Client 2FA is Coming May 2

In today’s digital era, online security threats are advancing rapidly. With large data breaches happening every year, it’s more important than ever to improve the way we secure your clients’ financial data.  That’s why 2-Factor Authentication is so important. By adding an additional layer of security to the account log-in process, some of the most common security failures can be prevented.

What is Client Site 2-Factor Authentication?

2-Factor Authentication (2FA) is a complete fraud detection platform that uses a dynamic risk and rules-based approach to identify high-risk behaviors and initiate an additional layer of security. With 2FA, clients are required to log into their Client Website by not only entering their username and password, but also a verification code that’s sent to their mobile phone.

What will my clients need to do?

Enrolling in 2FA is simple. Here are the steps they’ll need to follow:

  1. Simply log-in to their personal financial management site on or any time after May 2nd.
  2. They’ll then be prompted to enter their mobile phone number to receive a PIN code.
  3. Finally, enter the PIN code to complete activating 2FA.

Will my clients be required to enable 2-Factor Authentication?

No – for now, your clients can skip the enrollment process. However, an update to 2FA will require all clients to enroll in June. Next month, adaptive technology will intelligently monitor log in activity and will only prompt for 2FA when it identifies at-risk behavior. Advisors and clients will have the option to choose between Standard (adaptive) and High (mandatory) 2FA settings.

When is 2FA releasing?

This new functionality will release on May 2nd, 2017.

Will clients be required to enter their mobile PIN every time they log in?

For now, clients who enroll must enter their mobile PIN with every login. In June, clients will have a choice between mandatory log-in 2FA (High Security) and an intelligent adaptive system that will only require clients to enter their verification code if it recognizes “high-risk behavior” (Standard Security). For example, if a client has logged in at their home location, and across the country shortly thereafter, clients will be required to enter a verification code.

How do clients enroll in 2-Factor Authentication?

Clients will automatically be prompted to enroll in 2-Factor Authentication upon logging in for the first time after May 2nd.  At any time, they can adjust their primary and recovery phone in their Client Website settings.

What if my client loses their phone?

Clients can set up a recovery phone if their primary phone is lost, stolen, or broken. This recovery phone is not required to be a mobile device.  In addition, advisors have the ability provide them with a temporary access code from their client website settings.

Can I turn off 2-Factor Authentication?

Throughout May, advisors and clients can choose to disable 2FA.  In June,  all clients will be required to enroll in 2FA and choose between the standard (adaptive) or high (mandatory) security level.

What if my client has an international phone number?

International phone numbers are not supported in 2FA.

What if my client does not have a mobile phone?

Clients without a mobile phone can request a phone call to a landline.

How should I position this change to my clients?

We’ve created several sample client emails for your convenience: one to let your clients know 2FA is coming soon, and another to announce that it is now available

Joseph Pearson

Written By

Joseph is a Customer Marketing Specialist at eMoney Advisor.