How do I set up and use authentication for Online & Mobile Banking?

How do I set up and use authentication for Online & Mobile Banking?

Keeping your accounts safe is important, and authentication is one of the easiest ways to protect them. By confirming it’s really you each time you log in, authentication helps block fraud and keep your personal information secure.

Whether it’s entering a password, using Face ID, or receiving a one-time code, these steps add an extra layer of protection. It’s a simple way to give you peace of mind and confidence when managing your money online or on mobile.

You will be prompted for a Secure Access Code  whenever you log in to Online & Mobile Banking. To skip this step, register your phone, tablet, or computer as a trusted device. Follow these instructions to manage your devices.

Two-Factor Authentication (2FA) / Multi-Factor Authentication (MFA) Methods

Two-Factor Authentication (2FA) adds an extra layer of protection to your account by requiring two steps to log in—such as entering your password and then confirming with a code sent to your phone. Multi-Factor Authentication (MFA) works the same way but can include more than two steps, such as using Face ID or Fingerprint/Touch ID.

These extra layers of protection help keep your account safe. Even if someone has your password, they can’t log in without the second step—making it much harder for fraudsters to access your money or personal information.

How it works

• Password + Code (2FA): After entering your password, you’ll be asked to verify your identity by receiving a code via call or text.
• Push Authentication: You can also verify your identity by approving a push notification sent to your mobile device.
• Authenticator App: If you prefer, you can use an authenticator app to generate unique codes. When enabled, other methods like text or voice are disabled for added security.
• Biometrics (Face ID / Fingerprint / Touch ID): If set up, this process happens automatically—you won’t need to do anything extra.

Managing your settings

You can turn these methods on or off at any time for your Citadel accounts using the toggle switches under the Authentication tab in Online & Mobile Banking’s security settings.

Some settings, such as your fingerprint or your face identification, will need to be managed on your individual device. Please refer to your device’s documentation for instructions.

Fingerprint / TouchID / FaceID

Biometric authentication methods such as fingerprints and facial recognition are enabled and disabled on the login screen when you open the app. You will need to go into your individual device’s security settings to set up your face and/or fingerprints.

Push Notifications

Push notifications send a secure prompt to your mobile device for login approval or denial, eliminating the need to manually enter a code. To use this feature, you will need to enable push notifications for the mobile banking app in your device settings. If your push notifications are turned off at the device level, notifications will not come through.

Authenticator Apps

To use this method, you will need to install and/or configure an authenticator app on your device before enabling it within your Online & Mobile Banking security settings. The app will generate time-sensitive verification codes directly on your device. When logging in, you will be prompted to enter the code displayed in your authenticator app to confirm your identity.

Why can’t I use email for authentication?

Using email for authentication is generally not recommended due to security vulnerabilities, as email accounts are less secure than other 2FA methods. Anyone who gains access to your email (through phishing, password breaches, or weak security) can reset passwords and bypass 2FA for multiple accounts.