Skip to Main Content

Digital Banking

Multi-Factor Authentication (MFA): Protect Your Account

Multi-Factor Authentication (MFA) adds an extra layer of security to your online banking. It helps keep your account safe by requiring more than just your password when you log in or perform sensitive actions.

Passwords alone aren’t enough to protect your account. MFA ensures that even if someone knows your password, they can’t access your account without an additional verification step.
1. Log in to Online Banking
  • Go to your account and click User Settings.
  • Select Security, then Authentication.
2. Choose Your MFA Method
  • Two-Factor at Every Login
    Turn on this option to require MFA every time you log in.
  • Passkey
    Use your device’s built-in security (like TouchID or FaceID) for quick, secure logins.
  • Push Authentication
    Approve login requests directly from your mobile device.
  • Authenticator App
    Use apps like Google Authenticator or Microsoft Authenticator for one-time codes.

Push Authentication is a convenient way to approve login requests directly from your mobile device.
1. Log in to Online Banking.
2. Go to User Settings > Security > Authentication.
3. Locate your registered device and toggle the slider to enable Push Authentication.
  • When you log in or perform a sensitive action, you’ll receive a push notification on your enrolled device.
  • Review the details (location, time, and action) and tap Approve to continue.
  • If the request looks suspicious, tap No, Lock My Account. This will immediately lock your account for security. You’ll need to call our support team to unlock it.


  • You can register multiple devices for Push Authentication.
  • Push Authentication works only on devices with our mobile app installed.
  • If you’re using a browser, the MFA challenge will be sent to all enrolled devices.
  • If you don’t receive a push notification, you can select Request New Code to use another MFA method.
Security Tip: Always verify the details in the push notification before approving. If something doesn’t look right, deny the request and contact us immediately.
Passkeys use advanced technology like biometrics or hardware keys for even stronger protection. Options include:
  • TouchID or FaceID on Apple devices
  • Windows Hello on PCs
  • Hardware keys like YubiKey or Google Titan
Once registered, you can use your passkey instead of entering a code.
When prompted:
  • Select your preferred method (Text, Email, Voice, Push, or Authenticator App).
  • Enter the verification code or approve the request.
  • Complete your login.
  • To update or disable MFA, go to User Settings > Security > Authentication.
  • You can also manage your devices under Security > Devices.

Important: Turning off MFA reduces your account security. CCU requires you to keep at least one backup MFA method on your profile, like an email or phone number, so you’re never left without a way to sign in.

The only exception is if you turn on “Restrict MFA to Passkey or Push” and later remove both of those methods. If that happens, you could get locked out because no allowed MFA options remain.

When this option is enabled in Authentication settings, the ability to receive MFA challenges via voice call or text message is fully removed. If Passkey or Push Authorization is later removed from the account while this restriction is still enabled, the user will not be able to complete MFA and may be locked out.