For the tenth day of the 12 Days of 2FA, we’ll go over how to set up two-factor authentication for Bank of America online and mobile banking. Due to unique security needs from bank to bank and user to user, banks tend to call 2FA different things, and you’ll run into different protocols for setting it up at different institutions. Some demand a second factor of authentication not necessarily for log-ins but for particularly sensitive or high-value transactions, for example. Check twofactorauth.org’s more comprehensive list of banks, credit unions, and financial institutions, and get in touch with your own to learn more.

No matter where you do your banking, 2FA can be an important security measure. Bank of America is one example of how 2FA can be different for banks compared to other online services. They require security questions as well as a password to log in, and offer 2FA for sensitive or high-value transactions. Bank of America calls it “SafePass,” but the idea is exactly the same: if signing in requires something you have (like your phone) as well as something you know (your password), then your account has an added layer of protection.

Enabling 2FA for Bank of America is a great opportunity to review your password and security questions—we recommend you treat security questions like any other password and create strong passwords for them rather than accurate, guessable answers to the questions themselves.

  1. Select “Profile & Settings” in the top left-hand corner and click “Manage SafePass.”

  1. This landing page explains how SafePass works and how it will affect your account. Click “Add SafePass” to get started.

  1. Now you can add a mobile number at which you can receive text messages to get verification codes, or pay for and order a SafePass Card. A SafePass card is a small, credit-card size token that will produce one-time passwords to use as verification codes for your Bank of America transactions. We will only cover mobile phone setup in this tutorial. Contact your banking institution to learn more about security keys and other hardware they may offer.

  1. Enter a mobile phone number at which you can receive text messages. If you already have a number associated with your account that you would like to use, select “Use an existing mobile number on file." Otherwise, you can add a new mobile number here.

  1. Depending on whether the number was on file before or not, you’ll be asked to verify your Bank of America credit/debit information or enter an authorization code sent to you via text.

Once you’ve successfully validated your mobile phone number, you’ll be returned to your SafePass page, where you can add an additional backup device or order a SafePass card.


Check out more posts on two-factor authentication from the 12 Days of 2FA.

Related Issues