Multi-factor authentication (MFA) on bank feeds

If your financial institution requires more information than just a username/access ID and password to log into their online banking, you may be required to submit this information to sync your accounts. This is known as Multi-Factor Authentication (MFA) 🔐

In this user guide

Types of multi-factor authentication


There are three general types of multi-factor authentication: a security question, a security token or a security image. 

  • Security Question is when additional questions are asked when you log into your online banking; often these questions will be set up when you first sign up for internet banking. When you answer a security question, the answer is remembered for future access, so you don't need to enter answers each time you log into PocketSmith.
  • Security Token is when you have a special keychain access token, often 4 - 6 digits in length. This is requested when your bank feed attempts to refresh when you log into PocketSmith. The  token  code provided changes around every 2 minutes, so cannot be stored for future use.
  • Security Image is when you are asked to enter the characters displayed to you in an image, around 4 - 6 characters in length. It is likely that this will be requested of you every time you log into PocketSmith and your bank feed attempts to refresh unless arrangements have been established between the bank feed provider and your bank.

How to enter security information

When the security information arrives from your bank feed, you will be presented with a pop-up in PocketSmith asking for the required security information. This will happen when your bank feed attempts to perform a sync while you are logged into PocketSmith.


When is security information is requested?

If security information is required for your bank feed, it will be requested from you when your bank feeds are synced. A feed sync will be triggered when:

  1. You first add a bank feed to your account
  2. You sign in to PocketSmith
  3. Manually sync a bank feed

If the bank feed provider requires security information from you to perform the sync, you'll be asked generally about 30 seconds to a minute after the sync has started.


Why is my multi-factor authentication bank not asking anything when adding it to the bank feed?

Some types of MFA are able to be stored by  Yodlee. This allows them to refresh certain feeds without the security information being re-entered. This can vary between banks, so it possible to have some bank feeds asking for security information and others happily syncing.


Issues with MFA

If you are finding the MFA prompts problematic while you are using PocketSmith you may be able to deactivate MFA for your accounts with your bank. However, please consider this carefully as it does reduce the security of your bank account.

Still need help? Contact Us Contact Us