Schwab acct. security tool

Discuss all general (i.e. non-personal) investing questions and issues, investing news, and theory.
Post Reply
Topic Author
EvelynTroy
Posts: 564
Joined: Sat Jun 07, 2008 8:35 am

Schwab acct. security tool

Post by EvelynTroy »

I was one that changed to Schwab when the commisson free ETF's at TDA being discontinued notice came out.
Not that I do much trading, but Schwab gave me some very nice perks that I decided to take advantage of.
That said, I'm learning my way about the website - how things are set up etc. Phoned Schwab for a question and something came up about security of website - I asked about two-factor authentication.

Reply - 2FA is in the works, couldn't say when, but its coming. He also asked if I would like have a "security token" - it works just like a YubiKey. Revceived mine in the mail - it works nicely, and provides another layer of security - so easy to use. Only downside I suppose is if you lose it - there is a phone to call if you lose it. The rep said it was free to any account holder, no minimum account values.

Evelyn
mouses
Posts: 4217
Joined: Sat Oct 24, 2015 12:24 am

Re: Schwab acct. security tool

Post by mouses »

I got one of those gizmos, but I haven't activated it yet. I do wonder about how they verify people if it is lost.

Everyone else I deal with seems to be okay with phoning or emailing, customer choice which, for two factor authentication, except Vanguard only phones, which is a nuisance at night.

What perks?
Random Walker
Posts: 5561
Joined: Fri Feb 23, 2007 7:21 pm

Re: Schwab acct. security tool

Post by Random Walker »

I also got one of those gizmos from Schwab but have not activated it. Nice to hear that it is easy to use.

Dave
User avatar
BolderBoy
Posts: 6738
Joined: Wed Apr 07, 2010 12:16 pm
Location: Colorado

Re: Schwab acct. security tool

Post by BolderBoy »

You two bring up a good point. What happens if the 2FA "module" fails. What is the fallback and how quickly is it implemented?

My buddy had 2FA set up with USAA. The other night the 2FA "module" failed and locked him out of his accounts - there was no fallback, no one to call at that hour, nothing - he was simply locked out of his accounts. He told me that Vanguard has an automated fallback in case the 2FA system fails or goes down - regular username/password login. He uses a Yubikey for both places.

Once he could get into his USAA account again he disabled the 2FA.
"Never underestimate one's capacity to overestimate one's abilities" - The Dunning-Kruger Effect
investor997
Posts: 684
Joined: Tue Feb 07, 2017 2:23 pm

Re: Schwab acct. security tool

Post by investor997 »

How does Schwab verify your identity if you lose the 2FA authorization "gadget"?
User avatar
Earl Lemongrab
Posts: 7270
Joined: Tue Jun 10, 2014 1:14 am

Re: Schwab acct. security tool

Post by Earl Lemongrab »

BolderBoy wrote: Sun Nov 19, 2017 11:18 am He told me that Vanguard has an automated fallback in case the 2FA system fails or goes down - regular username/password login.
So where is the security? If the fallback is the old system then I don't see the point. Someone trying to hack the account and had the regular login could just fail the generated PIN then use the old method. I would want a two-factor system to lock out until alternate means of real identity verification were made.
tenkuky
Posts: 2624
Joined: Sun Dec 14, 2014 3:28 pm

Re: Schwab acct. security tool

Post by tenkuky »

Schwab uses Symantec VIP random generator for login with your existing password.
I contacted them and got this (it also works with Fidelity) app on my phone and provided them the credential ID first time.
Easy enough, toggle between the two for a second to get the 6-digit number.
With Schwab you enter it in the same space as password, with Fido, it takes you to a separate page.
If you lose your phone though.... :annoyed
User avatar
samsoes
Posts: 2794
Joined: Tue Mar 05, 2013 8:12 am
Location: Northeast Rat Race

Re: Schwab acct. security tool

Post by samsoes »

Earl Lemongrab wrote: Sun Nov 19, 2017 3:35 pm
BolderBoy wrote: Sun Nov 19, 2017 11:18 am He told me that Vanguard has an automated fallback in case the 2FA system fails or goes down - regular username/password login.
So where is the security? If the fallback is the old system then I don't see the point. Someone trying to hack the account and had the regular login could just fail the generated PIN then use the old method. I would want a two-factor system to lock out until alternate means of real identity verification were made.
Schwab also has voice recognition for phone calls. Whenever you call, when prompted you say, "At Schwab, my voice is my password," and it's verified using technology. In addition to my security fob, the voice recognition for phone calls is a good backup.
"Happiness Is Not My Companion" - Gen. Gouverneur K. Warren. | (Avatar is the statue of Gen. Warren atop Little Round Top @ Gettysburg National Military Park.)
truenorth418
Posts: 637
Joined: Wed Dec 19, 2012 6:38 am

