
Ask HN: US Banks supporting hardware token 2FA? - throwawaybank
A decade ago, I spent some time living in Europe and every bank I had an account with offered a hardware token for online banking.  When I returned to the states I asked my bank USAA if they would consider offering such an option.  To my surprise, they said they already did.<p>Fast forward to today.  Overall, I am quite happy with USAA, but I know they aren&#x27;t an option for everyone.  Also, USAA just doesn&#x27;t offer savings accounts with the yields that many banks are offering today.  But every bank with a high yield savings offering I&#x27;ve contacted thought using a hardware token was quite the novelty. Most tried to assure me that using SMS for 2FA was really very secure.<p>While I&#x27;ve done my best to secure my cell number from porting attacks, by the nature of things I&#x27;m carrying my phone just about everywhere, versus my hardware tokens kept in a fireproof safe.<p>They&#x27;ve always said they&#x27;d refer the idea up the management chain, but so far I am not aware of any actually following through.  It seems like they&#x27;d love anything to lower their risk, but who knows.<p>So rather than continuing to contact banks in vain, I figured I&#x27;d ask around on HN as I know this is fairly security conscious crowd.<p>(Yes, I know Vanguard does support YubiKey which is awesome of them, but their money market fund yield still seems to lag behind high yield savings accounts, not to mention the 0.1% expense ratio)
======
mars4rp
I know this is not answer to your question but it might help in some ways, if
your concern is saving accounts what we did was disabled online banking and
atm on our saving accounts with large amounts of money. We still have our
checking for every day use. We hardly touch our saving and for that we have to
go to the bank in person. That is the most secure way I figured so far!

~~~
throwawaybank
Sure that is certainly probably the most secure solution, but I assume that
only really works for banks and credit unions with branches local to you? I
guess you could arrange for wire transfers over the phone, but I feel like
that is even less secure in some ways.

Unfortunately, it would seem with going with local banks is not really viable
if you are attempting to maximize interest. BoA offers 0.03% and Wells Fargo
0.01%, and a local credit union is offering 0.20%. When there are banks
offering over 2% interest, going with such ridiculously low interest is
difficult to justify.

But indeed, it could be argued that going with a bank with poor 2FA negates
the advantage of the extra 1.8%.

~~~
JumpCrisscross
> _BoA offers 0.03% and Wells Fargo 0.01%, and a local credit union is
> offering 0.20%_

If you can plan, buy Treasuries.

~~~
throwawaybank
Indeed, but that's the whole point here. This is money for when things
unexpectedly go wrong, so it must be liquid. Yet it is also painful to let it
slowly succumb to inflation as well.

------
ecesena
Several banks joined the FIDO alliance:
[https://fidoalliance.org/participate/members-bringing-
togeth...](https://fidoalliance.org/participate/members-bringing-together-
ecosystem/)

I'm not aware of any supporting u2f/fido2 today, but browser support is also
very new, so perhaps they need broader adoption. They'd certainly motivate
broader adoption. Let's see and hope.

------
throwawaybank
I should have mentioned there is this list:

[https://twofactorauth.org/#banking](https://twofactorauth.org/#banking)

~~~
throwawaybank
So of the US companies that do offer hardware security tokens (First Tech
Federal Credit, HSBC, USAA, Wells Fargo) none of them offer savings yields
greater than 1%.

The split is dramatic I have to wonder if there is some deeper reason that
companies with higher yields do not want to offer better security. For
example, Barclays UK will provide a hardware token, but Barclays in the US
will not.

------
Bucephalus355
LOL not USAA that’s for sure. 12 characters is the MAX limit for passwords.

~~~
throwawaybank
[https://www.amazon.com/dp/B06XY422T9](https://www.amazon.com/dp/B06XY422T9)

