The Bank Account Setting Experts Say You Should Change Immediately

Even if the thought of updating yet another password — or adding facial recognition to one more app — might feel daunting, it's and essential step to stopping scammers and hackers from accessing your personal bank account. Americans lose a ton of money to various forms of fraud as it is, and banks won't protect accountholders from impersonation scams. That's why some experts believe it can be literally worth a personal fortune to enable robust security settings, like two-factor authentication along with spending and login alerts, even if it feels like a frustratingly unnecessary step. "While no security system is foolproof, adding multifactor authentication is a smart way to reduce the risk of account takeover," Gary Zimmerman, CEO of MaxMyInterest, said (via Bankrate).

With two-factor authentication (2FA), or multi-factor authentication (MFA), an account holder must confirm their identity once again after entering their login credentials. Typically, this is done either by answering a question, inputting a code sent to a mobile device, or via biometrics. But while enabling MFA in their account settings gives accountholders the best protection against financial loss stemming from scams, not all MFA methods are equally resilient against determined hackers. 

In the past, MFA that entailed entering a code sent via SMS was seen as a strong indicator for account safety. However, many experts agree that this method is no longer as effective. The Cybersecurity and Infrastructure Security Agency (CISA) warns that SMS messages are not reliable and are easy to intercept because they lack encryption; as such, SMS should not be used as an MFA method for a bank account login. Eva Galperin, director of cybersecurity at Electronic Frontier Foundation echoed the sentiment, saying (via Fortune): "I would really like it if companies stopped implementing SMS 2FA now and required either app-generated codes or physical keys." 

Fortunately, other MFA methods offer a more reliable layer of protection. According to University of Tennessee's Office of Innovative Technologies, mobile push notifications and biometrics are far more reliable than SMS-based MFA. Push notifications are more difficult to intercept because they generate codes offline; meanwhile, biometrics rely on your unique physical features that are almost impossible to replicate when authenticating a login attempt. 

Which authentication method is available to you depends on your bank. For example, Wells Fargo, Bank of America, and other major financial institutions offer 2FA via push notifications, SMS, email, phone call, and biometrics. Regardless of which bank you're with, whenever MFA is available in the account settings, be sure to enable it, per the CISA. If possible, use more than a single MFA method; for example, opt for getting push notification and doing a biometrics check. Likewise, enable alerts for login and spending notifications. Your phone may ding plenty, but at least you'll learn about fraudulent activity as it happens and deal with it swiftly.