It looks like you're new here. If you want to get involved, click one of these buttons!
Welcome to the 21st century. Where everything is automated and humans don't know what's going on.In addition to Call Filter blocking, Verizon auto-blocks calls that are highly likely to be illegal, such as calls from telephone numbers that are not authorized to make outbound calls.
© 2015 Mutual Fund Observer. All rights reserved.
© 2015 Mutual Fund Observer. All rights reserved. Powered by Vanilla
Comments
Is the block @msf mentions also used for 2
partyfactor verification of other transactions? Buying and selling inside a brokerage account? Sure sounds like it. I think everybody’s racing to stay ahead of AI. Heck, even though already logged in as a paid subscriber, Morningstar made me take one of those “prove you’re not a bot” tests the other day before I could continue. (I successfully identified all the busses in the photos.)BTW - I’m a Verizon user. Haven’t had any problems using text messages for verification. In fact, the problem with the debit card I noted was finally successfully resolved by a computer generated voice call.
T-Mobile said, of course, 2FA txt codes are auto-blocked on new accounts to avoid problems with purchases by kid users.
After unblocking all line, I told them that proper default would be not-blocked, but people can set block by phone or online.
Not sure what T-Mobile does now.
Today Fidelity got a call past Verizon by using a different outgoing number. When a resistible force meets an immovable object (Verizon), it seems that the resistible force goes around the immovable object.
Maybe Fidelity is using a different outgoing number for you, or maybe Verizon is blocking numbers regionally. All I can say is that once again I cannot get a voice security code from Fidelity. Verizon is simply not allowing the call to reach my phone.
There are times when the 2FA comes slow as text message, I ask Fidelity to call instead and it works as well. Another option is use your email address to authenticate yourself. But this is rare as mobile devices are more common today.
I think there are more security issues recently. I get the verification of not being. “bot” from my bank from my PC, as @hank pointed out. Using the bank’s App, this does not happen. Recently I was asked for my PIN # for buying gas at a new location using my credit card. Typically they ask for my zip code of my home address. I called the credit card later and was told there are more unauthorized uses are happening.
The answer to your two questions is "yes". By the way, I have also been able to receive a security code via my Verizon Wireless mobile device.
Really sorry to hear about your problem with Verizon.
With the rapid advances in AI, this form of identity verification (along with all others) must leave “heads spinning” in the security departments. May partially help explain why more “hoops” are being thrown up. I realize this doesn’t pertain directly to @msf’s post - but thought worth adding.
Helpful discussion. I locked my Fido direct transfer option this morning. There’s a good page (if logged in) that explains what’s covered by a lock and what isn’t. For example, regularly scheduled automatic transfers are not included.
Technically, my cellular provider is called “Visible”. It’s actually a low cost subsidiary of Verizon. Very dependable. No issues. Can’t speak directly to getting an audible security code by voice call recently - though it’s worked successfully in the past. I do routinely receive robotically phoned security inquiries that require my confirming by pressing a number.
One of the institutions I'm using always (automated) asks me if I'd like to use my voiceprint in the future for access (not Fidelity). I always decline.
I don't use voice recognition (IMHO too easy to clone) and I don't speak first when answering the phone. Different people make different tradeoffs on security. It's a matter of how you perceive different risks and how much effort you're willing to expend for each extra layer of security.
Five Ways to Protect Your Voice from AI Voice Cloning Scams
https://tnsi.com/resource/com/five-ways-to-protect-your-voice-from-ai-voice-cloning-scams-blog/
I know it gets me “in the door” initially. Saves time. But not sure how far I’d get moving money around. I think they do follow up with additional verification for actual exchanges / transfers. I do so much online today it’s hard to remember any calls … Anyway, will look into the advisability of using voice-print at all for verification in this Brave New World.
PS - It seems to me (in retrospect) that the 1st human to pick up at Fido says something like, ”You have been pre-screened by voice recognition … “
I didn’t know we could bypass the robot’s directions “Now tell me why you’re calling ….” I’ll definitely try that next time!
https://www.fidelity.com/security/extra-security-login
"You will be prompted to verify your identity when you perform highly sensitive transactions such as setting up new bank instructions or changing your contact information. If you are signed up for extra security at login,
you may not get prompted for additional verification during the transaction because we will have already verified your identity when you logged in."
I've configured extra login security with MFA using the Symantec VIP authenticator app.
I seldom perform "highly sensitive transactions" but did change my user name this year
and assume this would be highly sensitive per Fidelity.
Security text alerts were turned on but I don't recall receiving a text for this transaction.
