It's really a matter of degree. Symantec VIP is technically TOTP with a proprietary provisioning mechanism. The hardware token provides no security of the token itself. Anyone who possesses the token can generate a code. Additionally, many password managers will validate the domain in the browser before offering to fulfill the credentials so it makes it somewhat resistant to phishing attempts. For example I use iCloud Key Chain as my password manager. I have access to my passwords and TOTP codes on all devices and they can be backed up. Safari will only auto fill the credentials once it has validated the domain. It's somewhat easier for a phisher to get your credentials and codes if you are the one manually typing them in because you have to make sure the site you are going to is correct.Why is this better than Symantec VIP? I have the Symantec hardware token and I can use it for both Fidelity and Schwab. The token is kept in a file cabinet beside my computer.
For fidelity specifically they only allow 1 Symantec credential device to be registered per account. If you lose the token or the hardware token eventually breaks, you have to acquire a new one and call fidelity to register it before you can access your accounts.
None of these are overly major by themselves but I think in combination they tip the scales in favor of using standard TOTP with a good password manager over Symantec VIP.
Statistics: Posted by PersonalFinanceJam — Sun Sep 15, 2024 11:30 pm — Replies 26 — Views 2148