All Financial Education

What Is Multi-Factor Authentication (MFA) and How Can It Protect My Bank Account?

October 12, 2023

Did you know that two of every three Americans use the same password for several important accounts? Worse yet, one in every two Americans had their internet accounts breached in 2021 alone.

Eva Vasquez, President and CEO of the Identity Theft Resource Center, recently said, “Too many people find themselves between criminals and the organizations that hold consumer information. Many of the cyberattacks committed are highly sophisticated and complex, requiring aggressive defenses to prevent them.”

But there is good news amidst the doom and gloom: You can thwart most attacks with a simple free tool, one that you’re probably already familiar with — multi-factor authentication (MFA). Chances are, you’re already using MFA in your everyday life. The question is, are you using it to its full potential?

What is multi-factor authentication?


Multi-factor authentication (or two-factor authentication) is a security technique that can deter cybercriminals from accessing your accounts. It requires you to verify your identity twice — once with your login credentials and again with a different method.

An infographic that describes the three types of MFA protection:
Something you know: This could be a password, PIN, security question, etc. To be effective, this method should be something that only you know and is hard for others to guess. Never use easily accessible info (name, birthday, anniversary, etc.) as a password or PIN.

Something you have: This is a physical device that a hacker is unlikely to have access to, like your smartphone or security badge. When a system requires you to enter a one-time passcode from your phone, that’s MFA. If you ever receive a one-time code out of the blue, a hacker may be trying (and likely failing) to access your account, which is a great cue for you to change your login info.

Something you are: This involves biometric data, like your fingerprint, facial recognition, or retinal scan. This is arguably one of the most secure examples of MFA; after all, it’s a lot harder for a hacker to have your face than your phone or password.

Authentication methods tend to fall into three distinct categories:

  • Something you know: This could be a password, PIN, security question, etc. To be effective, this method should be something that only you know and is hard for others to guess. Never use easily accessible info (name, birthday, anniversary, etc.) as a password or PIN.
  • Something you have: This is a physical device that a hacker is unlikely to have access to, like your smartphone or security badge. When a system requires you to enter a one-time passcode from your phone, that’s MFA. If you ever receive a one-time code out of the blue, a hacker may be trying (and likely failing) to access your account, which is a great cue for you to change your login info.
  • Something you are: This involves biometric data, like your fingerprint, facial recognition, or retinal scan. This is arguably one of the most secure examples of MFA; after all, it’s a lot harder for a hacker to have your face than your phone or password.

How can multi-factor authentication protect my financial accounts?

Passwords can be stolen, guessed, or hacked. In fact, the top 200 most common passwords are surprisingly easy to guess — most can be cracked in less than a second.

Multi-factor authentication adds an extra layer of security against unauthorized access. Even if someone steals your login information, they won’t be able to access your account without the second authentication method, which is usually in your possession.

To maximize your security, make sure you set up MFA on your email. Your email contains loads of personal information and is often one of the easiest accounts to hack. Besides, if a hacker has access to your email, they can sidestep any MFA prompt that gets sent there. Learn how to set up MFA on Gmail or Outlook.

Quick Tip: When possible, choose to send MFA notifications to your phone or another physical device. Frauds have a much harder time accessing your texts than an online account.

How do I use MFA on my eBranch Online Banking account?


Your personal and financial information are worth protecting. If you’re not already using multi-factor authentication on your accounts, it’s time to change that. MFA can beef up your security in minutes. It’s generally free to use and is often offered on the sites you visit every day.

How to set it up on your smartphone

A preview of the instructions (listed below) on how to set up MFA on mobile for ICCU eBranch.

Log in to your eBranch account (on a trusted device, as always).

To receive push notifications whenever someone logs in to your account, click More > Tools and Services > Alerts > Authentication. Choose to be notified via email and/or push notification.

To use facial recognition as your phone login, click More > Tools and Services > Settings > Security > Biometrics. Toggle on the “Use Biometric ID” switch.

How to set it up on your desktop

A Macbook that shows users how to add multi-factor authentication (MFA) to their eBranch account.

Log in to your eBranch account at the top right of your screen. If this isn’t your personal computer, do NOT click “Remember me.”

On the top of the screen (below the green header), you should see the navigation menu. Click Tools and Services > Settings > Security. Scroll to the Two-Factor Authentication section and toggle the blue switch on. Then choose the type of MFA you’d like.

Don’t want to go through the hassle of digging through your settings? Swing by a branch or call us during business hours. We’d love to help you protect your accounts, one step at a time. If you’re ready to learn more about internet security, scroll through our Security Center. Trust us, your future self will thank you.

Primary Sources

“2021 Annual Data Breach Report Sets New Record for Number of Compromises.” Identity Theft Resource Center (ITRC), January 24, 2022.

“2022 Annual Data Breach Report Reveals Near-Record Number of Compromises.” Identity Theft Resource Center (ITRC), January 25, 2023.

“CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks.” CISA – America’s Cyber Defense Agency, February 28, 2023.

“Multi-Factor Authentication Fact Sheet.” CISA – America’s Cyber Defense Agency, January 2022.

Neskey, Corey. “Are Your Passwords in the Green?” Hive Systems, April 18, 2023.