AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Symantec authenticator12/5/2023 There's no reason a time-out should ever prevent customer access to research or streaming news after an initial one-time validation that a mobile device belongs to a Fidelity customer. Instead, Fidelity should allow a single login that never times out for access to non-account information like streaming news and research. Not only that, Fidelity automatically logs me out of the mobile application after a short time when I might only want access to streaming news. Yet Fidelity mobile and website always provide full account access to make trades or other account changes with every single login, even though I typically only want access to streaming news, research and account details. Much less often I need to trade, move money or perform some account change. For example, I often use the Fidelity mobile app and website to check the market and accounts. That limitation should inspire the use of stronger 2FA like YubiKey, but also additional security gates within Fidelity to prevent unauthorized transactions. I understand that SIPC insurance doesn’t cover losses due to account hacking. I want the *maximum* level of protection for my Fidelity accounts. The bottom line is that Fidelity should make the process very clear for how to maintain the account protection promise while acknowledging that using a password manager is a best practice for security. Fidelity could provide a list of password managers for which Fidelity would maintain Fidelity's account protection guarantee. I would even be OK if Fidelity only protected such accounts by requiring three-factor authentication, such as VIP Access (or YubiKey) and also a thumb-print on their mobile device - for example. Instead, Fidelity should explicitly protect such user account when the customer uses an industry standard password manager and two-factor authentication. By my understanding, Fidelity's account protection promise is void when a customer uses a password manager to store Fidelity login credentials. If the credential is a hard token, it likely needs to be replaced.One thing I'd like Fidelity to add to their security promise is protection for those who use a password manager to store Fidelity login credentials. This will generate a new credential ID - contact your organization helpdesk to assign the new credential ID to your account. If the tests continue to fail, uninstall\reinstall the app. You may need to repeat this step 2-3 times. If it fails, wait for a new security code to generate and try again.If the credential is working properly a success message will appear. Enter the security code from your device.Enter the Credential ID in the provided field.Click on Test to the right of the phone image.Verify the time zone and system time on the device are correct.Test the security code using the steps below.įor VIP Access for Mobile and VIP hard tokens, follow these steps:.Click on the icon in the top-left of the application window and select Settings.Therefore, if your device clock was set incorrectly to a future time and you attempted to use a security code, you will need to set the clock back to the correct time, then let the clock pass beyond the time the security code was used. Meaning, if a security code with timestamp 08:00 is used, any security code prior to that time will fail. Set the time zone and system time on your device to the correct values.Never use the same security code more than once. Important: VIP Security codes are one-time use only. PUSH is recommended whenever using a mobile token.Ī time re-sync between your app and the VIP services can be done directly from the VIP Access Desktop app using the steps below. VIP PUSH authentications are not affected by the system time.If the time on your device becomes incorrect by more than a few minutes, the security codes generated by the VIP Access become out of sync and are rejected by the VIP services.The mapping between your credential ID, security codes, and the corresponding timestamps are synchronized with the VIP services in the cloud.The next security code generated 30 seconds later will match at 12:00:30 PM, the next code will match at 12:01:00 PM, and so on.If the VIP Access app on your iPhone is launched for the first time on at 12:00:00 PM, the very first VIP security code will match that date and time.If the device time changes to an incorrect time, VIP security codes may fall out of sync and the code will fail during a validation attempt. The Symantec VIP mobile and desktop time-based apps use the device time as a reference to generate a new security code every 30-seconds.
0 Comments
Read More
Leave a Reply. |