Re: Schwab acct. security tool

Post by truenorth418 »

tenkuky wrote: Sun Nov 19, 2017 5:19 pm Schwab uses Symantec VIP random generator for login with your existing password.
Yup, I did the same a couple of months ago. It works really well. Yes, I have to have my phone handy when I log in so I can access the code, and yes it is an extra step to log into my account, but I appreciate the extra layer of security and until something better comes along this is what I will be using.
diy60
Posts: 967
Joined: Wed Sep 07, 2016 6:54 pm

Re: Schwab acct. security tool

Post by diy60 »

I just wish there was an option to sign to the Symantec VIP mobile app each time it is opened rather than immediately displaying the 30 sec code. I know someone would need to know my account ID & password as well as my phone lock screen password, but I just find it strange there is no password option for the VIP token app.

Also, you should add the Symantec VIP mobile to your spouse's phone (will be a different token ID) if you have linked accounts, otherwise signing on thru the linked accounts bypasses your VIP token.
User avatar
Earl Lemongrab
Posts: 7270
Joined: Tue Jun 10, 2014 1:14 am

Re: Schwab acct. security tool

Post by Earl Lemongrab »

samsoes wrote: Sun Nov 19, 2017 5:23 pm Schwab also has voice recognition for phone calls. Whenever you call, when prompted you say, "At Schwab, my voice is my password," and it's verified using technology. In addition to my security fob, the voice recognition for phone calls is a good backup.
What happens if that fails?
User avatar
samsoes
Posts: 2794
Joined: Tue Mar 05, 2013 8:12 am
Location: Northeast Rat Race

Re: Schwab acct. security tool

Post by samsoes »

Earl Lemongrab wrote: Sun Nov 19, 2017 6:56 pm
samsoes wrote: Sun Nov 19, 2017 5:23 pm Schwab also has voice recognition for phone calls. Whenever you call, when prompted you say, "At Schwab, my voice is my password," and it's verified using technology. In addition to my security fob, the voice recognition for phone calls is a good backup.
What happens if that fails?
If you're worried about multiple levels of failure, I suggest you bury your money in the back yard without telling a soul.
"Happiness Is Not My Companion" - Gen. Gouverneur K. Warren. | (Avatar is the statue of Gen. Warren atop Little Round Top @ Gettysburg National Military Park.)
Topic Author
EvelynTroy
Posts: 564
Joined: Sat Jun 07, 2008 8:35 am

Re: Schwab acct. security tool

Post by EvelynTroy »

As the OP when I read thru all the "what if" scenarios I thought, "and what if your account get compromised." Not a pleasant thought.
When you receive the token there is a two page booklet that answers all the "what if" questions that were noted here plus a couple more.

Also its so straightforward to use, and just adds an extra layer of security -
You enter your loginID as usual followed by your password - then click your token and your receive a 6 digit code you enter that one time passcode behind your normal password and click log in.

They also have it covered if you are travelling, say internationally and don't want to take your token with you - phone Schwab they give you a temporary pass code.

Bottom line to me which was encouraging - Schwab is taking security seriously (not that other brokerage cos. aren't) -ways to multiple layer your security, that are all easy to put in place plus two-factor identification is on the way. I don't see any negatives.
Evelyn
chw
Posts: 1315
Joined: Thu May 24, 2012 4:22 pm

Re: Schwab acct. security tool

Post by chw »

EvelynTroy wrote: Sun Nov 19, 2017 7:35 am I was one that changed to Schwab when the commisson free ETF's at TDA being discontinued notice came out.
Not that I do much trading, but Schwab gave me some very nice perks that I decided to take advantage of.
That said, I'm learning my way about the website - how things are set up etc. Phoned Schwab for a question and something came up about security of website - I asked about two-factor authentication.

Reply - 2FA is in the works, couldn't say when, but its coming. He also asked if I would like have a "security token" - it works just like a YubiKey. Revceived mine in the mail - it works nicely, and provides another layer of security - so easy to use. Only downside I suppose is if you lose it - there is a phone to call if you lose it. The rep said it was free to any account holder, no minimum account values.

