. security tool
How does Schwab verify your identity if you lose the 2FA authorization "gadget"?
- Earl Lemongrab
- Posts: 7270
- Joined: Tue Jun 10, 2014 1:14 am
Re: Schwab acct. security tool
So where is the security? If the fallback is the old system then I don't see the point. Someone trying to hack the account and had the regular login could just fail the generated PIN then use the old method. I would want a two-factor system to lock out until alternate means of real identity verification were made.
Re: Schwab acct. security tool
Schwab uses Symantec VIP random generator for login with your existing password.
I contacted them and got this (it also works with Fidelity) app on my phone and provided them the credential ID first time.
Easy enough, toggle between the two for a second to get the 6-digit number.
With Schwab you enter it in the same space as password, with Fido, it takes you to a separate page.
If you lose your phone though....
I contacted them and got this (it also works with Fidelity) app on my phone and provided them the credential ID first time.
Easy enough, toggle between the two for a second to get the 6-digit number.
With Schwab you enter it in the same space as password, with Fido, it takes you to a separate page.
If you lose your phone though....
Re: Schwab acct. security tool
Schwab also has voice recognition for phone calls. Whenever you call, when prompted you say, "At Schwab, my voice is my password," and it's verified using technology. In addition to my security fob, the voice recognition for phone calls is a good backup.Earl Lemongrab wrote: ↑Sun Nov 19, 2017 3:35 pmSo where is the security? If the fallback is the old system then I don't see the point. Someone trying to hack the account and had the regular login could just fail the generated PIN then use the old method. I would want a two-factor system to lock out until alternate means of real identity verification were made.
"Happiness Is Not My Companion" - Gen. Gouverneur K. Warren. |
(Avatar is the statue of Gen. Warren atop Little Round Top @ Gettysburg National Military Park.)
-
- Posts: 637
- Joined: Wed Dec 19, 2012 6:38 am
Re: Schwab acct. security tool
Yup, I did the same a couple of months ago. It works really well. Yes, I have to have my phone handy when I log in so I can access the code, and yes it is an extra step to log into my account, but I appreciate the extra layer of security and until something better comes along this is what I will be using.
Re: Schwab acct. security tool
I just wish there was an option to sign to the Symantec VIP mobile app each time it is opened rather than immediately displaying the 30 sec code. I know someone would need to know my account ID & password as well as my phone lock screen password, but I just find it strange there is no password option for the VIP token app.
Also, you should add the Symantec VIP mobile to your spouse's phone (will be a different token ID) if you have linked accounts, otherwise signing on thru the linked accounts bypasses your VIP token.
Also, you should add the Symantec VIP mobile to your spouse's phone (will be a different token ID) if you have linked accounts, otherwise signing on thru the linked accounts bypasses your VIP token.
- Earl Lemongrab
- Posts: 7270
- Joined: Tue Jun 10, 2014 1:14 am
Re: Schwab acct. security tool
What happens if that fails?
Re: Schwab acct. security tool
If you're worried about multiple levels of failure, I suggest you bury your money in the back yard without telling a soul.
"Happiness Is Not My Companion" - Gen. Gouverneur K. Warren. |
(Avatar is the statue of Gen. Warren atop Little Round Top @ Gettysburg National Military Park.)
-
- Posts: 564
- Joined: Sat Jun 07, 2008 8:35 am
Re: Schwab acct. security tool
As the OP when I read thru all the "what if" scenarios I thought, "and what if your account get compromised." Not a pleasant thought.
When you receive the token there is a two page booklet that answers all the "what if" questions that were noted here plus a couple more.
Also its so straightforward to use, and just adds an extra layer of security -
You enter your loginID as usual followed by your password - then click your token and your receive a 6 digit code you enter that one time passcode behind your normal password and click log in.
They also have it covered if you are travelling, say internationally and don't want to take your token with you - phone Schwab they give you a temporary pass code.
Bottom line to me which was encouraging - Schwab is taking security seriously (not that other brokerage cos. aren't) -ways to multiple layer your security, that are all easy to put in place plus two-factor identification is on the way. I don't see any negatives.
Evelyn
When you receive the token there is a two page booklet that answers all the "what if" questions that were noted here plus a couple more.
