News and resources on cyber and physical threats to banks and fintechs worldwide.

Bank of America introduces USB security key registration for online transfers

Source: Yubico

Bank of America has a longstanding history in the support of authentication for the online banking experience.

They were one of the first major banks to join the FIDO Alliance and be appointed to its board in 2014. In 2016, they championed, alongside Yubico and several others, the launch of the “Lock Down Your Login” public awareness campaign designed to enable every American to better secure their online accounts through the use of strong authentication.

While there have been many milestones over the last decade, today marks a true ‘security step up’ for online banking account sign-in and bank transfer protection for many Bank of America customers. Bank of America has announced that they are replacing SafePass with the new Secured Transfer feature, which allows for USB security key registration and transfer authentication with YubiKeys. They have also provided the option for many Bank of America customers to sign-in to their online banking account with a USB security key.

Bank of America’s SafePass theft protection was originally introduced to provide individual, small business, and brokerage customers with an extra layer of security against unauthorized transactions. Previously, SafePass only allowed for one-time code mobile authentication or via SafePass Cards. Bank of America’s advancement to the Secured Transfer feature builds off of this foundation by introducing the option for more secure, FIDO-based hardware authentication.

Many Bank of America online banking users that have a YubiKey, can now register their security key for account sign-in two-factor authentication (2FA) as well as setting up the Secured Transfer feature to add an extra layer of physical security to their online account. If you are a Bank of America customer and do not have a YubiKey, you should consider increasing your security posture with a YubiKey.

How to set up your YubiKey for Secured Transfer and online banking sign in:

Log-in to your online Bank of America account using your username and password;
Once logged in, go to “Profile & Settings” in the top right corner, and under “Security settings” click on “Manage SafePass”;
Depending on your type of account and/or account settings, you should see the option to add a USB Security Key, as well as enable Secured Transfer.

Once your USB security key is set up, when signing in to your online account or executing a bank transfer, you will be prompted to touch your YubiKey.

When touched, the YubiKey executes a public key cryptographic exchange with the bank’s online service that verifies that you and only you are in possession of the security key thus allowing for secure sign-in and the bank transfer to occur. If your password login credentials are stolen or compromised, you will still be protected because a physical YubiKey is required for 2FA. Furthermore, once your YubiKey is linked to your account, it also serves as step-up security for adding transfer recipients to your account.

Comments: (0)