I was told by personnel at a local Fidelity branch that they supported the use of hardware tokens despite no mention of it on their web site. However, when I called Fidelity Investments Security Center customer service with set up questions I was told they no longer support using hardware tokens. I pressed further that I was told otherwise but the representative was emphatic. Fidelity Investments web site indicates the basis of their multifactor authentication is Symantec's VIP Access. VIP Access can support use of hardware tokens although only a couple of bespoke Yubico USB tokens are available (Symantec links to direct purchase through Amazon). It looks like two other hardware tokens used to be an option (type that displays 6 digit code) but can no longer be ordered. It appears Fidelity's 2nd factor process required the user to enter the code displayed by the key. Whether Fidelity couldn't or wouldn't implement a change to their validation process to accept a key supplied by a USB token is unclear but it appears Symantec discontinued supporting the use of tokens that display the code or, perhaps, deny there use going forward. Other corporate clients of VIP Access (such as Schwab) do support the use of the USB token.