Fidelity Investments TOTP
The 7.9.4 release notes say that one-time passwords now work on fidelity.com but I thought Fidelity requires using Symantec's VIP Access authenticator app. How does one set up 1Password to work with Fidelity Investments logins?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Referrer: forum-search:fidelity
Comments
-
Hello @benfdc! 👋
I've looked into this and you seem to be right that Fidelity Investments only supports Symantec VIP Access Tokens at the moment. What appears to have happened in this case is that a user seems to have managed to generate a TOTP one-time passcode from the Symantec VIP Access Token, saved the TOTP one-time passcode in 1Password, and then reported that 1Password in the browser wasn't filling that TOTP one-time passcode on the Fidelity website. The fix mentioned in the release notes refers to the fact that we've fixed the specific filling issue reported by the customer.
However, I'm not aware of the method used by the customer to generate the TOTP one-time passcode in the first place.
I hope that helps. 😊
ref: dev/core/core#11128
0 -
@Dave_1P --
The method of generating the token is explained here:
https://magneticb.github.io/blog/fidelity-2fa-symantec-vip
It's a bit above my pay grade but the instructions seem clear so I may give it a try. I was hoping that those release notes meant that y'all had come up with a simpler solution, but I'm not at all surprised to hear your explanation.
0 -
I'm sorry that the release notes were unclear and I've forwarded your feedback to the team. Regarding Symantec VIP Access: I'm not sure if this is something that we'd be able to build support for into 1Password (since VIP Access is a proprietary service), however I've added your feedback to our internal feature request tracker so that our developers are aware that this is something that you would find useful.
I would caution against using online conversion tools since, being unofficial and unsupported by Symantec VIP Access, the codes generated by these tools might stop working in the future leading someone to be locked out of their account.
Thank you again for bringing this up. 🙂
ref: IDEA-I-666
0 -
You raise a good point with that caution. Some services like Gmail let you generate emergency passwords to use if you lose access to your TOTP token. If Fidelity offers that then there's some protection against the concern that you raise. If not then your point is very well taken!
To clarify, what's described at the link I gave isn't online conversion tools; it's packages that one downloads and then runs locally. I imagine that online conversion tools would raise similar security concerns to online password generators!
Thanks again.
0