Skip to main content

Multi-factor authentication

Multi-factor authentication (MFA) is a security measure that requires two or more proofs of identity to verify a user. Asking for additional details to confirm your identity provides greater security compared to a password alone, making it harder for criminals to access your accounts or information.


Requirements

Multi-factor authentication requires a combination of at least two factors:

  • Something you know (such as a password or PIN)
  • Something you have (such as a one-time code or trusted device)
  • Something you are (such as a fingerprint or other biometrics)


To help protect your account, we recommend using a security token as a second factor with your e-banking Access ID and password. Security tokens are devices or apps that generate unique 6-digit codes. These codes change regularly, expire after a short amount of time, and can only be used once.

We offer the Symantec VIP Access app, also known as a soft security token, digital security token or e-token. The app is free and can be downloaded from the App Store or Google Play.

Apple Store  Andriod

Using security tokens

To set up your security token:

  1. Download the Symantec VIP Access app from the App Store or Google Play
  2. Visit your local branch or call us on 1300 236 344
  3. Provide your security token’s unique Credential ID number
  4. We will link your security token to your e-banking account using the Credential ID


You should never share the 6-digit code generated by your security token with anyone. We will only ask you for the Credential ID of your security token so we can link it to your e-banking account.

Once set up, enter the 6-digit code any time you are prompted for a security token in e-banking. The 6-digit code can be copied to your device’s clipboard by holding down on it. You can then paste it in the security token field in e-banking.

To change your multi-factor authentication settings:

  1. Select the Settings tile (found in the More menu in the Bendigo Bank app)
  2. Select Multi-factor authentication


You are required to use multi-factor authentication for some e-banking services like updating your contact details and adding new Pay Anyone contacts. Mandatory options are greyed out in your multi-factor authentication settings and cannot be changed.

The Symantec VIP Access app cannot be transferred from one device to another. To set up the app on a different device, you will need to download it on that device and contact us to link it to your e-banking account. This will unlink the app on your old device so it can no longer be used with your e-banking account.

If your old device was lost or stolen and you had registered the Bendigo Bank app on it, you should also deregister it as an extra security precaution:

  1. Select the Settings tile (found in the More menu in the Bendigo Bank app)
  2. Select Manage devices
  3. Select Deregister device

Automatic security tokens

If you are using the Bendigo Bank app, you may be able to automate your security token. This allows the Bendigo Bank app to generate and enter the 6-digit codes from your security token for you. You can register up to three devices with automatic security tokens.

Automating your security token is just as secure as manually entering the 6-digit codes. You will no longer see prompts to enter your security token, but the 6-digit code is still being entered and authenticated in the background. In this case, you have trusted your device to act as the second factor of authentication.

Before you automate your security token, please note:

  • Your security token must be correctly linked to your account
  • You must not discard your security token once it has been automated
  • Your version of the Bendigo Bank app must be:
    • iOS – 4.6.41 or above
    • Android – 4.7.46 or above
    • You must have set up a four-digit PIN (though you can log in with either four-digit PIN or biometrics)
  • Automating your security token on a device will apply the highest security settings possible, overriding your current security token settings on that device
  • Your current security token settings will continue to apply when using e-banking on a web browser or the Bendigo Bank app on a device that has not been registered as an automatic security token
  • Each device must be registered as an automatic security token individually


To automate your security token:

  1. Log in to the Bendigo Bank app
  2. Select More
  3. Select Settings
  4. Select Multi-factor authentication
  5. Select the Automate my Security Token banner
  6. Enter the 6-digit code from your security token when prompted
  7. Select Register this device


You will receive a message in e-banking confirming your device has been registered.

To view the status of your automatic security tokens:

  1. Select the Settings tile (found in the More menu in the Bendigo Bank app)
  2. Select Manage devices


To deregister a device as an automatic security token:

  1. Select the Settings tile (found in the More menu in the Bendigo Bank app)
  2. Select Manage devices
  3. Select Deregister device


Deregistering a device will also remove your four-digit PIN. You can still use your Access ID and password to log in to that device, or to set up four-digit PIN again:

  1. Log in to the Bendigo Bank app
  2. Select More
  3. Select Settings
  4. Select Setup four-digit PIN
  5. Follow the prompts

Security token troubleshooting

If you enter a 6-digit code and see a “Please provide a valid security token” message, it may be because the code entered was not correct, or your security token may not be linked to your e-banking account.

If you have replaced a device which had your Symantec VIP Access app on it, you must download the app on your new device and contact us to link the new Credential ID to your e-banking account.

Automatic security token not working:

  • Please ensure you have the latest version of the Bendigo Bank app installed 
  • Check that your device is registered and your automatic security token is active:
    • Select the Settings tile (found in the More menu in the Bendigo Bank app)
    • Select Manage devices
    • If your device is not listed, you will need to set up a four-digit PIN
    • If the status next to Automatic Security Token is not Active, you will need to automate your security token again
  • If you see an “Unable to activate” message, please try deregistering your device, setting up a four-digit PIN, and automating your security token again by following the steps in the Automatic security tokens section

Further assistance:

Please visit your local branch or call us on 1300 236 344 for further assistance if your security token is not working, or for help with the following:

  • Linking a new security token to your e-banking account
  • Checking if your current security token is correctly linked to your e-banking account
  • Physical security tokens

Bendigo and Adelaide Bank acknowledges Aboriginal and Torres Strait Islander peoples as the First Peoples of this nation and the Traditional Custodians of the land where we live, learn and work. We pay our respects to Elders past and present as it is their knowledge and experience that holds the key to the success of future generations.

Bendigo and Adelaide Bank Limited, ABN 11 068 049 178 AFSL / Australian Credit Licence 237879. Any advice provided on this website is of a general nature only and does not take into account your personal needs, objectives and financial circumstances. You should consider whether it is appropriate for your situation. Please read the applicable Disclosure Documents before acquiring any product described on this website. Please also review our Financial Services Guide (FSG) before accessing information on this website. Information on this page can change without notice to you.

© Copyright 2024 Bendigo and Adelaide Bank