Now April 2022, about 6 years since the original post, and no clear communication about when physical security keys like YubiKey will be supported. This is absolutely ridiculous for a banking/financial company that espouses information and account security. This needs to be a priority initiative on USAA's corporate goal tree for 2022. As others have posted here, I'm considering taking my and my family's business elsewhere. 

@Briana and hello to the user community. This is my first post. I'm a brat. I have admin privileges at my website. And I never ever use my login email to communicate or share the address with anyone at all. That helps me keep my accounts secure. When possible I compose a username for an account with an online location requiring a username and password such as many bulletin boards social media systems. When I have the chance I make that username unreasonable and not related to my personal name. If I were an influencer I would want that username to be related to my personality but I'm not an influencer. Then after I compose the username just my typing randomly on the keyboard I compose a password that's equally random including numbers letters and special characters and make sure it's the same in both field. So far I have had very few hacks. Another technique I use for avoiding the blizzard a hacking attempts is to maintain a business telephone account with the name and address of the business not my personal name and address. This has been frustrating in a couple of attempts though to verify my ID for example with ID me. Aside from that I really appreciate the information in the article and hello to all my fellow Army brats. USAA is great and I have been a member for 40 years. I dictated this post with Google Voice.

Hi @MetalWRKR

Thank you for your long time membership and  for the great tips and information you shared! The more we all know about keeping our data safe the better!

 I am glad you found the post helpful and that you took the time to comment. Looking forward to more posts from you here in the USAA Community! Thanks again!

@cyberN8, thank you for reaching out. We truly value your feedback and I will be sure to share your concerns with the appropriate department for further review. Thank you - Robyn

Can someone confirm if we enable MFA with the Cybercode Token and Symantec, that this will disable SMS authentication?

I second what others have posted that we should be able to use Authy\MS\Google Authenticator, not exclusively Symantec.

Thank you for your inquiry @cmburnsy and certainly get your concerns about MFA and will forward your feedback to the appropriate teams.  For more information, you may reach out to our Website Support Center to confirm other authentication preferences interfere with the SMS authentication at 877-632-3002 as well as reviewing usaa.com/securitycenter as well https://bit.ly/3yuPl7R.  ~Marco

I would like to bump this as well, I am very surprised that USAA does not support FIDO2 / Yubikey authentication. I hope that it is added soon.

Thank you for adding your voice to the conversation @CodeBeholder.

Hello @JWay5929, 

I would like your concerns addressed. Our Website Support and Security team is able to assist you via phone at 210-531-8722 "technical support" when prompted. I will forward your message to engage the appropriate area to review your concerns and feedback. 

I wish you a great weekend. 

~ Lori