I haven’t tried authentication apps. Would using the one you mention replace 2-factor authentication? Currently, I feel reasonably safe because I usually login using a fiber optic wifi network and than receive a secure numerical code through an outside cellular network. Exceptions would be when away from home and I login and receive the code over same cellular network. Try to minimize those less secure logins.
Your quote from Fidelity seems to say they would not change / add a bank account without additional security steps. ISTM that provides a very good layer of protection as they would not make a transfer to an unauthorized institution. Recently changed password & user name as well. 20 characters I believe is the maximum number. If were 30 I’d probably use it. Password memory only - not recorded anywhere. God help us as we approach 80.
Add: Just checked. FYI - Fidelity did promptly email an “Alert” that the password had been changed. (Use texting rarely. Prefer email alerts. May have so specified.)
The Symantec VIP app is used for Two-Factor Authentication.
I've used it for years at Fidelity and recently with a new Schwab account.
I haven't had any issues with the app - it works as expected.
Since Symantec VIP is only installed on my desktop computer,
I can't comment on mobile versions of the app.
I'd prefer Fidelity support hardware authentication devices (e.g., Yubikey),
but this is probably the next best solution from a security standpoint.
Do yourself a favor and try using a password manager app.
I suffer from CRS (can't remember s***) so a password manager is very helpful.
There's no way I'd remember strong passwords like =qaDg|I$%3g/IIa*zKzn from memory.
I have experience with both Symantec VIP and Google Authenticator. Many sites support one or the other. Timer for Symantec VIP starts from 0 and you have 1 minute to input the code. Google Authenticator runs continuously, so it could be in the middle or the last part of its 1-minute cycle. So, I wait until it starts from beginning and wait a few seconds to input the code - otherwise, it may reject the code, because the systems need a few seconds to refresh. It must be a rumor that light and electrons move at the speed of light - my PC takes its time to do things (-:).
Make sure that there are at least 2 ways to get the 2FA codes - via phone, e-mail, authenticator app.
Recently, in one account, the 2FA used only Symantec VIP. The app got frozen/locked, so I had to uninstall and reinstall, and that wiped out the old information/connection. So, I had to call because I had no way to log back in - a great royal pain!
Pay no attention to Fidelity's comment that it doesn't support this. Right below that is a comment by Harry Sit (The Finance Buff) that he has the fob and it works fine.
Thanks, I was not aware of this and will investigate further.
Edit/Quick Take: non-replaceable batteries, larger footprint than Yubikeys,
will not work with any MFA provider besides Symantec VIP Access
=qaDg|I$%3g/IIa*zKzn is perfect. I’ll switch over tomorrow. Who the hell could ever duplicate that one?
You're correct that Fidelity passwords are limited to 20 characters.
Here are the password requirements:
Use 8-20 English alphanumeric characters.
Use at least one of these special characters: ! @ $ % ^ ( ) - _ + = | \ : ; ' , . ? / ~.
Use at least 1 number, 1 lowercase letter, and 1 uppercase letter.
Use a random combination of characters instead of a common sequence or personal information.
FWIW - I don’t find it difficult to memorize a 20 character password consisting of at least 2 each of the following: upper case letters, lower case letters, numbers, special characters (in random sequence). The trick is to formulate a short phrase in your mind incorporating them. For letters, each letter in the code corresponds to the first letter of a word in that phrase. There are other tricks. That’s not to say what I construct is as good as what a password manager could. I doubt it is. Fido usually grades my passwords as “strong” or “very strong” - but have yet to attain their ultimate highest grade.
Here’s a quick one I constructed in a minute: FMDcIdGAD/Csb1142*CG
Translated:
F Frankly
M My
D Dear
c comma
i I
d don’t
G give
A a
D damn
/ space or hyphen mark
C
s
b Shorthand for Casablanca
1
1 Month of release
4
2 Year of release
* staring
C Clark
G Gable
Password strength meter
”I wanted to let you know that multi-factor authentication (MFA) is up and running! You can learn more about this through our formal announcement below.” Link to Rep / Discussion
Fidelity MFA announcement (Quoted from Announcement) “Why MFA is important - MFA helps prevent unauthorized people from accessing your account, by requiring you to log in with your password AND confirm the login via another factor (in this case, entering a code generated by an app on your personal device). This added layer of protection means that even if someone knows your password, they’ll have a harder time accessing your account. We strongly encourage you to add MFA if you haven’t already done so.“
What I’m having some difficulty grasping is how this is substantially more secure than the 2-factor authentication I already use? Why is the new fangled “multi-factor” method (being touted) more secure?Here’s a link / source that explains it. MFA vs. 2FA: what’s the difference?