FAQ: Two-factor authentication
What is 2FA?
Two-factor authentication (2FA) is an enhanced security measure that requires a person to use two different verification methods, such as a password and a one-time security code, to gain access to their account.
After signing in to my529, limited power of attorney (LPOA) users will employ 2FA to verify their identity via a code sent by text message or phone call, or by using a third-party application.
Why is my529 adding 2FA?
my529 is implementing 2FA to enhance security for account owners and LPOA users.
2FA security has become industry standard for financial institutions, bolstering password-based account security with an authentication procedure to ensure the authorized LPOA user is the person requesting access.
2FA is already in place for account owners.
When is 2FA happening?
my529 will launch 2FA in Fall 2022.
How will LPOA users register for 2FA?
When an LPOA user logs in to their my529 account they will be required to authenticate their identity by using their PIN, which is unique to each LPOA user.
LPOA users must register for 2FA in order to access their accounts online.
To register, LPOA users will need to submit a phone number and choose their preferred verification method:
- Phone call.
- A random code generator like Google Authenticator.
- Authy or Duo authenticator app, which can send a code or a push notification.
For the first three methods, the LPOA user will receive a unique code that will be valid for a brief time. They will need to enter the code where designated online to access their accounts. The authenticator app will send the LPOA user a notification that they will need to accept to gain access to their accounts. The authenticator app also has an option to send a security code to LPOA users.
After the LPOA user selects an authentication method, they see a screen to test the system by responding to their chosen prompt. If the authentication process does not work, the LPOA user should choose a different authentication method.
As per current practice, a PIN will always be required when the LPOA user calls and requests information from the my529 call center for their client/account owner.
What is an authenticator app?
Authenticator apps support 2FA by verifying identity. Companies such as Authy and Duo provide authenticator apps.
Does my529 provide tech support for authenticator apps?
my529 does not provide technical support for authenticator apps. LPOA users should contact the authenticator app provider for support if they are having difficulty using an app. They can avoid using an authenticator app by choosing the call or text verification methods when registering with 2FA. To change a 2FA verification method, LPOA users need to log in to their my529 account, go to My Profile, and select Change 2FA Settings.
Can an LPOA user disable 2FA on their account?
To manage my529 account(s) online, LPOA users must register for 2FA. LPOA users who do not want to register for 2FA can manage their accounts and make transactions by mail. Use forms available for download on advisor.my529.org or by request at 888.529.1886. my529 will send account statements to the my529 account owner via their preferred statement delivery method.
What happens if the LPOA user doesn’t receive a security code?
Security codes are generally sent within 20 seconds to the registered phone number. If the LPOA user has been waiting longer than one minute for a code, they should make sure they are using a phone with the same phone number used during the 2FA registration. If the number is the same and they still have not received a code, they should select the option to send a new code or choose a different 2FA method.
Will LPOA users receive confirmation of their registration?
Once LPOA users have successfully registered for 2FA, they will receive a confirmation email.