Deter Fraudsters with Multi-Factor Authentication

USAA Community Cyber Security Video.jpgWhat do you think is more secure- a complicated password or a 4-digit pin?

 

Watch as Mike Slaugh from USAA Financial Crimes Prevention shares how multi-factor authentication can provide an extra layer of security to your accounts. 

[video]

 

Learn more at usaa.com/securitycenter

 

 

 

42 Comments
DryMutter
New Member

@

Old soldier
Occasional Contributor

Agree that it's well past time to implement MFA.  Not sure that the proposed solutions are adequate or workable.  You might want to consider adding an option for a one-time code, which is pushed to the account holder via phone call (not text).  One of the investment firms with which I have a substantial account already does this, and it works great.

 

Apps and text messages only work if you have one of those smart-phones and its associated expensive data plan.  Email works fine, but only if I'm sitting at my computer.  Biometrics require additional hardware which costs money, are not practical away from home, and (in my experience) are less than reliable.

 

So what happens when the USAA customer needs to access his account, away from home?  This exact situation occured to me in 2020 BC (Before COVID).  I was almost 1000 miles from home, and despite having the travel alert authorized, USAA disallowed a transaction on my credit card.  It took almost 20 minutes to reach a human customer service representative.  Fortunately I was carrying some emergency cash, which allowed me to fuel-up and get back on the road.  With MFA as it is currently envisioned by USAA, I would be stuck -- no text capability, no email capability, no biometrics.  And no customer service rep.

Good intentions, but needs some additional thought.

ScoJay
New Member

I'm here searching for information about how I might be able to use Yubikey for authentication for USAA.  As I get more security conscious, I'm concerned about how I've re-used passwords and can't remember them for sites I've used, etc.  I purchased a Yubikey and I'm learning how to use it in the hopes of improving my security, and of course, banking would be an area where security is paramount.

USAA Social Service
USAA Service
USAA Service

@ScoJay, thank you for reaching out. At this time we do not have any updates regarding the use of Yubikey for authentication for USAA. You may find additional helpful information regarding protecting your accounts at our Security Center at http://USAA.com/securitycenter. You may also contact our website customer support at 877-632-3003. Thank you. - Robyn

sck26
New Member

Does CyberCode Token authentication use TOTP (RFC 6238) codes?  I'm considering using this two-step authentication method for USAA but don't want to download yet another authenticator app (Symantec).  TOTP is supported by Google Authenticator, Authy, Yubico Authenticator, to name a few.  Basically, I'd like to get a QR code or the equivalent string to put into an existing TOTP generator.  Thanks!

7Dave7
New Member

Another vote for YubiKey/hardware key support. Text messages for 2FA are not as secure. 

Briana Hartzell USAA
Administrator
Administrator

Thanks @7Dave7,

I'll make sure your feedback is shared. Thank you for taking the time to post. 

Ondart
New Member

I too would find the additional security option to use my Yubikey for USAA 2FA authentication very beneficial.  Please add my vote for Ybukey 2FA.

witz
New Member

So let's get this straight...USAA took credit for being a cybersecurity prioneer two and a half years ago and there has been no visible change or progress in this area.  Can't believe there is still no security key (e.g., Yubikey or Titan) yet.  Stop funding commercials and sponsoring football games and get on with the buisiness of supporting customers!  USAA has lost its way in so many areas.  This is just another one... Let's get back in the game USAA!

SergThePurge
New Member

The texts to the phone are cool.... and so is Quick Access. But everyone that gives an iota of concern about their security are moving to physical 2FA keys (aka Yubikey & others).