The only US brokerage that offers real 2fa is vanguard (last I checked), and eve... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

dmoy on Oct 9, 2020 | parent | context | favorite | on: Robinhood Accounts Looted, No Customer Support

The only US brokerage that offers real 2fa is vanguard (last I checked), and even they mess it up by allowing sms fallback.

It still will allow you to avoid phishing if you never use the sms fallback, but it does make you vulnerable to sim attacks of the variety "convince phone store rep to replace 'your' lost sim card"

jrib on Oct 10, 2020 [–]

What makes Schwab's implementation with a hard token not "real"?

dmoy on Oct 10, 2020 | [–]

Because it's still trivially vulnerable to phishing

Any kind of otp/totp leaves you with too much risk

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact