My bank used to allow email 2fa or SMS, but they recently dropped support for email. I don’t love using email for 2fa but since my email is itself protected with non-SMS 2fa I thought it was the best of the two bad options. Now I’m sad. Ideally my bank would support the FIDO standard and I would use a compatible hardware token.

In the case of Schwab it's only with their app. If I wanted a geolocation leash up my ass I wouldn't be complaining about this: if they don't trust me as a customer then screw them, I'll find a bank who does. Schwab's notion of non-SMS 2FA is their app. I want to use my laptop on a VPN using a FIDO key or TOTP and Schwab doesn't support this.

Do you happen to know if they allow you to also totally disable SMS 2FA?

I know that Vanguard, for instance, supports non-SMS 2FA but doesn't let you disable SMS as a fallback (and I'd rather not just totally remove all phone numbers, but maybe I have to...).

I believe you can remove SMS fallback now on Vanguard.

Neat, thank you! I'll give it a try.

Yeah, in Fidelity SMS 2FA is disabled for me. Fall back is to call them to get into my account. Don’t know about Schwab.

I had their non-SMS Symantec 2FA set up a couple years back, but turned it off cause I couldn't figure out how to disable the SMS fallback. Every time I got a new device and wanted to set up the Symantec TOTP generator they would just send me a SMS for validation. So I just told them to turn off the Symantec part.

Maybe they've changed their policy since then. But when you call to get set up on a new device, how do they verify your identity now if you don't have SMS fallback?