Skip to Content
woman with phone putting money in piggy bank
© Andranik Hakobyan |

Bank apps — How they know you are YOU

Strong, unique passwords are the least you can do to protect online accounts. Here’s a primer to get you started. While two-factor authentication (2FA) is becoming a common security step for apps and services, some industries have yet to adopt it.

Take banking apps, which don’t typically require 2FA to get into your account. Seems reckless, doesn’t it? The thing is, they have other ways to identify who you are.

Security questions are not so secure

Remember security questions? You’d be asked questions such as the name of your first pet or the city you were born. This practice is falling out of favor, and that’s a good thing. Others might know the answer to those questions and get into your accounts.

RELATED: Necessary 60-second security checks: 4 quick cybersecurity steps to take NOW

Wall Street Journal reports that banks use far more sophisticated methods to identify clients, such as comparing your typing speed with each attempt. Others analyze how much pressure you use when entering credentials (they check how many pixels your fingers cover when you tap each key). That’s some serious James Bond-type security.

The four biggest banks in the U.S. — Bank of America, Chase, Citibank and Wells Fargo — use various authentication methods. But they all support Face ID and Touch ID for Apple devices and fingerprint ID for Android phones.

While all four banking apps also offer 2FA, it’s not always turned on by default. Let’s change that.

Bank of America

You’ll get asked to verify your identity with 2FA at certain times, like when you make a transfer or use a different device than you usually do.

It’s better to set up 2FA security to trigger every time you log into the mobile app. Set it up in the Security Center, which also shows other ways to improve security.


Chase asks for 2FA verification the first time you log in or use an unfamiliar device.

Again, we encourage you to set up 2FA to kick in each time you log in to the banking app. Chase has its own Security Center, where you can tweak various settings, including 2FA.


Citibank’s app doesn’t have 2FA turned on by default, but you should change that. Go to Profile > Security Center > 2-Step Authentication and toggle on the setting.

Wells Fargo

Open the app and go to Security & Profile to turn on 2FA. Once done, you’ll get an access code each time you sign in. You may also need to pass a 2FA test when moving money around.

Wells Fargo offers more protection via a $25 portable security device. It generates a random six-digit security code that changes every 60 seconds. This is similar to how authentication apps work, which you can learn about here.

You may also like: Online banking checkup: 3 must-do steps to protect your login

Stop robocalls once and for all

Robocalls are not only annoying, but they scam Americans out of millions every year. Learn Kim's tricks for stopping them for good in this handy guide.

Get the eBook