[zkms]

> I can't speak for the US, but most European banks I've seen require 2FA for almost any non-read-only action. You need either an app, or a tiny machine that authenticates against your (chip) debit card.

I have multiple US bank accounts and none of them have anything approaching that, it's kind of pathetic.

[helper]

Vanguard supports U2F.

[ThrustVectoring]

Note that Vanguard requires you to enable SMS two-factor authentication first. Security is only as strong as the weakest link - even if you use U2F for the security challenges, an attacker can still hijack your phone number and use that to answer the challenge.

It's still a good sign, but not good enough IMO. Unfortunately other places aren't any better.

[ztjio]

In theory, if you're worried about SIM hijacking, you could use something like Skype SMS, and secure your access to Skype by 2FA on the associated Live account.

Perhaps there are services to choose from as well, but, I'd take great care in determining trust here.

[cbhl]

I was under the impression that Vanguard's U2F fails open if your password is over eight characters long. Is that still true?

[helper]

This is not true.