Multi-factor authentication (MFA) on feeds
If your financial institution requires more information than just a username/access ID and password to log into their online banking, you may be required to submit this information to sync your feeds. This is known as Multi-Factor Authentication (MFA) 🔐
In this user guide
Types of multi-factor authentication
There are three general types of multi-factor authentication: a security question, a security token, or a security image.
- Security Question is when additional questions are asked when you log into your online banking; these questions will often be set up when you first sign up for internet banking. When you answer a security question, the answer is remembered for future access, so you don't need to enter answers each time you log into PocketSmith.
Security Token is when you have a special keychain access token, often 4 - 6 digits in length. This is requested when your feed attempts to sync when you log into PocketSmith. The code provided changes around every 2 minutes, so it cannot be stored for future use.
Security Image is when you are asked to enter the characters displayed to you in an image, around 4 - 6 characters in length. This will likely be requested of you every time you log into PocketSmith, and your feed attempts to sync unless arrangements have been established between the data provider and your bank.
How to enter security information
When the security information arrives for your feed, you will be presented with a pop-up in PocketSmith asking for the required security information. This will happen when your feed attempts to perform a sync while you are logged into PocketSmith.
When is security information is requested?
If security information is required for your feed, it will be requested from you when your feeds are synced. A feed sync will be triggered when:
- You first add a feed
- You sign in to PocketSmith
- Manually sync a feed
If the data provider requires security information from you to perform the sync, you'll be asked generally about 30 seconds to a minute after the sync has started.
Why is my multi-factor authentication bank not asking anything when its feed syncs?
Yodlee can store some types of MFA. This allows them to refresh certain feeds without the security information being re-entered. This can vary between banks, so it possible to have some feeds asking for security information and others happily syncing.
How feeds with MFA are synced
It's important to note that feeds listed as using MFA can only be synced by logging into your PocketSmith account. This differs from non-MFA feeds which are updated automatically according to PocketSmith's syncing schedule.
This means you will need to log in regularly in order to ensure your transactions are up-to-date.
For more detail on this please see: Updating feeds that use multi-factor authentication (MFA)
Issues with MFA
If you are finding the MFA prompts problematic while using PocketSmith, you may be able to deactivate MFA for your accounts with your bank. However, please consider this carefully as it does reduce the security of your bank account.