Urge Vanguard to support better two-factor authentication

Have a question about your personal investments? No matter how simple or complex, you can ask it here.
Post Reply
Posts: 6
Joined: Mon Oct 17, 2016 7:28 pm

Urge Vanguard to support better two-factor authentication

Post by stereophonics » Wed Oct 04, 2017 2:17 pm

I recently filled out an online survey from Vanguard. One question asked about suggestions for improvement and, in the free response test box, I requested they implement a mobile two-factor authentication protocol (such as Google Authenticator/Authy, Duo Mobile, or others) that is more secure than SMS texts (and more convenient than the Yubikey hardware token). Lo and behold, I received a phone call from a Vanguard customer service rep about my concerns yesterday. He offered to escalate them to their internal Voice of the Customer issue tracker. He said that in response to the Equifax breach, Vanguard management is on heightened alert with respect to security, and therefore suspected that someone would evaluate two-factor authentication options should there be enough concern from clients.

For those who also desire better two-factor authentication, now appears to be an opportune time to contact Vanguard.

P.S. SMS is insecure because attackers can (a) steal your phone number or (b) silently intercept your texts.

User avatar
Posts: 827
Joined: Fri Aug 15, 2014 4:55 pm

Re: Urge Vanguard to support better two-factor authentication

Post by walletless » Wed Oct 04, 2017 2:38 pm

+1 for supporting known auth protocols that tie into Google Authenticator, Microsoft Authenticator, Authy, etc.
.... as long as they do not back it up with phone/sms login like they did with yubikey!

Also, these protocols are still vulnerable to phishing, so they need to implement how many times someone can try to enter OTP before the account is locked.

I do not have an assigned rep with Vanguard - how can I file such a request?

Starting From Scratch
Posts: 29
Joined: Sun Jul 26, 2009 7:03 am

Re: Urge Vanguard to support better two-factor authentication

Post by Starting From Scratch » Thu Oct 05, 2017 7:57 am

This is very important and urge everyone to reach out to Vanguard to improve 2FA, moving away from SMS text and implementing 2FA via Time-based One-time Password Algorithm (TOTP) and HMAC-based One-time Password Algorithm (HOTP) with Google Authenticator or any other authenticator of your choice.

I know Yubikey is an option however, it requires keeping up with one additional item vs authenticator app already on the phone.

Make your voices heard please.

Posts: 84
Joined: Sat Apr 11, 2015 1:15 pm

Re: Urge Vanguard to support better two-factor authentication

Post by CRTR » Thu Oct 05, 2017 8:31 am

Spot on post! Could not agree more. Going to email my Vanguard rep today and request the same. Recently, Forbes ran an article, illustrating phone system vulnerability . . . in case there are any doubters. Here's the link for anyone interested . . . .

https://www.forbes.com/sites/thomasbrew ... 379fb541a4

Posts: 20
Joined: Tue Sep 04, 2012 8:58 pm

Re: Urge Vanguard to support better two-factor authentication

Post by Vize » Wed Dec 27, 2017 9:36 pm

Bump. There have been some horror stories out there around text-based 2-factor auth allowing folks to steal account access.

Please call or message Vanguard. Log in -> My Accounts -> Messages -> Compose

Your accounts are still vulnerable despite Yubikey support.

User avatar
Posts: 12738
Joined: Mon Aug 03, 2009 2:33 pm
Location: Where the water is warm, the drinks are cold, and I don't know the names of the players!

Re: Urge Vanguard to support better two-factor authentication

Post by abuss368 » Wed Dec 27, 2017 9:41 pm

The security protocols and the constant change and evolution is simply amazing and perhaps a bit overwhelming.

Thank you for your knowledge and understanding and reaching out to Vanguard.
John C. Bogle: "You simply do not need to put your money into 8 different mutual funds!" | | Disclosure: Three Fund Portfolio + U.S. & International REITs

Post Reply