Yes, Fidelity offers users two factor authentication. 

Step 1: Login to your Fidelity account

Step 2: Select the “Accounts & Trade” menu

Step 3: Go to the “Security Center” and “enable” 2-Factor Authentication

Step 4: Confirm the phone number to use and select “text” or “phone call”

Step 5: Receive the 6 digit code via text or a phone call and enter it in the website

Step 6: Two Factor authentication is now enabled

The entire process takes about a minute. That’s it.

Let’s discuss the why and even better options for protecting your fidelity account, bank accounts and investment accounts elsewhere.

Online Criminals are everywhere 

There appears to be no end to the number of criminals out there who are aggressively trying to break into your bank or investment accounts. After a lifetime of savings, the last thing you need is someone gaining unauthorized access to your account.

That being said, we all need to do whatever possible to protect our hard earned savings.

What is Two Factor Authentication (2FA)?

When you attempt to sign into your online account it is requested that you provide your user id and your password. Your password is the first factor of authentication. Security questions in addition to a password are still considered part of the one factor authentication process as it is a similar type of factor (something you know).

The second factor which gets you to two factor authentication would likely be to receive a code to your cell phone or via email that you are required to enter into the website. This is a higher level of security than just using a password with single factor authentication (SFA).

This is because with just a single factor, if someone steals your password, they can access your account. However, with two-factor authentication they would also need to have access to your cell phone number or email account. Not bullet proof, but better. It is an extra step but worth the hassle knowing the potential downside.

Is the standard two-factor authentication foolproof?  No  

Is it better than the single factor?  Yes

Are there even better security options to use for 2-Factor Authentication (2FA)? Yes

We will cover the Fidelity steps again and provide even more advanced security options below.

Setting up two-factor authentication (2FA)

With Fidelity, it is pretty easy to enable this feature. You simply login to your account, and go to the “Accounts & Trade” menu.

When there, click “Security Center” menu selection. You then can select “enable” at the 2-Factor Authentication at Login window.

Fidelity when then ask you to confirm the phone number you want to use for this verification, and then if you want to verify via a text or phone call.

If you select “text”, for example, you will get a text message with the 6 digit code sent to your mobile number that you then enter to validate and enable the feature.

That’s it.  The whole process takes less than a minute.  Every time you log in to your account you will get a new code (either a text or call) for you to enter before being able to get access to your account. Most people use mobile phones and likely to go with the faster text message option, but even with a landline phone you can use this service by using the call option.

These security features are pretty universal to most banks and investment companies. If the company where you have your hard earned money does not appear to offer two-factor authentication, you should call customer support to confirm. You need a provider that is serious about securing your funds. The large players such as Fidelity, Charles Schwab, and Vanguard will all have it. It is an industry standard so it is expected. The large brokerage firms such as TD Ameritrade (owned by Schwab) would as well.

Basic Security Measures

There are some basic security measures that should be top of mind to protect our personal information. I am not a security expert, but these things appear reasonable to follow and make sense.

Password optimization

Be sure to use different passwords for the logins on websites and accounts. Using the same password over and over for different accounts is one of the most common mistakes. Once a hacker gets the password from one site they will try it on the others. Easy for you but also easy for them. Unfortunately you need to make it hard for them by using a strong password that is unique (not reused). If you don’t want to manage all of those unique passwords on your own, try using a password manager service such as DashLane or NordPass. Both are currently less than $3 per month. Check out this article from the Clark Howard website for more information on other password managers to consider.

Using Wifi or a VPN

Be very careful where you are doing financial transactions. Do not do them using public or unsecured wifi that can be monitored by criminals. This would be in businesses, airports, hotels, lobbies, etc. 

You are better off turning off wifi and only using your cell service instead of wifi. Even better would be to use your own secure personal wifi (home). The best would be to have your own Virtual Private Network (VPN) such as Express VPN or Nord VPN. You can get one of these VPN services for approximately $5 to $15 per month depending on the plan.

Be careful with emails

Do not click on any links of any email sent to you. Go to the legitimate site you are aware of and log in from there. If there is a problem or issue that needs resolving you will find it when you log in to your account from there. If you still have questions you can call the number you have from the known website. 

Never call the number on the email because ANYONE can send you an email at any time claiming to be anyone. The crooks can make the emails look so authentic that it is easy to take the bait. If you click on a link in the email you could be enabling key logging software to capture your user and password information. Even easier for them, a pop up after clicking the link that asks you to validate your contact information or password is basically just handing your information over the to the criminals. 

We are all most vulnerable when we are in a hurry (which is a lot of the time) and concerned there is a problem that needs our immediate attention (the email tone creates urgency). Don’t fall for it. Take a deep breath, think it through, inspect the full email of who sent it (it is often very obvious when the email address is not legit) and then separately go to the website you know as legit and check things out. 

