Chase.com has removed the ability to verify a new device/browser using email

3 points by anderspitman ↗ HN
Just tried to login to chase.com using a fresh Firefox install. Normally it gives options for email or SMS for 2FA verification. Since SMS is insecure, I've always used email. That option is now missing. Since SMS was the only option left, I tried that, but it doesn't work with my Google Voice number.

According to customer support, email verification was removed for everyone and they've been getting lots of calls about it. Also according to them carriers often block SMS short codes, which makes SMS more error-prone than email.

Anyone know anyone on at Chase engineering? I would love to hear the rationale for removing something as universal as email while leaving insecure SMS as an option.

1 comment

[ 3.2 ms ] story [ 10.0 ms ] thread
The mobile app has a wider range of 2fa options which are unavailable via browser. From a usability standpoint it doesnt make any sense.