Multifactor authentication is an optional security feature (enabled by your FI) that requires independent ways to establish an online user’s identity and access; to achieve multiple factors of authentication, the following criteria must be met: something you know (such as a password), something you have (like a hardware token device), and something you are (your computer's IP address). Your FI may have enabled one of the following multifactor authentication options:
Adaptive Authentication with Challenge Questions
If your FI has enabled Adaptive Authentication, when users enroll, they select a security image, security text phrase, and challenge questions and answers. Whenever they log in, the application displays this picture and phrase so they can be assured they are accessing the real banking site and not an imposter site. The application also checks the user's computer. Adaptive Authentication remembers each computer by assigning a unique identifier to that computer when it is registered. No personal or private data is stored. If a user logs in from a different computer or location, the application takes additional security steps to verify that user's identity by asking him to provide the answer to one or more secret questions.
Adaptive Authentication with Tokens
This option includes Adaptive Authentication and the security image and phrase combination to identify the authentic site to the user, along with a software or hardware token that the application will use to identify and authenticate the user (instead of using challenge questions). Software tokens, which run from the user's Internet browser, generate a single-use login code. The software token generator can be installed on the computers used to access the application or on mobile devices; contact your FI for more information. Hardware tokens are physical token devices that display temporary codes to identify and authenticate the user.
Direct Tokens
Using this authentication option, a hardware device or software application that generates a short-term security code is required in addition to the user's password to log into the application. The hardware token device can be taken to the computer used to access the application, while the software token can be installed on computers used to access the application or on mobile devices. When the user launches the login page, the application will ask for the user name, password, and token passcode (found on the device or displayed in the software token application).