SGT Lefty
Occasional Contributor

Since I couldn't find a place to submit a feature request, I'll post it here. 


As a user, I would like the option to add 2 fator authentication to my usaa.com account.


SGT Lefty,



Thank you for your feedback. USAA does offer two factor authenticaton; which you can learn about here:


Security Center (general security information)

Enhanced Logon Options (2FA options and Q&A’s included here)


Thanks again for commenting!

I would like to submit Authy as a 2FA application, which is much more secure than Symantec's clunky and privacy-invasive application. Can you add that as well?



Another vote for authy/google authenticator support. Since paypal and ebay have abandoned vip access, nothing else I use needs it. Authy is nice becase you don't have to set everything up again every time you get a new phone.

I'd also really like support for other time based one time password (TOTP) applications besides VeriSign. I use 1Password, but any service like Authy or Google Authenticator are essentially the same. I have all my other TOPT tokens stored in 1Password — USAA is the only site I frequent that requires the use of VeriSign.


Today, I disabled 2FA on USAA because it's very inconvenient to use this one other 2FA app just for this one site. Also, I am unable to connect my budgeting app, YNAB, to USAA when 2FA is enabled (this was brought up in another post in the forum). Again, every other site I use with 2FA, e.g., Twitter, GitHub, Dropbox, AWS (which many banks run on), etc., supports TOPT via third party apps. USAA is the only one that does not.


Based on some cursory research, USAA appears to still be ahead of other banks that only offer SMS based 2FA, which is actually worse than no 2FA and really should not be offered as on option. So while USAA is leading the pack, I'd love it if you pulled even further ahead and were the first bank to support third party TOTP apps.

For the technically-inclined:  One can generate a Symantec VIP Access token using Dan Lenski's fork of cyrozap's python-vipacces, a free and open source software implementation of Symantec's VIP Access client.  The credential type needed for USAA is "VIP Access Mobile (no TrustZone)," for which the applicable prefix is "SYMC." I am using a token generated via this method with Duo Mobile on Android to authenticate to USAA's site.  Duo Mobile holds tokens for a variety of uses, and I no longer need the VIP Access application.



Any chance that you could privde a sample of the command that you used to generate a VIP access token using Dan Lenski's fork fo python-vipaccess?


I have Mac OS and was sucessful with moving my TOTP to Authy.  Don't attempt unless you are comfortable with the terminal, CLI, and installing packages.


I had to install a cloud tool to run the python code using docker.com

Instructions are found here:  https://hub.docker.com/r/kayvan/vipaccess/


I also had to install a QR code generator called qrencode, which I found here:  http://macappstore.org/qrencode/




Install Docker:
If you have Docker installed, you can simply use the Docker image to run the vipaccess tool (note that SYMC is required here):
docker run --rm kayvan/vipaccess provision -p -t SYMC
Credential created successfully:
This credential expires on this date: 2019-01-15T12:00:00.000Z
generate TOTP:
docker run --rm kayvan/vipaccess show -s YOURSECRET
Generate QR code using qrencode (info in quotes will be output of provision commend:

Scan TOTP app like Authy


This is great, you can actually encode the QR code using this website too for any OS:




Just copy the entire message for the OTPAUTH from the first docker container into the text field, create the qr code, and scan it.

This is probably only feasible for someone how can use the command line, but I managed to get this work to move my USAA TOTP to Authy.