Vanguard - is touch ID less secure?

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
Post Reply
TRC
Posts: 1876
Joined: Sat Dec 20, 2008 5:38 pm

Vanguard - is touch ID less secure?

Post by TRC » Thu Aug 04, 2016 11:29 am

I recently enabled Touch ID authentication from my Iphone into my Vanguard account. It's a really great feature and allows a much more streamlined way of accessing my account. I used to login with my password and the 2 factor authentication (SMS text with passcode). Is the Touch ID authentication method significantly less secure than password with 2 factor?

User avatar
njboater74
Posts: 632
Joined: Mon Apr 25, 2016 8:21 pm

Re: Vanguard - is touch ID less secure?

Post by njboater74 » Thu Aug 04, 2016 11:41 am

I don't see how it would be. Passwords can be guessed, but your fingerprint would be pretty hard to fake.
When the mob and the press and the whole world tell you to move, your job is to plant yourself like a tree beside the river of truth and tell the whole world - 'No, YOU move'--Captain America, Boglehead

User avatar
vinnydabody
Posts: 81
Joined: Sun Oct 18, 2015 7:25 am
Location: Chicagoland

Re: Vanguard - is touch ID less secure?

Post by vinnydabody » Thu Aug 04, 2016 11:42 am

Actually, the NIST is considering not recommending SMS messaging for two-factor identification in the future due to it being insecure.

https://www.schneier.com/blog/archives/ ... _long.html

ilovedogs
Posts: 188
Joined: Thu Sep 27, 2007 8:00 am

Re: Vanguard - is touch ID less secure?

Post by ilovedogs » Thu Aug 04, 2016 11:57 am

I don't know what you said. I was asked a few years ago to use my voice as a password. You can do it from your phone, but they probably have something else for you.

User avatar
jhfenton
Posts: 2945
Joined: Sat Feb 07, 2015 11:17 am
Location: Ohio

Re: Vanguard - is touch ID less secure?

Post by jhfenton » Thu Aug 04, 2016 12:05 pm

The Touch ID on the Vanguard app only allows read access. If you try to do anything that alters reality in any way, you have to authenticate with the password first. To me, that's a nice trade off. 99% of the time I open the app, it's just to look (especially since the app won't let me trade without switching my phone to English instead of its usual French).

(For a limit order, the app has the price/value input field coded as currency, leading iOS to interpret/convert 90.00 to 90,00$ which confuses the app which then interprets as $9000. For mutual funds, the same glitch just results in an error.)

KarenC
Posts: 65
Joined: Mon Apr 27, 2015 7:25 am

Re: Vanguard - is touch ID less secure?

Post by KarenC » Thu Aug 04, 2016 12:18 pm

The Vanguard app doesn't allow me to paste in my password (which is a nice long random sequence) so I never use it.
"How much you know is less important than how clearly you understand where the borders of your ignorance begin." — Jason Zweig

otinkyad
Posts: 160
Joined: Wed Jun 01, 2016 5:35 pm

Re: Vanguard - is touch ID less secure?

Post by otinkyad » Thu Aug 04, 2016 1:10 pm

Yes, it's generally considered less secure, unless you also leave your password on everything you touch and never change it. It's possible to lift fingerprints and use them with Touch ID. Your fingerprint is a user ID, not a password. It's useful for quick access to less secure things.

It's a particularly bad idea for the lock screen. The current state of court rulings seems to be that you cannot be compelled to enter your PIN without a warrant, but you can be compelled to unlock your phone with your fingerprint. Note: IANAL.

User avatar
jhfenton
Posts: 2945
Joined: Sat Feb 07, 2015 11:17 am
Location: Ohio

Re: Vanguard - is touch ID less secure?

Post by jhfenton » Thu Aug 04, 2016 1:12 pm

KarenC wrote:The Vanguard app doesn't allow me to paste in my password (which is a nice long random sequence) so I never use it.
My complaint is that Vanguard limits passwords to 20 characters. I prefer to use *long* but memorable passwords:
Image

soboggled
Posts: 901
Joined: Mon Jun 27, 2016 10:26 am

Re: Vanguard - is touch ID less secure?

Post by soboggled » Thu Aug 04, 2016 1:13 pm

Not a good idea to use your regular phone for finances - too easily lost or stolen.

BW1985
Posts: 1737
Joined: Tue Mar 23, 2010 6:12 pm

Re: Vanguard - is touch ID less secure?

Post by BW1985 » Thu Aug 04, 2016 1:23 pm

soboggled wrote:Not a good idea to use your regular phone for finances - too easily lost or stolen.
Many phones have passcode locks. The FBI couldn't even get into an iPhone they needed Apple's help. I feel pretty good about it.
"Squirrels figured out how to save eons ago. They buried acorns. Some, they dug up, for food. Others, they let to sprout, in new oak trees. We could learn from squirrels." -john94549

soboggled
Posts: 901
Joined: Mon Jun 27, 2016 10:26 am

Re: Vanguard - is touch ID less secure?

Post by soboggled » Thu Aug 04, 2016 1:29 pm

BW1985 wrote:
soboggled wrote:Not a good idea to use your regular phone for finances - too easily lost or stolen.
Many phones have passcode locks. The FBI couldn't even get into an iPhone they needed Apple's help. I feel pretty good about it.
Terrorists were much more careful than most consumers. Worst case, passcodes can be obtained by social engineering; best case, users don't use it or choose simple values. Not a problem if denied physical access, which is the very first rule of security.

BW1985
Posts: 1737
Joined: Tue Mar 23, 2010 6:12 pm

Re: Vanguard - is touch ID less secure?

Post by BW1985 » Thu Aug 04, 2016 1:32 pm

soboggled wrote:
BW1985 wrote:
soboggled wrote:Not a good idea to use your regular phone for finances - too easily lost or stolen.
Many phones have passcode locks. The FBI couldn't even get into an iPhone they needed Apple's help. I feel pretty good about it.
Terrorists were much more careful than most consumers. Worst case, passcodes can be obtained by social engineering; best case, users don't use it or choose simple values.
Please do explain.. I'd like to know how one could figure out the random 5 digit number I chose without going through the billion different combinations- even then the phone locks up after a few wrong attempts.

Why, because they use the passcode lock? It's not only terrorists, a boy died mysteriously in MN and the family wants into his phone to see if there are any clues, many stories like this. They are trying to get laws passed to be able to do so which is obviously a slippery slope.
Last edited by BW1985 on Thu Aug 04, 2016 1:58 pm, edited 1 time in total.
"Squirrels figured out how to save eons ago. They buried acorns. Some, they dug up, for food. Others, they let to sprout, in new oak trees. We could learn from squirrels." -john94549

User avatar
Toons
Posts: 12756
Joined: Fri Nov 21, 2008 10:20 am
Location: Hills of Tennessee

Re: Vanguard - is touch ID less secure?

Post by Toons » Thu Aug 04, 2016 1:38 pm

soboggled wrote:Not a good idea to use your regular phone for finances - too easily lost or stolen.
Phone is pretty much all I use for finances.
Its locked.
Pin/Fingerprint
If lost it gets "wiped"
:mrgreen:
"One does not accumulate but eliminate. It is not daily increase but daily decrease. The height of cultivation always runs to simplicity" –Bruce Lee

Post Reply