Multi-factor Authentication (MFA):
Enhancing the security of your accounts
Cybercriminals see the constant flow of online transactions as an opportunity, and they continually devise new ways to try to exploit digital vulnerabilities. To stay a step ahead of fraudsters and protect your accounts, security measures like MFA are essential.
What is MFA?
MFA is a method that requires users to provide two or more authentication factors to prove their identity before they can gain access to an account.
These typical ways include:
- Answering a security question, like typing a password
- Receiving a text or phone call to your mobile device
- Using your fingerprint or facial recognition (biometric) to confirm your identity
How does MFA protect against fraud?
MFA provides extra layers of security that significantly reduce the risk of unauthorized parties accessing accounts. MFA relies on the premise that while fraudsters may be able to obtain passwords and login credentials through hacking and social engineering, it’s unlikely that they would also be able to supply the additional device or biometric factors required.
MFA is particularly useful in the following scenarios:
- Protecting against social engineering: Scammers often use fake emails (phishing), texts (smishing), or phone messages (vishing) to trick victims into voluntarily providing their sign-on credentials. MFA can prevent them from accessing accounts by requiring an additional piece of information that they cannot provide.
- Preventing unauthorized access through stolen passwords: If a password is compromised, perhaps as part of a data breach or sold on the dark web, MFA helps to ensure the account can’t be accessed with the stolen information alone.
KeyBank uses MFA to help secure financial accounts.
While our clients always have the option to check the "save user ID" box to disable MFA when signing into online or mobile banking from a particular device, we recommend keeping MFA enabled — and keeping your cell phone number current in your account profile.
With MFA enabled, Key will send a text with a one-time passcode to the primary cell phone number listed in your account profile. The client then enters that one-time passcode as an additional security measure.
Important reminder about one-time passcodes:
KeyBank will never call you and ask you for your one-time passcode, and you should never share your code with anyone.
One-time passcodes and other text messages from Key may come from a five- or six-digit number, known as a short code, which you can add to your contacts. See KeyBank’s short codes.
Enhance the security of your KeyBank accounts.
- Sign up for account alerts: Alerts help monitor your account for activity that meets your predetermined criteria and send you text or email notices if that activity occurs. Alerts also immediately notify you of suspicious transactions on your account.
- Regularly monitor your accounts: In addition to reviewing your monthly account statement, routinely check your account online for any unauthorized transactions.
- Use strong passwords: Create unique passwords for each account and be sure to use at least 15 characters (including a mix of upper- and lowercase letters, numbers, and special characters) in each.
- Stay informed: Keep up to date on the latest security threats and best practices. KeyBank is here to help provide the information and resources you need to do just that. Learn more about our commitment to fraud prevention at key.com/fraud.