Use a device only for financial purposes

Consider using a PC or Chromebook that is ONLY used for financial transactions. That is it. It is like the cash management PCs that used to be common in business before they had debit block and dual approvals. I like Chromebooks because they are inexpensive and small. The strategy is that if you have a device that you only use when logging into bank or investment accounts. Because that is all you use it for, it can’t get corrupted with viruses or key logging software because you are not using it for web surfing, downloading files, or email.

Improved two factor authentication (2FA)

For those that want an extra layer of security, there are even more secure options.

You can go with a hardware token security key which is a physical device that you keep in your possession that continually generates one-time codes. These security tokens continually generate a security code that you use as your second factor of authentication. This is called a hard token. 

There is also a soft token variation of the hard token, which generates the code on an app on your phone on PC. Same concept, just a “soft token” rather than a “hard token.”

Fidelity uses the Symantec VIP Access app, which is a free service. The VIP stands for “Validation and ID Protection.” It acts at a soft token by generating a random 6-digit code via an app on your PC, Mac or to your mobile phone number every time you attempt to log in.

Problems with basic 2FA and cell phone number hijacking

Advanced 2FA is superior to the typical sms text message or email that can be compromised. Your cell phone number can be hijacked via sim swap attacks or your email account can be hacked. With the sim attack the criminal gains remote access to your mobile phone number.

You can tell if you phone number has been remotely hacked if you cell phone stops receiving a signal and says “emergency calls only” or “no network,” especially after you attempt to shut down and restart your phone. If that happens you need to immediately contact your mobile phone company and tell them your cell phone number has been hijacked. 

You should then contact your bank and investment accounts to let them know as well since you have just lost one of your factors of identification. If you criminal has your user id and password than they have both factors of identification. 

The other issue would be if your mobile phone is lost or stolen. Be sure to always enable the PIN or lock feature on your phone to prohibit access. Having biometrics on your phone is another feature to protect your device.

Having a physical token (or soft token) in your possession is more secure. Most of the major financial institutions (such as Fidelity Investments) will allow you to use these methods.

Multi-factor authentication (MFA)

Even better than two-factor authentication is multi-factor authentication. As the name sounds, MFA goes beyond what 2FA requires.

Typically with multi-factor authentication there would also be a bio-metric step such as facial recognition or a finger print.

Fidelity also offers multi-factor authentication. It uses biometrics to identify you via your face or fingerprint, and does not require a text or call. 

You can enable the MFA feature with push notifications by downloading the Fidelity Investments app and then turning on device notifications. You then need to make sure you are enrolled in biometrics. After that you go to your Fidelity website and then the Security Center menu be sure to enable the feature. 

Your last step in the process is to call Fidelity at their account security number 800-544-6666 in order to activate this advanced feature.

Fidelity is known for having very good customer service. If you have any issues or struggles you should reach out to them at their customer service number 800-343-3548.  

Another security measure to protect your identity and sensitive information

Freezing your credit is probably the best thing you can do to reduce the risk of identity theft. If your credit is frozen with each of the three main credit bureaus (ExperianTransunion and Equifx), it will be very difficult for anyone to borrow money pretending to be you. These links will take you right to the applicable area to freeze your credit.

A frozen credit file will tell the potential lender of an identity fraudster not to loan out money due to the frozen file.

The thieves want money. If they can’t easily get it they will likely move on to another target. Most people don’t freeze their credit. They will be the lower hanging fruit for a potential fraud criminal, not you.

Freezing and unfreezing your credit just takes a few minutes per credit bureau. It is worth the protection!

Executive Summary: Does Fidelity offer users two-factor authentication?

  • Yes – and you should seriously consider using it to help protect your personal finances
  • 2-factor authentication (2FA) provides extra security over the standard single factor password
  • Using 2FA is better because it uses another way to verify your identity, such as a text message with a code
  • Setting up 2FA is usually quite easy, and with Fidelity it takes less than a minute to complete
  • 2FA is an industry standard that you should expect and enable with all your bank and investment firms
  • Other basic security measures include using a unique password or password management service
  • Don’t click on email links or use phone numbers in emails and instead go to the legitimate site you know
  • Only use secure wifi and even better have a virtual private network (VPN)
  • A Chromebook or PC dedicated ONLY for financial transactions is preferred
  • You can improve on 2FA by going with a security key or token
  • Multi-factor authentication (MFA) is even better than 2FA as it using an additional factor such as a finger print
  • Freezing your credit is also another good security step to take

Other Articles to Read

signature

Pin It on Pinterest