Multi-factor authentication (MFA) on bank feeds
If your financial institution requires more information than just a username/access ID and password to log into their online banking, you may be required to submit this information to sync your accounts. This is known as Multi-Factor Authentication (MFA) 🔐
In this user guide
Types of multi-factor authentication
There are three general types of multi-factor authentication: a security question, a security token, or a security image.
- Security Question is when additional questions are asked when you log into your online banking; these questions will often be set up when you first sign up for internet banking. When you answer a security question, the answer is remembered for future access, so you don't need to enter answers each time you log into PocketSmith.
- Security Token is when you have a special keychain access token, often 4 - 6 digits in length. This is requested when your bank feed attempts to refresh when you log into PocketSmith. The
tokencode provided changes around every 2 minutes, so it cannot be stored for future use.
- Security Image is when you are asked to enter the characters displayed to you in an image, around 4 - 6 characters in length. This will likely be requested of you every time you log into PocketSmith, and your bank feed attempts to refresh unless arrangements have been established between the bank feed provider and your bank.
How to enter security information
When the security information arrives from your bank feed, you will be presented with a pop-up in PocketSmith asking for the required security information. This will happen when your bank feed attempts to perform a sync while you are logged into PocketSmith.
When is security information is requested?
If security information is required for your bank feed, it will be requested from you when your bank feeds are synced. A feed sync will be triggered when:
- You first add a bank feed to your account
- You sign in to PocketSmith
- Manually sync a bank feed
If the bank feed provider requires security information from you to perform the sync, you'll be asked generally about 30 seconds to a minute after the sync has started.
Why is my multi-factor authentication bank not asking anything when adding it to the bank feed?
Yodlee can store some types of MFA. This allows them to refresh certain feeds without the security information being re-entered. This can vary between banks, so it possible to have some bank feeds asking for security information and others happily syncing.
How bank feeds with MFA are synced
It's important to note that bank feeds listed as using MFA can only be synced (refreshed) by logging into your PocketSmith account. This differs from non-MFA bank feeds which are updated automatically according to PocketSmith's syncing schedule.
This means you will need to log in regularly in order to ensure your transactions are up-to-date.
For more detail on this please see: Updating bank feeds that use multi-factor authentication (MFA)
Issues with MFA
If you are finding the MFA prompts problematic while using PocketSmith, you may be able to deactivate MFA for your accounts with your bank. However, please consider this carefully as it does reduce the security of your bank account.