Multi-factor Authentication (MFA)
Video tutorials and FAQs
MFA FAQs
Multi-factor Authentication—MFA for short—is a method of providing additional security for user access. Many systems only require one method of authentication, such as a password or PIN. Multi-factor Authentication requires users to provide at least two methods of authentication, typically (1) something you know, like a password, and (2) something you have, like a one-time code that is sent via email, SMS, or generated on a mobile app.
Even if your first method of authentication is stolen or compromised (e.g. your password or PIN), attackers cannot access your account without the second method (e.g. your one-time code).
Software-based MFA solutions are known as "soft tokens," while hardware-based MFA solutions are known as "hard tokens." GenuBank's MFA solution is a soft token generated by a mobile app.
Business clients can sign up for Multi-factor Authentication if they are:
- Enrolled in Online Banking
- Enabled for ACH or wire transfers within Online Banking
All users must be enabled by GenuBank prior to using MFA. To sign up, contact us or speak to your relationship manager.
DIGIPASS
All users must be enabled by GenuBank prior to using MFA. To sign up, contact us or speak to your relationship manager. Once enrolled, search for and download "DIGIPASS for Business Banking" from your phone's app store, or use the links below:
- Google Play Store (Android)
- Apple App Store (iOS)
Soft Token Activation
Activating MFA requires two devices: (1) a device for logging into Online Banking, and (2) the mobile phone you wish to activate with the soft token. To begin, log into your Online Banking account.
If this is your very first time logging in and your account is enabled for MFA, you will automatically be prompted to activate your soft token. If you are a returning Online Banking user, click "Profile," scroll down to the "Token" section, and click on "View" and "Add Device."
- Enter your Online Banking password and, if applicable, answer the security question.
- Click "Complete Verification" and then "Begin Activation."
- A multi-colored "Cronto code" will appear, similar to the one below:
- Open the DIGIPASS app on your phone, tap "Begin Activation," and scan the Cronto code.
- A numeric device code will display on your phone; enter it in the "Device code" field within Online Banking.
- Fill out the remaining fields (Device Nickname, PIN, Security Question, Answer) and tap "Complete."
At this point, a second Cronto code will appear within Online Banking.
- Tap "Scan Image" on your phone to scan the second Cronto code.
- If your phone supports Touch ID, Face ID, or an equivalent biometric authentication, you can choose to enable it.
- Your phone will display a One-time Password; enter it in Online Banking and click "Complete Activation."
Your Online Banking account is now protected by multi-factor authentication.
For a detailed, step-by-step walkthrough, watch our video tutorial.
- Create and submit your ACH or wire transfer as you normally would.
- Once submitted, a Security Challenge window will appear.
Note: At this point, if you've enabled multiple devices for MFA, you can choose which device to use.
- A Cronto code will appear within Online Banking.
- Open the DIGIPASS app on your mobile phone and tap "Digital Signature."
- The Digital Signature will display on your mobile phone; enter it within the "Digital Signature" field in Online Banking and click "Complete Challenge."
Your transfer has now been authenticated.
For a detailed, step-by-step walkthrough, watch our video tutorial.
No. At this time, MFA is only required for authenticating ACH and wire transfers.
If your phone is lost or stolen, it is best to unenroll it from Multi-factor Authentication.
Online Banking
You can unenroll your lost or stolen phone from MFA directly from your online banking account.
- Log into online banking and click on "Profile"
- Scroll to the "Token" section and click on "View."
- Your enrolled device(s) will appear in the list.
- Find your lost or stolen device in the list, click "Delete," and then click "Delete Device."
Note: Even after removing your lost or stolen phone, your Online Banking account will still be enrolled in MFA. Both ACH and wire transfers will still require a Digital Signature for authentication. Once you have a replacement device, enroll it with MFA to continue authenticating transactions.
Contact Support
If you cannot access online banking or have any other issues, contact us for support.