Showing results for 
Search instead for 
Did you mean: 

Additional 2-Factor Authentication Options

Hello, with cyber security attacks becoming increasingly prevalent we need more options for 2-factor Authentication. For most people, SMS doesn't give us the peace of mind anymore. It is great that you have that more than anything else but someone recently tried to login to my account and if they were able to spoof my phone number it would have been bad for me.


Recommendations are hardware keys such as Yubikey which is becoming increasingly popular. 


a year and a half later and we are still only offered SMS, when will we see some more choices? 2FA MFA why is the banking community so slow to offer protection options against hacking? 


Is U2F or TOTP being considered today? The SMS method is now regarded as barely better than just a password.



I would like to see BECU adapted yubikey token for secutiry. I have been using yubikey for long times now in different website like Google chrome and many others. 


Supportability matters. Yubikey wouldn't be bad, but it's also a niche option that only information security professionals like me are likely to use.


Google Authenticator and the like -- I think anyone who recommends this has never had to support it. Users don't expect their MFA to stop working when they change their phone and didn't back up a list of reset codes 2 years ago when they originally downloaded the app!


HSBC and Wells Fargo both offer RSA hardware token options which are a reasonable balance of security and convenience. However, there are also adaptive authentication products such as Ping Identity that combine multi-factor authentication with other verification methods reducing the need to prompt every time.


One other thing to look at is being smarter about when MFA is required. Viewing my bank balance and transaction history is a less sensitive activity than transferring money. This is particularly true if I'm viewing my bank balance and transaction history from a known browser on a known device at a known IP address in Olympia versus transferring money to somewhere I've never transferred it before, from an unknown browser and device, at an unknown IP address in Belgrade.


Do BECU security teams reading this comments? Your comments are 2 years old and there is nothing about hardware key replied from them. Please give people this choice of yubikey or something like that. I'm waiting a few years now.




I also would love to see multi-factor authentication expand with BECU to include 3rd party authenticators like Authy.


I joined the idea exchange specifically to see if there was any discussion around improving 2FA. I'd like to give a +1 to supporting Google Authenticator, and better yet Yubikey.