Client Site 2FA: Enrollment Update Released

Enrollment into 2-Factor Authentication (2FA) is now required for the Advisor Site and Client Site. Advisors, their support staff and clients currently opting out of 2FA will be prompted to enroll the next time they log in. 

But don’t worry – neither you nor your clients will be required to enter a security PIN every time you log in.

Our “Standard Security” default uses a risk-based approach that intelligently monitors your and your clients log in activity, which will typically only require a PIN upon your first login.

With online security threats and large data breaches happening more often every year, it’s important to ensure your clients that their cutting-edge wealth management technology employs the highest security measures in order to safeguard their financial data.

Visit this page learn more about mandatory enrollment in 2FA for clients.

Why are we requiring all advisors and clients to enroll?

eMoney is truly looking out for our clients’ best interests in deploying this technology, as this is the type of risk-based authentication that large financial institutions leverage in order to protect their clients. We know that the greatest risk to you is the security of your data and your clients’ data. We strive to be at the forefront when it comes to a rapidly-changing security environment.

Rather than allowing advisors and clients the opportunity to opt-out, we are offering two levels of Security: Standard, which is adaptive and will only prompt for a PIN when a login exceeds a risk score threshold (which rarely occurs); or High which is available for those clients who place a premium on security and want to be prompted at each login.

What will my clients need to do if they have not yet opted-in?

Clients who have not yet enrolled in 2FA will be prompted to enroll the next time they log in, and will no longer have the option to skip. But that doesn’t necessarily mean they’ll need to enter their PIN every time they log in.

Our “Standard Security” option is the default setting. Standard Security uses “Adaptive Authentication” – a risk-based approach that intelligently monitors your and your clients log in activity, which will typically only require a PIN upon your first login. Based on your past activity (previous logins, device profiles, country, time zone, etc.), Adaptive Authentication steps up security to require 2FA on your account only when it identifies high-risk activity, or activity outside your clients’ usual behavior.

Though the default security will be set to Standard at release, you can update this to High in your global advisor Settings if you want your clients to use 2FA every time they log in.

Pro Tip: Your default setting determines which level of security your clients will start with, but they can change this at any time from inside their Client Website Settings.

How do clients enroll?

Enrolling in 2FA is simple. Here are the steps they’ll need to follow:

  1. Clients will simply log into their personal financial management site on or any time after June 13.
  2. They’ll then be prompted to enter their mobile phone number to receive a PIN code.
  3. Finally, they’ll need to enter that PIN code to be securely signed into their personal financial management site.

By default, at release, your clients will only need to enter their PIN code once upon their first login and will not be prompted again unless high-risk activity is identified. Once enrolled in 2FA, your clients can adjust their security level to High Security under Settings -> Security.

What is the difference between “Standard Security” and “High Security”?

Standard Security uses adaptive risk-based scoring, which only requires you to enter their PIN when “high-risk activity” has been identified. Standard Security is offered to advisors (and your clients) by default– even if you’ve previously enrolled in 2FA – and typically only requires a PIN upon first login. It is only triggered again if our system detects a security threat. This option is best used if you’d like enhanced security but prefer the convenience of avoiding a PIN each login.

High Security will require clients to enter their PIN every time they log in. This option is recommended for clients who prefer the highest level of security available.

How is “high risk activity” defined?

Standard Security uses risk-based authentication to look for unusual and suspicious login activity. Users who are accessing their personal financial management sites in a manner consistent with their typical behavior will rarely be prompted to enter a PIN. However, there are certain circumstances where users may inadvertently trigger our security system on their own.

For instance, a client who logs into their website for the first time from a new device, or attempts to log in while traveling outside the country may be required to enter their PIN.

Does anything change if my clients have already opted-in?

By default, your clients will be enrolled in Standard Security, which will only require a PIN upon their first login and if “high risk” behavior is identified. Clients who have previously enrolled in 2FA will be automatically switched from High Security to Standard Security. If a client is already enrolled in 2FA and wants to continue to use High Security their security settings must be updated.

  • Advisors can set clients to “High Security” on the Advisor Site by clicking Manage Client Website and toggling to High under Security. 
  • Clients can change their security preferences in their Client Website under Settings -> Security

How are client security settings managed?

Clients can adjust their security level by clicking on Settings on the Client Site.

Advisors can manage the default security for new client websites in their global Settings. They also have the ability to approve one-time access or adjust the security level for their clients under Manage Client Website.

What if my clients have an international number?

With this update, international phone numbers are supported. Anyone with an international phone number must enter + and the country code before their phone number.

How should I position this update to my clients? 

It’s important to remind clients that these changes have been implemented to protect the security of their information. We know that the greatest risk to your clients, is the security of their data. We strive to be at the forefront when it comes to a rapidly-changing security environment.

For more help positioning these changes to your clients, refer to our sample language below:

Questions about our 2FA enrollment update?  Call us at 888-362-8482 or send us an email.

Joseph Pearson

Written By

Joseph Pearson is a Client Communications Strategist with eMoney Advisor, LLC. A three-time eMoney Wingbowl Champion, one-time Chili Cook-off Runner-up and Gold Stevie® Award-winning Front-Line Customer Service Professional of the year for 2016 - Joe is a proud father, devoted husband, and he always tries turning it off and back on again before calling IT.