Fidelity Investments: Two-Party Authentication Security Protocols Explored

Fidelity Investments offers multi-factor authentication (MFA) to its users, which can be set up by visiting the Security Centre on the website or app. This is an extra layer of security that requires more than just a password to confirm your identity before accessing your account. Users can choose to receive a one-time security code by text or phone call, or use an authenticator app, such as Google Authenticator or Microsoft Authenticator.

How to set up two-factor authentication for Fidelity Investments

Yes, Fidelity Investments offers two-factor authentication (2FA) to enhance the security of your account. Here is a step-by-step guide on how to set up 2FA for your Fidelity Investments account:

Step 1: Download the Fidelity Investments Authenticator App

Before setting up 2FA, you need to download the official "Fidelity Investments" authenticator app on your device. You can find this app by searching for it in your device's app store (Apple or Android). Alternatively, you can scan the QR code provided on the Fidelity website to download the app.

Step 2: Enable Two-Factor Authentication

Once you have downloaded the app, you can enable 2FA by visiting the Security Center in your profile settings. Scroll down to the "Security Center" section and turn on the "Multi-Factor Authentication" option.

Step 3: Set Up Your Preferred 2FA Method

Fidelity Investments offers various methods for 2FA, including:

• Push notifications: This method relies on biometrics, such as fingerprint or facial recognition, and sends a notification to your mobile device that allows you to verify or deny a login attempt. To enable this, ensure your device has biometrics set up, download the Fidelity Investments app, turn on device notifications, and enrol in biometrics.
• Authenticator apps: These apps add an extra layer of security by requiring a verification step beyond your username and password. You can download the authenticator app of your choice, as Fidelity supports most authenticators. Once enrolled, you will be prompted to enter a time-sensitive code from the app after entering your username and password.
• One-time security code by text or call: Fidelity can send a unique 6-digit security code to your phone via text or voice call. You will need to enter this code to verify your identity when logging in.

Step 4: Review Trusted Devices

It is recommended to review your list of trusted devices and remove any unrecognized devices. The next time you log in from a trusted device, you can choose to "trust" it, so you won't be asked to complete 2FA every time from that device.

Step 5: Update Your Contact Information

Ensure that your contact information, including your email address and mobile phone number, is up to date. This helps Fidelity reach you in case of any suspicious activity and supports certain 2FA methods, such as receiving security codes via text or call.

By following these steps, you can enhance the security of your Fidelity Investments account and protect your sensitive information.

The benefits of two-factor authentication

Fidelity Investments offers two-factor authentication (2FA) to enhance the security of your account. This added layer of security helps protect against unauthorized access.

Increased Security

An extra step at login helps prevent scammers from accessing your accounts and data. Even if someone has your login information, two-factor authentication can give you a heads-up if someone is trying to log into your account without your permission. This is especially important in cases where money could be transferred out of your account.

Improved Control Over Access

Multi-factor authentication helps organizations better control who has access to sensitive or confidential data. By using two or more factors, it limits access and ensures that only authorized individuals can access the information.

Variety of Choices

Multi-factor authentication offers a range of choices to meet your security needs. It is made up of three common credentials: what the user knows (a password), what the user has (a security token), and who the user is (biometric verification). The specific credentials and the breadth of access can be adjusted to meet the logistical and security needs of a company or individual.

Regulatory Compliance

Multi-factor authentication helps meet regulatory requirements for handling sensitive information. For example, HIPAA compliance requires that all access to ePHI is for authorized personnel only, and multi-factor authentication accomplishes this by preventing unauthorized access.

Reduced Password Risks

Passwords can be easily cracked, guessed, or duplicated and shared. Multi-factor authentication takes away these risks by adding an extra layer of security, making it less likely that a hacker can gain access to your accounts or sensitive information.

