![]() Suggestion: Please use the security questions if additional information is needed to identify a customer. I do have some security questions/answers recorded for this purpose at Fidelity, and the rep could have used those instead. This isn't particularly obscure information. Unfortunately, the information was merely any of my account numbers and the name and DOB of a beneficiary on the account. Before changing my VIP Credential ID that Fidelity had in the system, the customer service representative asked for further information to authenticate my identity. Suggestion: Please enable account owners to specifically disable the use of SMS for account verification, if they desire, especially when they have selected Symantec VIP for 2FA.ĭ. There are other options apart from SMS, like a phone call to a secure number (not SIM-based mobile) or single use backup codes (like Google can provide to its users). I understand that Fidelity will want to have a backup method for authentication in case an account owner loses the phone on which Symantec VIP is installed. I don't want SMS to be used to secure my account or as a backup method, because it leave a hole in the security layers. SMS is vulnerable to exploits like SIM-jacking. The reason I use a 2FA solution like Symantec VIP is to avoid using SMS for security. When I called Fidelity the customer service representative first sent me an SMS text to verify my identity. Suggestion: Please enable users to enroll and update their Symantec VIP Credential ID online, through their account.Ĭ. Suggestion: Please make this information available by searching on Fidelity's website. Finally, I used a search on Google and found pages on Fidelity that provided the information I needed, that showed I needed to install the app on my phone and then call Fidelity customer service. I couldn't find anything relevant by searching on "Symantec" and "VIP". I logged into my Fidelity accounts to look for information on updating VIP. Suggestion: Please consider allowing TOTP apps like Microsoft Authenticator.ī. Perhaps Fidelity views the flexibility of other apps like Microsoft Authenticator to be a security concern? For my 2FA accounts with other institutions I was able to do this, without needing assistance from those institutions. It also allows the user to configure a new device if the original configuration code is available (securely saved). Other authentication systems, like Microsoft Authenticator, allow the app to be configured on multiple devices, which may be a convenience for some users. The device owner also cannot change devices without assistance from Fidelity. Each device automatically has a unique Credential ID which cannot be changed, so that an account owner cannot have more than one device to provide the account one-time code. ![]() The Symantec app is designed so that it can only be installed on a single device. I wanted to share with you my observations and concerns about using the app to secure my Fidelity accounts.Ī. I recently bought a new cell phone and needed to update my access to Fidelity with the Symantec VIP app. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |