Sunday, March 5, 2017

Wells Fargo two-factor authentication

A few years ago Wells Fargo notified me that someone had successfully gained access to my online account through the use of an alphabet attack.  I had to change both my username and password.

Recently the same thing happened to a friend of mine.  It will probably happen to you next.  So here's my advice:  Enable "Advanced Access" on your account.  Every time you try to log in to your account Wells Fargo will use a second form of authentication:  Possession.

Your username and password are knowledge - "something you know"

Your cell phone or SecurID device (Wells Fargo will send you a SecurID dongle for $25) are possession - "something you have"

These two items make it even more difficult - if not impossible - for your account to be accessed by someone other than you.

Before enabling Advanced Access, make sure the only phone number associated with your Wells Fargo account is your cell phone number.  Not a Google Voice or Skype number.

Then go to More...Accounts and Settings...Profile and Settings...Manage Online Settings...Enhanced Sign On Options and change the setting to "For web browsers and mobile apps"

Next time you login with your username and password you will see this screen:

You can either have them text you a code or you can use your Wells Fargo SecurID dongle.

No comments:

Post a Comment