Also its so straightforward to use, and just adds an extra layer of security -
You enter your loginID as usual followed by your password - then click your token and your receive a 6 digit code you enter that one time passcode behind your normal password and click log in.
They also have it covered if you are travelling, say internationally and don't want to take your token with you - phone Schwab they give you a temporary pass code.
Bottom line to me which was encouraging - Schwab is taking security seriously (not that other brokerage cos. aren't) -ways to multiple layer your security, that are all easy to put in place plus two-factor identification is on the way. I don't see any negatives.
Evelyn
Re: Schwab acct. security tool
I've used the token for a few years with no issues. The few times I needed access to my account and didn't have the token, I simply called in to customer service, and was given a temporary code to login. It's really very simple, and offers an additional layer of security. If I recall, I also signed up for voice printing, which uses your voice to authenticate your account access should you call in.EvelynTroy wrote: ↑Sun Nov 19, 2017 7:35 am I was one that changed to Schwab when the commisson free ETF's at TDA being discontinued notice came out.
Not that I do much trading, but Schwab gave me some very nice perks that I decided to take advantage of.
That said, I'm learning my way about the website - how things are set up etc. Phoned Schwab for a question and something came up about security of website - I asked about two-factor authentication.
Reply - 2FA is in the works, couldn't say when, but its coming. He also asked if I would like have a "security token" - it works just like a YubiKey. Revceived mine in the mail - it works nicely, and provides another layer of security - so easy to use. Only downside I suppose is if you lose it - there is a phone to call if you lose it. The rep said it was free to any account holder, no minimum account values.
Evelyn
Generally, Schwab offers you the tools for secure account access, if you choose to utilize them.
- Earl Lemongrab
- Posts: 7270
- Joined: Tue Jun 10, 2014 1:14 am
Re: Schwab acct. security tool
Not "failures" but hackers. Obviously they won't pass a voice or security device test. So what happens then? Is the account not accessible, or does go down to another level?samsoes wrote: ↑Mon Nov 20, 2017 6:58 amIf you're worried about multiple levels of failure, I suggest you bury your money in the back yard without telling a soul.
Re: Schwab acct. security tool
Bury all the $. Keep quiet about it. No worries about hackers.Earl Lemongrab wrote: ↑Mon Nov 20, 2017 9:31 amNot "failures" but hackers. Obviously they won't pass a voice or security device test. So what happens then? Is the account not accessible, or does go down to another level?samsoes wrote: ↑Mon Nov 20, 2017 6:58 amIf you're worried about multiple levels of failure, I suggest you bury your money in the back yard without telling a soul.
"Happiness Is Not My Companion" - Gen. Gouverneur K. Warren. |
(Avatar is the statue of Gen. Warren atop Little Round Top @ Gettysburg National Military Park.)
- Earl Lemongrab
- Posts: 7270
- Joined: Tue Jun 10, 2014 1:14 am
Re: Schwab acct. security tool
I don't think you understand the question. What is the fallback for the higher security protocols? I seem to recall, but haven't looked, that if Vanguard's voice verification fails the fallback is security questions. I don't know if that is accurate, or what the typical process is at Schwab or others with voice or two-factor.
I really don't appreciate your only "contributions" to be mocking me. This is not paranoia, but a request for information. I don't use any of these personally.
Re: Schwab acct. security tool
I use Quicken to manage my investment data. Data is downloaded directly from the financial firms. Passwords are stored in a password vault in Quicken but one could enter them manually if that is what you want.
Question: Do all of these two factor type procedures defeat Quicken?
Same question for downloading .txf files into Turbotax and other tax software except that each password only has to be entered manually once a year.
Question: Do all of these two factor type procedures defeat Quicken?
Same question for downloading .txf files into Turbotax and other tax software except that each password only has to be entered manually once a year.
A scientist looks for THE answer to a problem, an engineer looks for AN answer and lawyers ONLY have opinions. Investing is not a science.
