Multifactor Authentication (MFA)
An extra layer of security for your accounts
The security of your information is one of our top priorities. RBFCU offers MFA as an extra layer of security when you sign in to your Online Banking account and on the RBFCU Mobile® app.
If you choose to enable MFA, RBFCU will use it to verify high-risk sign-in attempts for your account. For example, if you get a new phone, RBFCU will prompt you to provide your MFA code the first time you try to sign in to your Online Banking account, just to make sure it’s really you. You’ll also have the option to use MFA every time you sign in, which greatly strengthens your account’s security.
Benefits of using MFA with your RBFCU account
MFA makes it far more difficult for a fraudster to gain unauthorized access if they obtain your password.
MFA helps RBFCU verify your identity, and gives us another line of defense in protecting your account.
Using MFA every time you sign in to your Online Banking account greatly strengthens your account’s security.
How to set up MFA
To enable MFA for your account, sign in to your Online Banking account and visit the Multifactor Authentication page, or sign in to the RBFCU Mobile app.
- After you sign in, select the profile icon
- Select “Profile Settings”
- Select “Security Center”
- Select “Multifactor Authentication (MFA)”
- Under the “Authenticator App” section, select “Set Up Multifactor Authentication”
- You will be prompted for an OTP via text message or phone call to verify your identity. Select an option, then enter the code
- If you haven’t downloaded an authenticator app, you’ll be prompted to choose between Microsoft Authenticator and Google Authenticator. If you’ve already downloaded an authenticator app, select “Next” to skip this step
- On your device, add a new account in your authenticator app
- Then, scan the provided QR code or copy the 32-digit written code from your Online Banking account to verify your account in the authenticator app
- Enter the 6-digit code generated by the authenticator app in Online Banking, select “Enroll” to complete the setup and finally select “Submit”
- You’re done! You’ll receive a text message and/or email Alert to confirm your enrollment. On the success screen, you’ll be given a 16-digit recovery code. Save this code in a secure location so you’ll still be able to sign in to your Online Banking account in the event you lose access to the authenticator app — for example, if your device is lost, damaged or stolen
After enabling MFA, you can choose to be prompted for a 6-digit MFA code every time you sign in to your Online Banking account. This is optional — but highly recommended — since MFA greatly strengthens your account’s security. To manage this option, visit the MFA page in your Online Banking account.
Remember: RBFCU will never initiate a phone call, email or text message asking you to provide your authenticator code or recovery code. Do not provide these codes to anyone.
-
What is multifactor authentication?
Multifactor authentication, or MFA, means providing two or more pieces of information in order to sign in to an account. You may also see this called two-factor authentication, or 2FA, when only two pieces of information are required. In most cases, this means you’ll need a one-time passcode (OTP) when you sign in, as well as the account password you’ve chosen. The code is sent to you via text message, email or phone call, or provided to you by another app, and typically expires after 30 seconds.
Combining a strong password with an OTP means it’s far more difficult for a fraudster to gain unauthorized access to your account with just your password, making MFA a highly recommended form of account security available for consumers.
-
How does RBFCU's MFA work?
To use MFA, you’ll need to download an authenticator app to your device. After you set up the authenticator app and enable MFA in your Online Banking account, RBFCU will use MFA to verify high-risk sign-in attempts. For example, if you get a new phone, RBFCU will prompt you to provide your MFA code the first time you try to sign in to your Online Banking account, just to make sure it’s really you. Asking for MFA in these situations lets RBFCU verify your identity, and gives us another line of defense in protecting your account from fraudsters.
You’ll also have the option to use MFA every time you sign in to your Online Banking account, which greatly strengthens your account’s security.
If you’re currently receiving an OTP code or answering a security question every time you sign in to your Online Banking account, enabling MFA will replace these sign-in options.
-
What authenticator apps will work with my Online Banking account?
RBFCU supports Microsoft® Authenticator and Google Authenticator™; choose the app you prefer.
iPhone Users: Download Microsoft Authenticator | Download Google Authenticator
Android Users: Download Microsoft Authenticator | Download Google Authenticator
If you’re already using one of these apps for another account, you’ll be able to add your RBFCU account to the existing app.
-
How do I set up MFA with an authenticator app for my Online Banking account?
To enable MFA for your account, sign in to your Online Banking account and visit the Multifactor Authentication page, or sign in to the RBFCU Mobile app.
- After you sign in, select the profile icon
- Select “Profile Settings”
- Select “Security Center”
- Select “Multifactor Authentication (MFA)”
- Under the “Authenticator App” section, select “Set Up Multifactor Authentication”
- You will be prompted for an OTP via text message or phone call to verify your identity. Select an option, then enter the code
- If you haven’t downloaded an authenticator app, you’ll be prompted to choose between Microsoft Authenticator and Google Authenticator. If you’ve already downloaded an authenticator app, select “Next” to skip this step
- On your device, add a new account in your authenticator app
- Then, scan the provided QR code or copy the 32-digit written code from your Online Banking account to verify your account in the authenticator app
- Enter the 6-digit code generated by the authenticator app in Online Banking, select “Enroll” to complete the setup and finally select “Submit”
- You’re done! You’ll receive a text message and/or email Alert to confirm your enrollment. On the success screen, you’ll be given a 16-digit recovery code. Save this code in a secure location so you’ll still be able to sign in to your Online Banking account in the event you lose access to the authenticator app — for example, if your device is lost, damaged or stolen
After enabling MFA, you can choose to be prompted for a 6-digit MFA code every time you sign in to your Online Banking account. This is optional — but highly recommended — since MFA greatly strengthens your account’s security. To manage this option, visit the MFA page in your Online Banking account.