Evelyn
I've used the token for a few years with no issues. The few times I needed access to my account and didn't have the token, I simply called in to customer service, and was given a temporary code to login. It's really very simple, and offers an additional layer of security. If I recall, I also signed up for voice printing, which uses your voice to authenticate your account access should you call in.

Generally, Schwab offers you the tools for secure account access, if you choose to utilize them.
User avatar
Earl Lemongrab
Posts: 7270
Joined: Tue Jun 10, 2014 1:14 am

Re: Schwab acct. security tool

Post by Earl Lemongrab »

samsoes wrote: Mon Nov 20, 2017 6:58 am
Earl Lemongrab wrote: Sun Nov 19, 2017 6:56 pm
samsoes wrote: Sun Nov 19, 2017 5:23 pm Schwab also has voice recognition for phone calls. Whenever you call, when prompted you say, "At Schwab, my voice is my password," and it's verified using technology. In addition to my security fob, the voice recognition for phone calls is a good backup.
What happens if that fails?
If you're worried about multiple levels of failure, I suggest you bury your money in the back yard without telling a soul.
Not "failures" but hackers. Obviously they won't pass a voice or security device test. So what happens then? Is the account not accessible, or does go down to another level?
User avatar
samsoes
Posts: 2794
Joined: Tue Mar 05, 2013 8:12 am
Location: Northeast Rat Race

Re: Schwab acct. security tool

Post by samsoes »

Earl Lemongrab wrote: Mon Nov 20, 2017 9:31 am
samsoes wrote: Mon Nov 20, 2017 6:58 am
Earl Lemongrab wrote: Sun Nov 19, 2017 6:56 pm
samsoes wrote: Sun Nov 19, 2017 5:23 pm Schwab also has voice recognition for phone calls. Whenever you call, when prompted you say, "At Schwab, my voice is my password," and it's verified using technology. In addition to my security fob, the voice recognition for phone calls is a good backup.
What happens if that fails?
If you're worried about multiple levels of failure, I suggest you bury your money in the back yard without telling a soul.
Not "failures" but hackers. Obviously they won't pass a voice or security device test. So what happens then? Is the account not accessible, or does go down to another level?
Bury all the $. Keep quiet about it. No worries about hackers.
"Happiness Is Not My Companion" - Gen. Gouverneur K. Warren. | (Avatar is the statue of Gen. Warren atop Little Round Top @ Gettysburg National Military Park.)
User avatar
Earl Lemongrab
Posts: 7270
Joined: Tue Jun 10, 2014 1:14 am

Re: Schwab acct. security tool

Post by Earl Lemongrab »

samsoes wrote: Mon Nov 20, 2017 10:34 am Bury all the $. Keep quiet about it. No worries about hackers.
I don't think you understand the question. What is the fallback for the higher security protocols? I seem to recall, but haven't looked, that if Vanguard's voice verification fails the fallback is security questions. I don't know if that is accurate, or what the typical process is at Schwab or others with voice or two-factor.

I really don't appreciate your only "contributions" to be mocking me. This is not paranoia, but a request for information. I don't use any of these personally.
User avatar
Doc
Posts: 10606
Joined: Sat Feb 24, 2007 12:10 pm
Location: Two left turns from Larry

Re: Schwab acct. security tool

Post by Doc »

I use Quicken to manage my investment data. Data is downloaded directly from the financial firms. Passwords are stored in a password vault in Quicken but one could enter them manually if that is what you want.

Question: Do all of these two factor type procedures defeat Quicken?

Same question for downloading .txf files into Turbotax and other tax software except that each password only has to be entered manually once a year.
A scientist looks for THE answer to a problem, an engineer looks for AN answer and lawyers ONLY have opinions. Investing is not a science.
DetroitRick
Posts: 1479
Joined: Wed Mar 23, 2016 9:28 am
Location: SE Michigan

Re: Schwab acct. security tool

Post by DetroitRick »

Doc wrote: Mon Nov 20, 2017 10:59 am I use Quicken to manage my investment data. Data is downloaded directly from the financial firms. Passwords are stored in a password vault in Quicken but one could enter them manually if that is what you want.

Question: Do all of these two factor type procedures defeat Quicken?

