Multifactor Authentication (MFA)

Multifactor authentication, or MFA, means providing two or more pieces of information in order to sign in to an account. You may also see this called two-factor authentication, or 2FA, when only two pieces of information are required. In most cases, this means you’ll need a one-time passcode (OTP) when you sign in, as well as the account password you’ve chosen. The code is sent to you via text message, email or phone call, or provided to you by another app, and typically expires after 30 seconds.

Combining a strong password with an OTP means it’s far more difficult for a fraudster to gain unauthorized access to your account with just your password, making MFA a highly recommended form of account security available for consumers.

Learn more about how MFA works and why you should use it from the Cybersecurity & Infrastructure Security Agency (CISA).

To use MFA, you’ll need to download an authenticator app to your device. After you set up the authenticator app and enable MFA in your Online Banking account, RBFCU will use MFA to verify high-risk sign-in attempts. For example, if you get a new phone, RBFCU will prompt you to provide your MFA code the first time you try to sign in to your Online Banking account, just to make sure it’s really you. Asking for MFA in these situations lets RBFCU verify your identity, and gives us another line of defense in protecting your account from fraudsters.

You’ll also have the option to use MFA every time you sign in to your Online Banking account, which greatly strengthens your account’s security.

If you’re currently receiving an OTP code or answering a security question every time you sign in to your Online Banking account, enabling MFA will replace these sign-in options.

RBFCU supports Microsoft^® Authenticator and Google Authenticator™; choose the app you prefer.

iPhone Users: Download Microsoft Authenticator | Download Google Authenticator

Android Users: Download Microsoft Authenticator | Download Google Authenticator

If you’re already using one of these apps for another account, you’ll be able to add your RBFCU account to the existing app.

To enable MFA for your account, sign in to your Online Banking account and visit the Multifactor Authentication page, or sign in to the RBFCU Mobile app.

1. After you sign in, select the profile icon
2. Select “Profile Settings”
3. Select “Security Center”
4. Select “Multifactor Authentication (MFA)”
5. Under the “Authenticator App” section, select “Set Up Multifactor Authentication”
6. You will be prompted for an OTP via text message or phone call to verify your identity. Select an option, then enter the code
7. If you haven’t downloaded an authenticator app, you’ll be prompted to choose between Microsoft Authenticator and Google Authenticator. If you’ve already downloaded an authenticator app, select “Next” to skip this step
8. On your device, add a new account in your authenticator app
9. Then, scan the provided QR code or copy the 32-digit written code from your Online Banking account to verify your account in the authenticator app
10. Enter the 6-digit code generated by the authenticator app in Online Banking, select “Enroll” to complete the setup and finally select “Submit”
11. You’re done! You’ll receive a text message and/or email Alert to confirm your enrollment. On the success screen, you’ll be given a 16-digit recovery code. Save this code in a secure location so you’ll still be able to sign in to your Online Banking account in the event you lose access to the authenticator app — for example, if your device is lost, damaged or stolen

After enabling MFA, you can choose to be prompted for a 6-digit MFA code every time you sign in to your Online Banking account. This is optional — but highly recommended — since MFA greatly strengthens your account’s security. To manage this option, visit the MFA page in your Online Banking account.

Remember: RBFCU will never initiate a phone call, email or text message asking you to provide your authenticator code or recovery code. Do not provide these codes to anyone.

An authenticator app is required to use MFA. Having a second, separate app to provide the temporary, machine-generated code to sign in is what makes MFA such a strong security feature.

No. If you’re more comfortable using RBFCU’s other options — OTP via text message or phone call, and security questions and answers — you’re free to keep using them. However, MFA is a much stronger security option to protect your account and very difficult for fraudsters to infiltrate.

RBFCU also offers the following options when signing in to your Online Banking account on rbfcu.org or the RBFCU Mobile app:

• One-time passcode (OTP) by call or text
• Security question and answer

You can enable these options to prompt every time you sign in to your account.

To enable OTP for your account, sign in to your Online Banking account and visit the Multifactor Authentication page.

To enable OTP in the RBFCU Mobile app:

1. Sign in to the app.
2. Select the profile icon in the upper-right corner.
3. Select “Profile Settings.”
4. Select “Security Center.”
5. Select “One-Time Passcode.”
6. Turn the toggle switch next to “Enabled” to the “on” position.

Note: You must add a valid phone number or mobile number to your Online Banking account to use OTP.

To update your security question and answer, sign in to your Online Banking account and visit the Security Questions and Answers page.

To update in the RBFCU Mobile app:

1. Sign in to the app.
2. Select the profile icon in the upper-right corner.
3. Select “Profile Settings.”
4. Select “Security Center.”
5. Select “Security Questions and Answers.”
6. Follow the prompts to add or update your question and answer.

MFA will replace the OTP codes provided via text message or phone call for signing in to your Online Banking account, but you may still be prompted for this type of OTP to complete certain transactions once you’ve signed in.

To disable MFA, please sign in to your Online Banking account to send a secure message or chat with a Member Service Representative. You can also call us at 210-945-3300 or visit your nearest branch. If you disable MFA, your Online Banking account will revert to the security option — OTP, or security question and answer — you previously had in place.

If you lose access to the authenticator app — for example, if your device is lost, damaged or stolen — you can enter your recovery code to gain access to your account. You’ll then be able to repeat the MFA setup process on your device and you’ll receive a new recovery code.

If you’ve lost your recovery code, call the Member Service Center at 210-945-3300 or visit your nearest branch to regain access to your Online Banking account.

Yes. If you misplaced your recovery code but still have access to your authenticator app, you can get a new recovery code by visiting the Multifactor Authentication page in your Online Banking account or the RBFCU Mobile app, and repeating the MFA setup.

If you misplaced your recovery code and don’t have access to your authenticator app — for example, if your device is lost, damaged or stolen — call the Member Service Center at 210-945-3300 or visit your nearest branch to regain access to your Online Banking account.

Remember: RBFCU will never initiate a phone call, email or text message asking you to provide your authenticator code or recovery code. Do not provide these codes to anyone.

RBFCU will never initiate a phone call, email or text message to anyone — members or non-members — asking for your sign-in information, including usernames, passwords, security questions and one-time passcodes, or other personal information, like account or Social Security numbers. This includes codes generated for your RBFCU Online Banking account by an authenticator app, and your MFA recovery code. Never provide these codes to anyone, and keep your recovery code in a secure location you’re able to access if your device is lost, damaged or stolen.