Fidelity 2FA with TOTP Authenticator Apps (without Symantac VIP) View on GitHub Fidelity 2FA with TOTP Authenticator Apps (without Symantac VIP)įidelity investments supports 2FA login with SMS and Symantec VIP (as of May 2021). SMS based 2FA is know to be fairly insecure and Symantec VIP requires downloading another authenticator app. I wanted the security from app based TOTP 2FA, but by using existing authenticator apps (e.g. Authy, Google Auth) already installed on my phone where I keep other passcodes. This guide will show you how to setup app based 2FA on your favorite TOTP authenticator app so you can login to Fidelity without ever having to install Symantec VIP.įortunately, the Symantec VIP app uses standard security protcols and some clever people have developed an opensource python client to replace the standard phone app. You can use this python client to emulate the Symantec VIP app, extract the key, and install into your favorite TOTP app. I have tested this with Yubio and Microsoft Authenticator apps only - but it should work fine with others apps like Google Authenticator and Authy. This guide is for OSX but as long as you can install python, python-vipaccess, and qrencode on your OS it should still work. Make sure you have brew pip3 and python3 installed in your terminal. Brew is a package manager for OSX and pip is a package manager for python. Qrencode -o qr.png -s 15 "otpauth://totp/your_fidelity_username?secret=B62TJYTHYEO5GEIHEODYHY77HFUK6ZEI&digits=6&algorithm=SHA1&issuer=Fidelity&period=30" Install python-vipaccess with the python package manager: Once installed you can install python3 with brew install python3 - This should also install pip3 at the same time. Open the generated qr.png file and you should see a QR code. Scan the QR code in your TOTP auth app of choice and you should see it added and passcodes get generated every 30 seconds.Ĭall Fidelity and ask to setup 2FA with VIP. Tell them you already have the Symantec VIP app installed. They will then ask you for your credential/ID, this is where you tell Fidelity the credential generated in step 4 (e.g. They will add the credential to your account and enable 2FA.įidelity should then ask you to try logging in while your still on the phone. Offically support multiple TOTP apps (like Google Autenticator) with existing security standards.It’s good that Fidelity support app based 2FA, but adoption could be increased by: Delete the ‘qr.png’ file as this is sensitive data.Enter username/pass as normal but now you should be asked to enter your 6 digit passcode - Enter the passcode from your TOTP authenticator app and it should log you in. VIP ACCESS MAC CODEĬreate the key and QR code directly on the Fidelity website after login and reduce burden on your call center.Symantec VIP can still be supported but at least give your customers the option of using their existing passcode apps. Support hardware security key based login for example with a Yubikey or Duo.īlog is maintained by magneticB.It’s standard for this process to be automated so a call shouldn’t be required (and maybe a security risk if a 2FA reset can be socially engineered over the phone). This page was generated by GitHub Pages.Do not use the sudo command during installation of VIP-CLI or Node.js, or when running any VIP-CLI commands. If sudo is used to install a package, that package must be uninstalled. Install Node.js and npmįollow the Node.js instructions for Installing Node.js via package manager.ĭo not use sudo to fix access permissions.Īfter the packages are uninstalled and permission repairs are complete, begin the installation process again without the use of sudo. Installing Node.js will also install npm. VIP recommends installing Node.js with a package manager like Homebrew or a Node.js version manager like nvm. It is possible to experience permission issues when installing Node.js packages globally. This error indicates the need to fix permissions: WARN install EACCES: permission deniedįollow this guide to resolve the error by either reinstalling npm with a Node Version Manager (recommended) or manually changing npm’s default directory. VIP-CLI requires a minimum installed version of Node.js v14 and npm v6.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |