Why are we not able to generate an app specific password?

Phil Salesses

There are plenty of apps that integrate with banks. Namely, I want to use Stash, Acorn and Mint. But, they will not work with 2FA turned on or this ridiculous thing you call CyberCode "Hello, this is 1990, I want my branding back!"


It's not a tough feature to implement. I shouldn't have to choose between flexibility or security. I want 2FA turned on. I want to use Acorn and Stash. See "Cake and eat it too" in the dictionary.


Please figure this out, it's not difficult to implement.




@Phil Salesses, I can understand your frustration. Multifactor authentication may prevent some third-party services from working as expected. We are working diligently to implement a solution that protects our members, and we expect to improve this experience this year.
Given the amount of personal information available through social media and external data breaches, stronger security is required.
USAA offers enhanced security (multifactor authentication) options that allow members to authenticate themselves with a combination of something they: • Know: password, pin, quick logon, • Have: phone, token, code. • Are: biometrics, such as your fingerprint, facial or voice recognition.  Thank you for your feedback.

In relation to this inquiry. This is a major failure as there is support option to make this work. I would like to see this issue resolved as it is painpoint for most people trying to focus on wealth growth or managing spending/budgets.

Hello @batman23, I have forwarded your feedback to a subject matter expert regarding the app specific password. Once researched they will be contact with you. Thank you. -Colleen

This is a major issue for me for the same reasons others have pointed out. 2FA/MFA is the best thing one can do to secure their USAA account, but I'm unable to make use of it due to the limitations it places on integrations with USAA. I work in IT security and understand that this is a particularly challenging technical problem to solve and that app-specific passwords aren't a true fix to the problem (they are essentially a 2FA-backdoor), but I have faith that USAA can come up with a solution here that's perhaps even better than app specific passwords (eg, an official API that allows specific apps to be granted access, similar to the way Google/Facebook/Twitter approach 3rd party integrations).


I've always known USAA as a leader and innovator in banking technology (I remember when you guys supported mobile deposit before smartphones were even a thing!), so I definitely expect more of USAA in this area.