For the tenth day of the 12 Days of 2FA, we’ll go over how to set up two-factor authentication for Bank of America online and mobile banking. Due to unique security needs from bank to bank and user to user, banks tend to call 2FA different things, and you’ll run into different protocols for setting it up at different institutions. Some demand a second factor of authentication not necessarily for log-ins but for particularly sensitive or high-value transactions, for example. Check twofactorauth.org’s more comprehensive list of banks, credit unions, and financial institutions, and get in touch with your own to learn more.
No matter where you do your banking, 2FA can be an important security measure. Bank of America is one example of how 2FA can be different for banks compared to other online services. They require security questions as well as a password to log in, and offer 2FA for sensitive or high-value transactions. Bank of America calls it “SafePass,” but the idea is exactly the same: if signing in requires something you have (like your phone) as well as something you know (your password), then your account has an added layer of protection.
Enabling 2FA for Bank of America is a great opportunity to review your password and security questions—we recommend you treat security questions like any other password and create strong passwords for them rather than accurate, guessable answers to the questions themselves.
Select “Profile & Settings” in the top left-hand corner and click “Manage SafePass.”
This landing page explains how SafePass works and how it will affect your account. Click “Add SafePass” to get started.
Now you can add a mobile number at which you can receive text messages to get verification codes, or pay for and order a SafePass Card. A SafePass card is a small, credit-card size token that will produce one-time passwords to use as verification codes for your Bank of America transactions. We will only cover mobile phone setup in this tutorial. Contact your banking institution to learn more about security keys and other hardware they may offer.
Enter a mobile phone number at which you can receive text messages. If you already have a number associated with your account that you would like to use, select “Use an existing mobile number on file." Otherwise, you can add a new mobile number here.
Depending on whether the number was on file before or not, you’ll be asked to verify your Bank of America credit/debit information or enter an authorization code sent to you via text.
Once you’ve successfully validated your mobile phone number, you’ll be returned to your SafePass page, where you can add an additional backup device or order a SafePass card.
Check out more posts on two-factor authentication from the 12 Days of 2FA.
Join EFF Lists
Related Updates
Deeplinks Blog by Paige Collings, Adam Schwartz | May 18, 2023
Digital Privacy Legislation is Civil Rights Legislation
Our personal data and the ways private companies harvest and monetize it plays an increasingly powerful role in modern life. Corporate databases are vast, interconnected, and opaque. The movement and use of our data is difficult to understand, let alone trace. Yet companies use it to reach inferences about us,...
Deeplinks Blog by Alexis Hanco*ck, Jon Callas | May 18, 2023
Victory! Apple and Google Collaborate on Detecting Unwanted Location Trackers
Location trackers like Tiles and AirTags aren’t just a helpful way to find missing luggage or a misplaced wallet—they can also be easily slipped into a bag or car, allowing stalkers and abusers unprecedented access to a person’s location without their knowledge. That’s why we are enthusiastic about ...
Deeplinks Blog by Thorin Klosowski | May 17, 2023
How to Enable Advanced Data Protection on iOS, and Why You Should
Apple has long used end-to-end encryption for some of the information on your iPhone, like passwords or health data, but the company neglected to offer a way to better protect other crucial data, including iCloud backups, until recently. This came after years of a hard fought battle pushing Apple...
Deeplinks Blog by Veridiana Alimonti | May 12, 2023
Eight Years Holding ISPs to Account in Latin America: A Comparative Outlook of Victories and Challenges for User Privacy
Latin American and Spanish telecommunications companies have made important advances in their privacy policies and practices, but persistent gaps and worrying trends pose potential risks for internet and mobile phone users, according to a new consolidated report published today by EFF. The report is based on the analyses and...
Deeplinks Blog by Jason Kelley | May 12, 2023
The Law Should Not Require Parental Consent for All Minors to Access Social Media
Numerous state laws passed this year, and bills proposed in Congress, would set onerous new restrictions on what young people can do online, depriving teenagers of their First Amendment rights to express themselves, access protected speech, engage in anonymous speech, and participate in online communities. They also enforce a presumption...
Deeplinks Blog by Paige Collings | May 12, 2023
The UK Online Safety Bill Must Not Violate Our Rights to Free Speech And Private Communication
As the UK’s Online Safety Bill moves through negotiations in the House of Lords, EFF, Open Rights Group, Wikimedia UK, and Index on Censorship have submitted a briefing urging the Lords to uphold the right to private messaging, and protect against prior restraint of lawful speech.Clause 110 of...
Deeplinks Blog by Sophia Cope, Andrew Crocker | May 10, 2023
The STOP CSAM Act: Improved But Still Problematic
Last month, we expressed concerns about how the STOP CSAM Act threatens encrypted communications and free speech online. New amendments to the bill have some improvements, but our concerns remain. The STOP CSAM Act Should Not Use the EARN IT Act as a Template for How to Protect Encryption...
Press Release | May 8, 2023
Suit by Renowned Saudi Human Rights Activist Details Harms Caused by Export of U.S. Cybersurveillance Technology and Training to Repressive Regimes
PORTLAND, OR — The Electronic Frontier Foundation (EFF), the Center for Justice & Accountability (CJA), and Foley Hoag LLP on Monday filed an amended complaint with the U.S. District Court for the District of Oregon on behalf of renowned Saudi human rights activist Loujain Alhathloul against...
Deeplinks Blog by Josh Richman | May 2, 2023
Podcast Episode: Dr. Seuss Warned Us
Dr. Seuss wrote a story about a Hawtch-Hawtcher Bee-Watcher whose job it is to watch his town’s one lazy bee, because “a bee that is watched will work harder, you see.” But that doesn’t seem to work, so another Hawtch-Hawtcher is assigned to watch the first, and then another to...
Deeplinks Blog by Mario Trujillo | April 24, 2023
Your Messaging Service Should Not Be a DEA Informant
A new U.S. Senate bill would require private messaging services, social media companies, and even cloud providers to report their users to the Drug Enforcement Administration (DEA) if they find out about certain illegal drug sales. This would lead to inaccurate reports and turn messaging services into government informants.