Navegó a una página que no está disponible en español en este momento. Seleccione el enlace si desea ver otro contenido en español.

Página principal

Two-factor authentication helps protect the one and only you

Look beyond the password for added security

Is a password the only thing standing between you and a cyber criminal? If you don't have additional protections in place, your information could be at risk. Scammers use a variety of methods to steal passwords, including malware, phishing emails and text scams. With almost 1 billion consumer records exposed in 2019 data breaches, what can you do to help secure your data? First, create a unique username and password for each of your accounts. Second, turn on two-factor authentication, which is commonly used at login by financial institutions, email service providers, and other companies large and small.

What is two-factor authentication?

Two-factor authentication, also known as “2FA”, is a method of identity verification using two different factors, such as a password (something you know) and a security token or one-time verification code sent to your mobile device (something you have). Companies use this method because it is more effective in protecting against unauthorized account access than a password alone. Wells Fargo may require two-factor authentication to confirm your identity when completing certain transactions or changes online.

Customers can also choose to activate 2-Step Verification at Sign-On, which provides an additional layer of security each time you sign on to Wells Fargo Online® or the Wells Fargo Mobile® app. Once activated, you will be prompted to enter an access code at sign on. You can request to have Wells Fargo send the access code by email, phone call, text, or push notification. When planning to travel abroad, it’s a good idea to purchase an RSA SecurID® token within online banking to generate the access code since some forms of digital communication may not be available.

Beware of imposter scams

Scammers hunt for security tokens and verification codes to enable unauthorized account access. One common scam involves a criminal acquiring a verification code using the most unlikely and unsuspecting accomplice — you. In this scenario, the scammer — who has already stolen your username and password through a data breach or other means — uses manipulation to convince you to divulge your verification code.

How the scam works:

  • The scammer calls or text you, impersonating your bank, email service provider, government agency, or other company — often claiming that suspicious activity has been detected on your account.
  • Then the “company” (in reality, the scammer) alerts you that it will text you a code that you need to text back or repeat over the phone to verify your identity.
  • Next, the scammer will log in to the legitimate site with your login information, which prompts the code to be sent to your mobile device.
  • If you provide the code to the scammer, you will be enabling access to your accounts. You could lose money and may become a victim of identity theft.

Know that Wells Fargo will not call or text you requesting an access code. We only send you a code when prompted by an action that you initiated, such as signing on to online banking, sending money, or calling Wells Fargo customer service.

  • Do not enter your access code online unless you initiated the request. 
  • Do not provide your access code to anyone who calls or texts you.

If you are uncomfortable with a request received by phone call or text that you didn’t initiate, don’t respond and hang up immediately. Then, contact the company using legitimate sources such as a phone number on the company’s website. If the caller claims to be from Wells Fargo, contact us using a trusted number on the back of your card or

Explore more security tools and options.