-
- Posts: 1479
- Joined: Wed Mar 23, 2016 9:28 am
- Location: SE Michigan
Re: Schwab acct. security tool
At least for Schwab specifically, that security key does not come into play when downloading via Quicken. Quicken and Schwab communicate via Direct Connect and that connection at Schwab does not use the security token. When I asked a few years ago, they said it was only implemented on the web interface. So, when I sign into Schwab (via web or app), I am prompted to enter the 6-digit numerical code. When I download from Quicken there is no code required. I would be curious whether this is the norm, or just a function of how Schwab specifically executes the token.Doc wrote: ↑Mon Nov 20, 2017 10:59 am I use Quicken to manage my investment data. Data is downloaded directly from the financial firms. Passwords are stored in a password vault in Quicken but one could enter them manually if that is what you want.
Question: Do all of these two factor type procedures defeat Quicken?
Same question for downloading .txf files into Turbotax and other tax software except that each password only has to be entered manually once a year.
Re: Schwab acct. security tool
Thank's.DetroitRick wrote: ↑Mon Nov 20, 2017 11:12 amAt least for Schwab specifically, that security key does not come into play when downloading via Quicken. Quicken and Schwab communicate via Direct Connect and that connection at Schwab does not use the security token. When I asked a few years ago, they said it was only implemented on the web interface. So, when I sign into Schwab (via web or app), I am prompted to enter the 6-digit numerical code. When I download from Quicken there is no code required. I would be curious whether this is the norm, or just a function of how Schwab specifically executes the token.Doc wrote: ↑Mon Nov 20, 2017 10:59 am I use Quicken to manage my investment data. Data is downloaded directly from the financial firms. Passwords are stored in a password vault in Quicken but one could enter them manually if that is what you want.
Question: Do all of these two factor type procedures defeat Quicken?
Same question for downloading .txf files into Turbotax and other tax software except that each password only has to be entered manually once a year.
FWIW Vanguard and Fidelity also both use Direct Connect. And one of our banks, Direct Correct is used for checking but not credit cards.
A scientist looks for THE answer to a problem, an engineer looks for AN answer and lawyers ONLY have opinions. Investing is not a science.
-
- Posts: 1207
- Joined: Sun Jun 14, 2015 7:07 am
Re: Schwab acct. security tool
A password plus a security token *is* two-factor authentication.EvelynTroy wrote: ↑Sun Nov 19, 2017 7:35 am2FA is in the works, couldn't say when, but its coming. He also asked if I would like have a "security token"
Two factor authentication is, by definition, any two of the following:
- Something you know (e.g. a password).
- Something you have (e.g. a specific smart phone or a security token).
- Something you are (e.g. biometrics such as a fingerprint or retina scan).
“The greatest shortcoming of the human race is our inability to understand the exponential function.” - Albert Allen Bartlett
Re: Schwab acct. security tool
Schwab allows the use of a password/short passphrase instead of voice authentication when calling in to customer service. This password/short passphrase is not the same one used when logging in online.
I was advised by a Schwab representative that, once the password/short passphrase is set up, changing it involves the use of a notary.
I was advised by a Schwab representative that, once the password/short passphrase is set up, changing it involves the use of a notary.
Re: Schwab acct. security tool
I don't know about Schwab, but during a recent time of one of the many latest compromises in internet security, I called VG. The rep confirmed there are several fallback methods, including security questions and questions regarding recent transactions. My Yubikey 2FA for VG, coupled with VG voice verification, coupled with gibberish security questions on all accounts, coupled with a dedicated gmail financial accounts email (while also serving as account reset email destination for all accounts including VG and phone carrier) were all part of hardening my online security this past fall. The dedicated gmail financial accounts email is Yubikey 2FA enabled with no phone number attached (to thwart social engineering) uses printed pass codes and Google authenticator app as second/third fallbacks. I am among the many others who wishes VG would not allow SMS 2FA backup in the event a security key fails.Earl Lemongrab wrote: ↑Mon Nov 20, 2017 10:47 amI don't think you understand the question. What is the fallback for the higher security protocols? I seem to recall, but haven't looked, that if Vanguard's voice verification fails the fallback is security questions. I don't know if that is accurate, or what the typical process is at Schwab or others with voice or two-factor.
I really don't appreciate your only "contributions" to be mocking me. This is not paranoia, but a request for information. I don't use any of these personally.