Deter Fraudsters with Multi-Factor Authentication

USAA Community Cyber Security Video.jpgWhat do you think is more secure- a complicated password or a 4-digit pin?

 

Watch as Mike Slaugh from USAA Financial Crimes Prevention shares how multi-factor authentication can provide an extra layer of security to your accounts. 

[video]

 

Learn more at usaa.com/securitycenter

 

 

 

37 Comments
New Member

I too would _love_ U2F support, Yubikey in speciffic.

Administrator
Administrator

Thank you for taking the time to comment @_XM .

I will keep this thread updated when there is progress made!

Occasional Visitor

Adding my vote for Yubikey or similar physical token. Already looking at VPN for security/privacy when traveling, but a physical token for banking/financial applications would give me even more peace of mind.

Thanks for everything you do.

New Member

Recently I acquired a couple of yubico 2-factor keys and a google titan U2F key.  When will USAA begin to allow me to use these keys for multi-factor authentication?

Administrator
Administrator

Thanks for commenting @Slim254 . I will see what kind of updates I can get! Thanks in advance for your patience as I track the answer down.

New Member

I'm aslo following up with the Yubico question.  I'd like to use my Yubikey for MFA. It's been about 2 weeks, any significant findings or updates?

Occasional Visitor

This article is old but I'd like to know what plans USAA has for continued improvement of their security posture around multi-factor authentication. Two-factor authorization (2FA) in general is good. Text/SMS as 2FA is bad. There are multiple reported security breaches (from as far back as 2013 when CloudFlare was breached!) and many strong arguments that outline how SMS is not a secure medium for 2FA - It is not encrypted, it is spoofable, it is interceptable.

 

Better alternatives to 2FA SMS include: software authentication (Google Authenticator, SecurID, Microsoft Authenticator, USAA's CyberCode token, etc.) and hardware authentication (Yubikey, Google Titan, etc).

 

Sources:
- Cloudflare breach: https://dcid.me/notes/2013-apr-19.html

- Why 2FA SMS is a Bad Idea: https://blog.sucuri.net/2020/01/why-2fa-sms-is-a-bad-idea.html 

- Princeton Study - SIM Swap Attacks: https://www.techspot.com/amp/news/[removed sensitive data]-princeton-study-shows-us-carriers-do-litt... 

- Why you should not use 2FA SMS: https://www.androidpolice.com/2019/06/17/cautionary-tale-hackers-hijack-phone-number-break-into-mans... 

 

New Member

+1 for U2F/Yubikey

New Member

Please hurry up and allow us to use yubikey.

 

USAA Should be the leader in security for the accounts of service members stationed around the world. Please show your support for us by introducing this feature.

USAA Service
USAA Service

Hello @komobu, Thank you for your post. Our Website Support Team can address online security concerns at 210-531-8722 "technical support" 

Have a great weekend. ~ Lori C