7/21/2023 0 Comments Vip access app![]() That would be as secure as the current system, and much more usable. USB security "keys" from Yubico), and must allow multiple (more than two) such keys (or, in the case of Symantec VIP, Credential IDs) to be used to log in to any one Fidelity account. I second the criticism that limiting the Fidelity customer to just one device on which the code generator app is installed is an unnecessary impediment to convenience of use, and that it provides no real additional security.įidelity should implement (Google Authenticator compatible) standard TOTP, not Symantec VIP and should also implement FIDO U2F (e.g. This is why to never share passwords or login creds with others: anything wrong they do could be blamed on you. We don't want users logging in and then claiming it was really someone else. But if there is more than one device, then it's more plausible for you to try and say that someone else stole your code-generating device and logged in as you, but it wasn't actually you. If there is only one device, then it's a pretty good bet every login was done by you. Multiple devices authorized to generate codes for one user could be a security hole from the perspective of non-deniability. ![]() ![]() They don't want to pay for the codes on the devices you cannot possibly use, while you are busy using one code at a time to log in. ![]() Every OTP code that's used for logging in, or every device that is enabled to generate live codes, costs the platform some pennies. Instead, it's a policy set by the reseller, to limit their cost of providing a service that produces no direct revenue.īetcha the reason all devices and software that generate such codes are costly, is because the intellectual property is licensed under patent. The restriction that authorizes only one device at a time is not a technical barrier, and properly-authorizing more than one device at a time would not be a security hole (* see below). Super-terrific security like this easily gets not-used for personal accounts because it is prohibitively inconvenient. Does transferring the device authorization require more verification than was used for authorizing the first device?Īll this hassle is more reason for me to not-use this kind of scheme, unfortunately. In that case you have to call in to de-authorize the unavailable device, and authorize a different device. That one device is still a single point of failure that would prevent you from accessing your account if it became unavailable for any reason. It sounds like you can log in from any device, but the 2FA step of every login still requires the one device that is authorized to generate the one-time codes. I appreciate your help and your very excellent customer service □♥️□□ I have a very old iPhone and I’m considering purchasing a new one in the fairly near future… If I am limited to only having the VIP Symantec app on one device and choose to install the VIP Symantec app on my current phone, would I be able to transfer the app over to my new iPhone, when/if I buy one? That seems very counterproductive to me…I am hoping that I misinterpreted the information in front of me… Please clarify.
0 Comments
Leave a Reply. |