FAQ: Two-factor authentication (2FA)
What is two-factor authentication?
Two-factor authentication (2FA) is an enhanced security measure that requires an account owner to use two different verification methods, such as a password and a one-time security code, to gain access to their account.
After signing in to my529, account owners will use 2FA to verify their identity via a code sent by text message or phone call, or by using a third-party application.
Why is my529 adding 2FA?
my529 is implementing 2FA to strengthen security for account owners.
2FA security has become industry standard for financial institutions, bolstering password-based account security with an authentication procedure to ensure the account owner is the person requesting access.
When is 2FA happening?
my529 will launch 2FA in April.
How do I register for 2FA?
my529 has allowed account owners to “remember” a device so they don’t have to answer security questions at login.
When you log in to your my529 account from a trusted or “remembered” device on or after April 7, you will be prompted to register for 2FA. When you log in to your my529 account from an unrecognized device on or after April 7, you will be presented security questions to verify your identity in order to register for 2FA.
The security questions will be questions you have already set up. If you have not previously set up your own questions, the security questions will come from my529’s questions based on public, verifiable information.
Account owners must register for 2FA in order to access their accounts online.
To register, you will need to submit a phone number and choose a preferred verification method:
- Phone call
- A random code generator like Google Authenticator
- Authy authenticator app, which can send a code or a push notification
For the first three methods, you will receive a unique code that will be valid for a brief time. You will then enter the code where designated online to access your account(s). The Authy app will send a notification that you will need to accept to gain access to your account(s). The Authy app also has an option to send account owners a security code.
After you select an authentication method, you will see a screen to test the system by responding to your chosen prompt. If the authentication process does not work, choose a different authentication method.
Following a successful registration, you will receive a confirmation notice from my529 by email or letter, depending on your communication preferences.
Once registered, you can enable the 2FA system to recognize your device for six months by clicking “remember this device.”
What is Authy?
Authy is a company that has created a 2FA app and works with companies to support 2FA.
When will I be required to sign in using 2FA?
Once you register for 2FA, you will be required to sign in using 2FA in the following circumstances:
- Logging in six months since you last accessed your account from a “remembered” device.
- Logging in from a new device or IP address.
- Setting up a new my529 account.
Can I disable 2FA on my account?
To manage my529 account(s) online, you must register for 2FA. Account owners who do not want to register for 2FA can manage their accounts and make transactions by mail. Use forms available for download on my529.org or by request at 800.418.2551. my529 will send account statements via mail; you will need to contact my529 by phone to set your correspondence delivery to the mail option.
What happens if I don’t receive a security code?
Security codes are generally sent within 20 seconds to the registered phone number. If you have been waiting longer than one minute for a code, make sure you are using a phone with the same phone number used during the 2FA registration. If the number is the same and you still have not received a code, select the option to send a new code or choose a different 2FA method.
Does my529 provide tech support for authenticator apps?
my529 does not provide technical support for authentication applications. Please contact the authenticator app provider for support if you are having difficulty using an app. Choose the call or text verification methods when registering with 2FA to avoid using an authenticator app. To change a 2FA verification method, log in to your my529 account, go to My Profile and select Manage 2FA.
What if I no longer have the 2FA-registered phone number? What if I lost my phone?
If you use an authenticator app, you will need to contact the app provider to update your phone number.
If you use text or call verification, you must call my529 to start the process to update your phone number. my529 staff will verify your identity and reset 2FA registration. You will then be prompted to register for 2FA when logging in to your account and you can then enter your new phone number. If my529 staff cannot verify your identity per my529 security standards, you must send in a written request to reset the 2FA registration process.
If your phone is lost or stolen, you should immediately contact your mobile carrier to lock access to the device.
How can I change my 2FA settings once I register?
You can update your 2FA preferences after you log in to your account. Go to Change 2FA settings to switch a verification method. You can also update your phone number and require 2FA authorization at every login, which disables the option to “remember” a device.
Can I register a spouse to share access to a my529 account?
my529 allows only the account owner to set up access to accounts. my529 does offer limited power of attorney access for a spouse or family member (Form 810) or financial advisor firm (Form 710). View these forms to learn more about granting third-party access.
To keep accounts secure, the person managing transactions should be the same person listed as the account owner. Account owners should consider who will make changes or request transactions on the account; that person should own the account. If necessary, you can change the ownership of an account (Form 505).
Account owners can grant view-only access to a third party. For more information, log in to your account and click “shared access.”
What if my personal finance aggregator (i.e., Mint, Yodlee, YNAB, etc.) cannot access my my529 account information?
You will need to register for 2FA. After registration, you should be able to use the personal finance aggregator as you did previously.