Remember: RBFCU and RBFCU employees will never initiate a phone call, email or text message asking you to provide your authenticator code or recovery code. Do not provide these codes to anyone.
-
Why do I have to download another app to use MFA?
An authenticator app is required to use MFA. Having a second, separate app to provide the temporary, machine-generated code to sign in is what makes MFA such a strong security feature.
-
Do I have to use MFA with my Online Banking account?
No. If you’re more comfortable using RBFCU’s other options — OTP via text message or phone call, and security questions and answers — you’re free to keep using them. However, MFA is a much stronger security option to protect your account and very difficult for fraudsters to infiltrate.
-
What other MFA options are available for my Online Banking account?
RBFCU also offers the following options when signing in to your Online Banking account on rbfcu.org or the RBFCU Mobile app:
- One-time passcode (OTP) by call or text
- Security question and answer
You can enable these options to prompt every time you sign in to your account.
To enable OTP for your account, sign in to your Online Banking account and visit the Multifactor Authentication page.
To enable OTP in the RBFCU Mobile app:
- Sign in to the app.
- Select the profile icon in the upper-right corner.
- Select “Profile Settings.”
- Select “Security Center.”
- Select “One-Time Passcode.”
- Turn the toggle switch next to “Enabled” to the “on” position.
Note: You must add a valid phone number or mobile number to your Online Banking account to use OTP.
To update your security question and answer, sign in to your Online Banking account and visit the Security Questions and Answers page.
To update in the RBFCU Mobile app:
- Sign in to the app.
- Select the profile icon in the upper-right corner.
- Select “Profile Settings.”
- Select “Security Center.”
- Select “Security Questions and Answers.”
- Follow the prompts to add or update your question and answer.
-
Will I still receive OTP codes via text message or phone call if I enable MFA?
MFA will replace the OTP codes provided via text message or phone call for signing in to your Online Banking account, but you may still be prompted for this type of OTP to complete certain transactions once you’ve signed in.
-
How do I disable MFA with an authenticator app?
To disable MFA, please sign in to your Online Banking account to chat with a Member Service Representative. You can also call us at 210-945-3300 or visit your nearest branch. If you disable MFA, your Online Banking account will revert to the security option — OTP, or security question and answer — you previously had in place.
-
What should I do if I enable MFA and lose access to the authenticator app?
If you lose access to the authenticator app — for example, if your device is lost, damaged or stolen — you can enter your recovery code to gain access to your account. You’ll then be able to repeat the MFA setup process on your device and you’ll receive a new recovery code.
If you’ve lost your recovery code, call the Member Service Center at 210-945-3300 or visit your nearest branch to regain access to your Online Banking account.
-
I've misplaced my MFA recovery code. Can I get a new one?
Yes. If you misplaced your recovery code but still have access to your authenticator app, you can get a new recovery code by visiting the Multifactor Authentication page in your Online Banking account or the RBFCU Mobile app, and repeating the MFA setup.
If you misplaced your recovery code and don’t have access to your authenticator app — for example, if your device is lost, damaged or stolen — call the Member Service Center at 210-945-3300 or visit your nearest branch to regain access to your Online Banking account.
Remember: RBFCU and RBFCU employees will never initiate a phone call, email or text message asking you to provide your authenticator code or recovery code. Do not provide these codes to anyone.
-
What if someone who says they work for RBFCU contacts me to ask for my authenticator code?
RBFCU and RBFCU employees will never initiate a phone call, email or text message to anyone — members or non-members — asking for your sign-in information, including usernames, passwords, security questions and answers, multifactor authentication (MFA) codes, MFA recovery codes and one-time passcodes (OTP), or other personal information, like account, credit card, debit card or Social Security numbers. This includes codes generated for your RBFCU Online Banking account by an authenticator app, and your MFA recovery code. Never provide these codes to anyone, and keep your recovery code in a secure location you’re able to access if your device is lost, damaged or stolen.
RBFCU does not charge a fee for the RBFCU Mobile app, but you may be charged for data by your mobile wireless provider.
All trademarks and brand names belong to their respective owners. Use of these trademarks and brand names do not represent endorsement by or association with RBFCU.
RBFCU and RBFCU employees will never initiate a phone call, email or text message to anyone — members or non-members — asking for your sign-in information, including usernames, passwords, security questions and answers, multifactor authentication (MFA) codes, MFA recovery codes and one-time passcodes (OTP), or other personal information, like account, credit card, debit card or Social Security numbers. Also, RBFCU employees will never need to sign in to your Online Banking account on your behalf. If someone contacts you claiming to be an RBFCU employee and asks you to approve a sign-in request for them, do not respond.
If you receive a suspicious phone call, email or text message, hang up, do not respond to the message, do not click any links, and do not open any attachments. Forward any suspicious emails and text message screenshots to abuse@rbfcu.org, then delete the message. If you believe your account, username or password has been compromised, you should immediately contact RBFCU at 210-945-3300 for assistance. Additionally, members should monitor their accounts regularly and report any suspicious transactions.