Same question for downloading .txf files into Turbotax and other tax software except that each password only has to be entered manually once a year.
At least for Schwab specifically, that security key does not come into play when downloading via Quicken. Quicken and Schwab communicate via Direct Connect and that connection at Schwab does not use the security token. When I asked a few years ago, they said it was only implemented on the web interface. So, when I sign into Schwab (via web or app), I am prompted to enter the 6-digit numerical code. When I download from Quicken there is no code required. I would be curious whether this is the norm, or just a function of how Schwab specifically executes the token.
User avatar
Doc
Posts: 10606
Joined: Sat Feb 24, 2007 12:10 pm
Location: Two left turns from Larry

Re: Schwab acct. security tool

Post by Doc »

DetroitRick wrote: Mon Nov 20, 2017 11:12 am
Doc wrote: Mon Nov 20, 2017 10:59 am I use Quicken to manage my investment data. Data is downloaded directly from the financial firms. Passwords are stored in a password vault in Quicken but one could enter them manually if that is what you want.

Question: Do all of these two factor type procedures defeat Quicken?

Same question for downloading .txf files into Turbotax and other tax software except that each password only has to be entered manually once a year.
At least for Schwab specifically, that security key does not come into play when downloading via Quicken. Quicken and Schwab communicate via Direct Connect and that connection at Schwab does not use the security token. When I asked a few years ago, they said it was only implemented on the web interface. So, when I sign into Schwab (via web or app), I am prompted to enter the 6-digit numerical code. When I download from Quicken there is no code required. I would be curious whether this is the norm, or just a function of how Schwab specifically executes the token.
Thank's.

FWIW Vanguard and Fidelity also both use Direct Connect. And one of our banks, Direct Correct is used for checking but not credit cards.
A scientist looks for THE answer to a problem, an engineer looks for AN answer and lawyers ONLY have opinions. Investing is not a science.
Stormbringer
Posts: 1207
Joined: Sun Jun 14, 2015 7:07 am

Re: Schwab acct. security tool

Post by Stormbringer »

EvelynTroy wrote: Sun Nov 19, 2017 7:35 am2FA is in the works, couldn't say when, but its coming. He also asked if I would like have a "security token"
A password plus a security token *is* two-factor authentication.

Two factor authentication is, by definition, any two of the following:
  • Something you know (e.g. a password).
  • Something you have (e.g. a specific smart phone or a security token).
  • Something you are (e.g. biometrics such as a fingerprint or retina scan).
Perhaps the customer service representative means the second factor that people seem to like the most -- their smart phone.
“The greatest shortcoming of the human race is our inability to understand the exponential function.” - Albert Allen Bartlett
bhj
Posts: 8
Joined: Sat Mar 05, 2016 9:12 am

Re: Schwab acct. security tool

Post by bhj »

Schwab allows the use of a password/short passphrase instead of voice authentication when calling in to customer service. This password/short passphrase is not the same one used when logging in online.

I was advised by a Schwab representative that, once the password/short passphrase is set up, changing it involves the use of a notary.
2015
Posts: 2906
Joined: Mon Feb 10, 2014 1:32 pm

Re: Schwab acct. security tool

Post by 2015 »

Earl Lemongrab wrote: Mon Nov 20, 2017 10:47 am
samsoes wrote: Mon Nov 20, 2017 10:34 am Bury all the $. Keep quiet about it. No worries about hackers.
I don't think you understand the question. What is the fallback for the higher security protocols? I seem to recall, but haven't looked, that if Vanguard's voice verification fails the fallback is security questions. I don't know if that is accurate, or what the typical process is at Schwab or others with voice or two-factor.

I really don't appreciate your only "contributions" to be mocking me. This is not paranoia, but a request for information. I don't use any of these personally.
I don't know about Schwab, but during a recent time of one of the many latest compromises in internet security, I called VG. The rep confirmed there are several fallback methods, including security questions and questions regarding recent transactions. My Yubikey 2FA for VG, coupled with VG voice verification, coupled with gibberish security questions on all accounts, coupled with a dedicated gmail financial accounts email (while also serving as account reset email destination for all accounts including VG and phone carrier) were all part of hardening my online security this past fall. The dedicated gmail financial accounts email is Yubikey 2FA enabled with no phone number attached (to thwart social engineering) uses printed pass codes and Google authenticator app as second/third fallbacks. I am among the many others who wishes VG would not allow SMS 2FA backup in the event a security key fails.
Post Reply