How to recover your account if you lose access to your two-factor authentication code generator

Fidelity Investments offers its users multi-factor authentication (MFA) to boost their account security and prevent unauthorized access. This includes the use of two-factor authentication (2FA) code generators, which provide an additional layer of security by requiring users to enter a time-sensitive code along with their password when logging in.

If you lose access to your 2FA code generator, you can follow these steps to recover your Fidelity Investments account:

• Contact the Fidelity Investments support team for assistance. They will guide you through the account recovery process and help you regain access.
• If you have previously set up backup codes, you can use these unique, one-time codes to log in to your account and restore access. It is recommended to store these backup codes securely offline, such as on a USB stick or external disk drive, rather than in your emails or notes.
• If you have lost the phone used for 2FA, try calling your phone network and transferring your old number to a new phone. You will need a new SIM card, and it may take a day or two for the transfer to be completed. Once your old number is active on your new phone, you can receive 2FA verification codes as usual.
• If you have set up a backup phone during the initial 2-step verification process, you can choose the "Try another way to sign in" option and have your verification code sent to your backup phone.
• Set up 2FA on a secondary device as a backup. You can use authentication apps like Authy and Google Authenticator, which allow you to scan a unique QR code for verification.
• Contact customer service for further assistance. They may ask you to confirm your identity by answering security questions or providing proof of ID.

Remember to keep your contact information, including your email address and mobile phone number, up to date with Fidelity Investments. This will help them reach you quickly in case of any suspicious activity and ensure that you can receive notifications or alerts if someone attempts to access your account without authorization.

Recommended security keys and passkeys

Fidelity Investments offers multi-factor authentication (MFA) to boost your account security and prevent unauthorised access. While there are no specific recommendations from Fidelity on which security keys or passkeys to use, here are some general recommendations for security keys and passkeys that can be used for two-factor authentication (2FA) or MFA.

Security Keys

• Yubico Security Key C NFC: This security key is affordable and compatible with most sites and services that support security keys. It can store passkeys and supports NFC for wireless communication with your phone. Yubico provides excellent onboarding materials and customer support.
• Yubico YubiKey 5C NFC: This security key is pricier but offers more advanced features, such as supporting multiple authentication protocols and the ability to be used for logging into computers. It also supports OpenPGP for signing and encrypting.
• Google Titan Security Key: This key supports NFC and can store up to 250 passkeys. It works with most MFA devices but may have some issues with certain phones. It is manufactured in China, which may be a consideration for some users.

Passkeys

Passkeys are a form of passwordless authentication that does not require a traditional password. They are considered more secure than passwords as they are less susceptible to attacks, and there is nothing to type or enter, reducing the risk of theft, phishing, or interception. Passkeys consist of a public and private key, and your private key never leaves your device.

While passkeys offer enhanced security, it is important to ensure they are managed and stored securely. For example, if a user opts to store passkeys in a password manager and then uses a weak password for that manager, the security of the passkeys is compromised. Therefore, user education on secure practices is vital.

In conclusion, while there are no specific recommendations from Fidelity, the above-mentioned security keys and passkeys can provide enhanced security for your Fidelity Investments account when used in conjunction with other security measures.

How to enrol an authenticator app through the Fidelity mobile app

Yes, Fidelity Investments offers two-factor authentication (2FA) to enhance the security of your account. To enrol an authenticator app through the Fidelity mobile app, follow these steps:

• Open the Fidelity mobile app and select the Profile icon.
• Select General Settings and then select Authenticator App.
• Toggle the Authenticator App on.
• Copy the secret key.
• Follow the instructions provided by your chosen authenticator app to connect it to your Fidelity account using the secret key.
• Return to the Fidelity mobile app and select Next.
• Paste the 6-digit code from the authenticator app to complete the enrolment process.

Once enrolled, you will be required to enter a time-sensitive code from your chosen authenticator app each time you log in to your Fidelity account, in addition to your regular username and password. This adds an extra layer of security to protect your account from unauthorised access.

Frequently asked questions