FAQ: Two-factor authentication

What is 2FA?

Two-factor authentication (2FA) is an enhanced security measure that requires a person to use two different verification methods, such as a password and a one-time security code, to gain access to their account.

After signing in to my529, limited power of attorney (LPOA) users will employ 2FA to verify their identity via a code sent by text message or phone call, or by using a third-party application.

Why is my529 adding 2FA?

my529 is implementing 2FA to enhance security for account owners and LPOA users.

2FA security has become industry standard for financial institutions, bolstering password-based account  security with an authentication procedure to ensure the authorized LPOA user is the person requesting access.

2FA is already in place for account owners.

When is 2FA happening?

my529 will launch 2FA in Fall 2022.

How will LPOA users register for 2FA?

When an LPOA user logs in to their my529 account they will be required to authenticate their identity by using their PIN, which is unique to each LPOA user.

LPOA users must register for 2FA in order to access their accounts online.

To register, LPOA users will need to submit a phone number and choose their preferred verification method:

  • Text.
  • Phone call.
  • A random code generator like Google Authenticator.
  • Authy or Duo authenticator app, which can send a code or a push notification.

For the first three methods, the LPOA user will receive a unique code that will be valid for a brief time. They will need to enter the code where designated online to access their accounts. The authenticator app will send the LPOA user a notification that they will need to accept to gain access to their accounts. The authenticator app also has an option to send a security code to LPOA users.

After the LPOA user selects an authentication method, they see a screen to test the system by responding to their chosen prompt. If the authentication process does not work, the LPOA user should choose a different authentication method.

As per current practice, a PIN will always be required when the LPOA user calls and requests information from the my529 call center for their client/account owner.

What is an authenticator app?

Authenticator apps support 2FA by verifying identity. Companies such as Authy and Duo provide authenticator apps.

Does my529 provide tech support for authenticator apps?

my529 does not provide technical support for authenticator apps. LPOA users should contact the authenticator app provider for support if they are having difficulty using an app. They can avoid using an authenticator app by choosing the call or text verification methods when registering with 2FA. To change a 2FA verification method, LPOA users need to log in to their my529 account, go to My Profile, and select Change 2FA Settings.

Can an LPOA user disable 2FA on their account?

To manage my529 account(s) online, LPOA users must register for 2FA. LPOA users who do not want to register for 2FA can manage their accounts and make transactions by mail. Use forms available for download on advisor.my529.org or by request at 888.529.1886. my529 will send account statements to the my529 account owner via their preferred statement delivery method.

What happens if the LPOA user doesn’t receive a security code?

Security codes are generally sent within 20 seconds to the registered phone number. If the LPOA user has been waiting longer than one minute for a code, they should make sure they are using a phone with the same phone number used during the 2FA registration. If the number is the same and they still have not received a code, they should select the option to send a new code or choose a different 2FA method.

Will LPOA users receive confirmation of their registration?

Once LPOA users have successfully registered for 2FA, they will receive a confirmation email.

Find us on social media:

Important Legal Notice

Investing is an important decision. The investments in your account may vary with market conditions and could lose value. Carefully read the Program Description in its entirety for more information and consider all investment objectives, risks, charges and expenses before investing. For a copy of the Program Description, call 800.418.2551 or visit my529.org.

Account Value. Investments in my529 are not insured or guaranteed by my529, the Utah Board of Higher Education, the Utah Higher Education Assistance Authority Board of Directors, any other state or federal agency, or any third party. However, Federal Deposit Insurance Corporation (FDIC) insurance is provided for the FDIC-Insured investment option. In addition, my529 offers investment options that are partially insured for the portion of the respective investment option that that includes FDIC-insured accounts as an underlying investments. Units in my529 have not been registered with the United States Securities and Exchange Commission or with any state securities commission.

FDIC insurance is subject to limits set by federal law. Click here for more information about FDIC Insurance.

Non-Utah Taxpayers and Residents. The state in which you or your beneficiary pay taxes or live may offer a 529 plan that provides state tax or other benefits, such as financial aid, scholarship funds, and protection from creditors, not otherwise available to you by investing in my529. You should consider such benefits, if any, before investing in my529.

Consult an advisor. my529 does not provide legal, financial, investment, or tax advice, and the information provided on this website does not contain advice and cannot be construed as such or relied upon for those purposes. You should consult your own tax or legal advisor to determine the effect of federal and state tax laws on your particular situation.

Morningstar rating. A Morningstar Analyst Rating for a 529 college savings plan is not a credit or risk rating. Analyst ratings are subjective in nature and should not be used as the sole basis for investment decisions. Morningstar does not represent its analyst ratings to be guarantees. Please visit Morningstar.com for more informat/investment-options/underlying-investments/ion about the analyst ratings, as well as other Morningstar ratings and fund rankings.

Information on this website is believed to be accurate when posted and is qualified in its entirety by the Program Description.