For those of you who are using YubiKey and have removed SMS as a 2FA source, does anybody know if Vanguard has closed the mobile app loophole?
Last time I looked (maybe a year ago?) if you didn't have a phone number connected to your account for 2FA, you could:
1) Install mobile app
2) Enter valid username/password
3) It *asks* you which phone number you want to register for 2FA, and then sends the code to that number!
Because of this, one needs to keep a phone number registered for 2FA, unless they have fixed this.
Last time I looked (maybe a year ago?) if you didn't have a phone number connected to your account for 2FA, you could:
1) Install mobile app
2) Enter valid username/password
3) It *asks* you which phone number you want to register for 2FA, and then sends the code to that number!
Because of this, one needs to keep a phone number registered for 2FA, unless they have fixed this.
Statistics: Posted by RonSwanson — Thu Feb 06, 2025 10:57 pm — Replies 237 — Views 32235