Using Multi-Factor Authentication in Online Banking

Here's how Amplify Credit Union uses multi-factor authentication to keep your online banking account

Written By Matthew Monagle (Member Support)

Updated at November 15th, 2023

Over the past few years, multi-factor authentication has become a common tool in the world of cybersecurity—including here at Amplify Credit Union. But what exactly is multi-factor authentication, and how does it keep your account safe? In this article, we’ll explain how this authentication works and how to make changes to your Amplify account. We’ll also explain the difference between a secure access code and a challenge code.

Key Takeaways

  • Amplify uses multi-factor authentication (MFA) to protect member accounts
  • Your secure access code can be confirmed via phone or text. Email is no longer an acceptable mode of multi-factor authentication.
  • Amplify will never ask you to provide your online banking secure access code.
  • Challenge codes can be used in lieu of multi-factor authentication to provide limited access to your online banking account.

What is multi-factor authentication (or MFA)?

Multi-factor authentication is a process that requires users to provide two (or more) modes of verification. This process adds an additional layer of security for members logging into online banking for the first time on new devices.  

At a basic level, multi-factor authentication is based in three different types of authentication: something you know, something you have, and something you are.

  • Something you know: knowledge-based authentication leverages private information known only to the user, such as a personal identification number (PIN) or an account password.
  • Something you have: possession-based authentication requires that a user have a certain piece of software or hardware in their possession to complete a log-in. A secure access code texted to the phone number associated with a member account is an example of a possession-based authentication.
  • Something you are: inherence-based authentication uses biometrics to confirm the identity of a user. Apple’s Face ID technology is an example of an inherence-based authentication.

For example: when you log into online banking for the first time on a new computer, you will be asked to enter your password and then enter a secure access code sent to you via phone or text. This uses both knowledge-based and possession-based authentication to verify your identity.

How do I update my MFA contact information?

Since multi-factor authentication requires updated contact information, we encourage every member to routinely review their security settings in online banking.


  • Open the Settings tab in the online banking sidebar.
  • Click on Security Preferences.
  • Click the Secure Delivery button on the screen.
  • Enter a New Text Number and New Voice Number where applicable.

Remember, Amplify will use your voice number and SMS text number to verify your account when logging in on a new device. It is important that your security preferences are always up to date.

Will Amplify ask for my online banking secure access code?

When you call into the Amplify Contact Center, our team will never ask you to provide your online banking secure access code as part of the interaction. While you may be asked to provide identifying information—such as your member ID number or the last four digits of your social security number—your secure access code will never be part of your offline verification.

If someone contacts you claiming to be from Amplify and asking you to share your secure access code, please change your online banking password and reach out to our Contact Center immediately.

How do I prevent Amplify's MFA from getting blocked by my spam filters?

For most third-party spam filters and Google’s auto spam detection feature on the Pixel phones, the best way to avoid having authentication messages flagged as spam is to add those numbers to your contact list. This will ensure the numbers are not blocked or hidden.

Voice: (512) 836-5901
SMS: 86434

In rare cases, you may need to contact your phone service provider and ensure that this phone number and SMS number are not blocked. If you had previously opted out of SMS communications from Amplify, text "START" to 86434 to receive future messages.

Q2 Text Banking Information and Disclosures

Q2 Text Banking allows our financial institutions' customers to opt-in to receive two-factor authentication codes as well as receive account information for their banking accounts from Q2.

Supported Carries

AT&T, Boost Mobile, MetroPCS, Sprint PCS, T-Mobile, U.S. Cellular, Verizon Wireless, Virgin Mobile and select regional carriers within ACG, Interop Technologies, and ClearSky Technologies, but is not compatible with all handsets. T-Mobile is not liable for delayed or undelivered messages.


There are no premium charges using Q2 Text Banking. Message and data rates may apply.

Message Frequency

Subscribers to Q2 Text Banking will receive one message per query.

How To Opt-Out

To opt-out of Q2 Text Banking, reply STOP to 86434. An unsubscribe message will be sent to your number confirming the cancellation, but no more messages will be sent after that one.


For support or information about Q2 Text Banking, reply HELP to 86434. Optionally, you may email us at

Privacy Policy

Information concerning data privacy may be found in the privacy policy of your financial institution. If you have any questions, please send an email to


Why can't I use my email address for MFA?

Not all types of multi-factor authentication are created equal. If your email account is comprised, criminals can access this account from anywhere without the need for possession or biometrics-based authentication. To limit the damage of compromised email accounts, Amplify has elected to only allow multi-factor authentication via phone or text message.  

What Is the Difference Between a Secure Access Code and a Challenge Code?

A secure access code (SAC) is provided to you during the multi-factor authentication process. This code authenticates your identity and allows you to log into online banking on a new device for the first time.

A challenge code is a code you set that serves as a limited replacement for your secure access code. If you are in a place without cell phone service, you can set a challenge code in online banking to gain access to a limited version of your banking profile. These limitations include not being able to change your challenge code or secure delivery contact information.

Follow these steps to generate a challenge code for your Amplify account:

  • Open the Settings tab in the online banking sidebar.
  • Click on Security Preferences.
  • Click the Challenge Code button on the screen.
  • Enter and confirm a challenge code on the screen.

Please note: while there may be circumstances where a challenge code is a valuable login tool for our members, Amplify encourages all users to default to multi-factor authentication. If you are uncertain if a challenge code is right for your account, call our Contact Center our visit an Amplify branch near you.

Was this article helpful?

Still have a question? Contact Us