Navegó a una página que no está disponible en español en este momento. Seleccione el enlace si desea ver otro contenido en español.

Página principal

Help protect your data with two-factor authentication

Look beyond the password for added security

Is a password the only thing standing between you and a cyber criminal? Many of us re-use passwords across multiple sites, which can lead to fraud and identity theft if that password is exposed through a data breach, phishing attempt, or malware attack.

With millions of consumer records exposed in data breaches this year, what can you do to help secure your data? First, create a unique username and a strong password for each of your accounts. Next, turn on two-factor authentication, which is commonly used by financial institutions, email service providers, and other companies large and small to help prevent unauthorized account access.

What is two-factor authentication?

Two-factor authentication, also known as “2FA”, is a way to verify a person’s identity using two different factors. For example, using both your password and an access code sent to your mobile device to sign onto an app is more secure than using only your password.

Wells Fargo may require two-factor authentication to confirm your identity when completing certain transactions or changes online.

Customers can also add an additional layer of security by activating Wells Fargo's 2FA feature, 2-Step Verification at Sign-On. Once activated, you will be prompted to enter an access code as part of the sign on process. You can get the code by:

- Requesting that Wells Fargo send it by email, phone call, text, or push notification.
- Using an RSA SecurID® token purchased through Wells Fargo Online®.


When planning to travel abroad, consider using an RSA SecurID token to generate the access code since some forms of digital communication may not be available on your trip.

Beware of imposter scams

Even when using two-factor authentication, it's still important to protect your accounts. Criminals know that access codes may be needed to commit their crimes and have devised ways to obtain them. A common scam involves a criminal acquiring an access code using the most unlikely and unsuspecting accomplice — you. In this scenario, the scammer — who has already stolen your username and password — manipulates you to divulge the last piece of data they need, your access code.

How the scam works:

  • The scammer calls or texts you, impersonating your bank, email service provider, government agency, or other company — often claiming that suspicious activity has been detected on your account.
  • Then the “company” (in reality, the scammer) alerts you that it will text you a code that you need to text back or repeat over the phone to verify your identity.
  • The scammer will then log in to the legitimate site with your login information, which prompts the code to be sent to your mobile device.
  • If you provide the code to the scammer, you will be enabling access to your accounts. You could lose money and may become a victim of identity theft.

Know that Wells Fargo will not call or text you requesting an access code. We only send you a code when prompted by an action that you initiated, such as signing on to online banking, sending money, or calling Wells Fargo customer service.

  • Do not enter your access code online unless you initiated the request. 
  • Do not provide your access code to anyone who calls or texts you.

If you are uncomfortable with a request received by phone call or text that you didn’t initiate, don’t respond and hang up immediately. Then, contact the company using legitimate sources such as a phone number on the company’s website. If the caller claims to be from Wells Fargo, contact us using a trusted number on the back of your card or

Explore more security tools and options.