Crossroads Loading Indicator
SIGN IN
SIGN IN

Multi-Factor Authentication (MFA)

To keep your account safe, we're adding an extra layer of security!

Starting October 15, all members must set up Multi-Factor Authentication (MFA) the first time they log in to Digital Banking (desktop & mobile app)


What is MFA?
Multi-Factor Authentication (MFA) is an extra layer of security that helps protect your account. Instead of just entering a password, MFA asks you to verify your identity in another way—like entering a code sent to your phone or approving a login through an app.

Think of it like locking your front door and setting an alarm. Even if someone guesses your password, they still need that second “key” to get in. 


Choose one of these secure methods:
  • Push Notification (recommended)
  • Web Auth (security key or web browser-based)
  • Text Message
  • Voice Call

Using FaceID or fingerprint? After you set up MFA and log in successfully, you’ll need to turn Biometrics back on.

Quick & Easy Setup. You can add up to 5 trusted devices to make future logins faster and easier.

*Mobile App Update Required. To access digital banking on your mobile device, you’ll need to install the latest version of the mobile banking app on October 15.

Need help? If you need help accessing your profile after the update, our team is here to assist you every step of the way dial 1.877.535.1299.

Frequently Asked Questions

Identity Access Management (IAM) Multi Factor Authentication (MFA) adheres to modern authentication standards, enhancing the user experience through a streamlined authentication process. It fortifies security by adding multiple layers of protection against unauthorized access and reinforces adherence to data protection regulations.

 

Push notification sends a prompt to the user’s mobile device, allowing them to approve or deny the login attempt with a single tap. It is fast, secure and user friendly.

The push notification will be delivered through the Mobile App itself. Members will receive the notification directly within the app during the login process, making it a seamless and secure authentication experience.

Push notification is the recommended option for secure and seamless authentication.

Once users have established push notifications as the preferred MFA method, their mobile device is automatically recognized as a trusted device. MFA validation is only required on devices that are not recognized as trusted devices. A user can have up to 5 trusted devices on their profile.

NOTE: For users that are signing in and registering for push notifications using Online Banking, the mobile app must be installed on their device with the latest 4.4 version.

NOTE: if “Maybe later” is selected, the user will be redirected to the previous screen to select a different MFA method.

A trusted device is a personal, secure device that the member chooses to recognize for future logins. Once added as a trusted device, the member won’t be asked to complete MFA each time they sign in from that device. Adding a trusted device makes it faster and more convenient to access online banking while maintaining security.

For web browsers, trust lasts for 12 hours. On mobile, trust does not expire. 

Web authentication typically involves using a secure key or device-based biometrics (fingerprint or facial recognition) directly within a browser session. Web authentication is only available for online banking using a web browser

The following operating system versions are recommended for the use of Web Authentication as an MFA method:

• Windows: WebAuthn is supported on Windows 10 and later versions. Windows Hello provides native support for biometric authentication and security keys.

• macOS: macOS 10.12 (Sierra) and later versions support WebAuthn through Safari, allowing integration with biometric devices like Touch ID and Face ID.

• Android: Android 7.0 (Nougat) and later versions support WebAuthn in browsers like Chrome, enabling biometric authentication and security key usage.

SMS authentication sends a one-time password (OTP) via test message and is entered manually by the user.

Voice call authentication delivers a spoken one-time password (OTP) through an automated phone call. It is often used as an alternative to SMS.

The voice authentication option available to members as part of MFA works for any phone number a member can receive a voice call to -- this can be a landline or mobile phone number. If voice authentication is selected as your preferred MFA method, members will receive a phone call where an automated voice reads out their OTP verification code.

For security purposes, this OTP can only be sent to phone numbers that have been verified and recorded on file with Crossroads Credit Union. This helps ensure that authentication attempts are directed only at trusted, authorized contact information

 

Yes, members are required to sign up for MFA as part of this security update. There is no option for members to bypass the MFA registration process.
Members cannot have more than one MFA method on their account. Push is the default recommended method and will override any of the other three MFA options if a member later registers for push notifications.
Members will be prompted to verify their sign in attempt using their MFA method of choice when logging in from an untrusted device. On mobile, once a device is marked as trusted, MFA will not be required again unless the app is reinstalled or the device is removed from the trusted list. When signing in to online banking on a web browser, trusted device status is limited to 12 hours for security reasons, so members will typically need to complete MFA once per day when accessing online banking from an internet browser.
No, for security purposes, once the MFA method is selected and associated with their profile, a member will have to contact Crossroads Credit Union to have their device unregistered for MFA. Once they are unregistered, they will be prompted to complete the MFA registration flow again at their next login and can select a new MFA method.

Yes, initially. When members log in for the first time after the R4.4 release, biometric login will be disabled by default. They will first be required to set up MFA for security purposes.

After completing MFA and successfully signing in, members can re-enable biometric login (e.g., facial recognition or fingerprint). Going forward, biometric login will act as their primary authentication method and will bypass MFA for future logins on that device.

Yes, once MFA registration is completed, users can continue to sign in using biometric authentication methods as usual.

When members log in for the first time after the 4.4 release, biometric login will be disabled by default. They will first be required to set up MFA for security purposes.

After completing MFA and successfully signing in, members can re-enable biometric login (e.g., facial recognition or fingerprint). Going forward, biometric login will act as their primary authentication method and will bypass MFA for future logins on that device.

You will need to set up MFA for each profile separately, as each login is treated as an independent profile - like having a separate username and password for each one.

However, for business users, there is an option to consolidate profiles, which allows you to switch between them without having to complete MFA each time. This feature helps streamline access when managing multiple profiles under the same login session.

MFA introduces a new type of OTP that is specific to the member login process using the new MFA protocols. MFA OTP only includes options for push notifications, SMS text, web or voice authentication.

Actions that a member can perform within digital banking that allow for email OTP as an authentication method will remain unchanged. This includes actions such as adding a payee, change password, inter-member transfer, change contact details, add eTransfer recipients, etc.

This website uses cookies to improve your user experience. By continuing to browse the site you are agreeing to our use of cookies.