Skip to main content

Privacy and Security

Protect Your Virginia529 Account with Multi-factor Authentication

Multi-factor authentication, also known as two-step verification, is the process that requires two ways of proving your identity and can be used to protect your Virginia529 account(s). While there is no one perfect authentication method – for instance, passwords are the leading source of data breaches --- the concept behind multi-factor authentication is that a second or third factor will compensate for the weakness of the other factor. While this requires an extra step when logging into your account, it does provide a more secure online experience.

Multi-factor authentication strengthens security. Authentication factors such as passwords and pins can be vulnerable to hackers and cyber criminals. But by adding another authentication factor to your data, the additional layer of security makes it more difficult for hackers to access your account.

Authentication apps generate verification codes for signing in to sites that require a high level of security. You can use these apps to get verification codes even if you don't have an internet connection or mobile service.

There are a number of authentication apps that customers can choose from, including Auth0, Google Authenticator, Duo, Authy, Akamai and RapidIdentity.

Once you have obtained a replacement mobile device, if it has the same phone number as the lost or stolen phone, there may be different steps to take depending on which authentication method you use:

  • If you’re using an authentication app, you will need to consult the support desk or help section for the authentication app that you use for instructions on how to set up activation on your new phone.
  • If you’re using Text/SMS messages, as long as you didn’t change your phone number, you can still complete your login request by receiving Text messages
  • If you’re using email, as long as you didn’t lose access to the email account you are using for your authentication method you can still use that email account to complete your login requests.

If your replacement mobile device has a different phone number:

You will need to deactivate Text/SMS messaging while you still have access to the old phone number. If you lose access to the old phone number before disabling Text/SMS messaging, you will need to contact Virginia529’s customer service department at 1-888-567-0540 for assistance. You may be asked for additional information or documentation so that Virginia529 can verify your identity and help restore your account access.

If the mobile phone is your only registered device for multi-factor authentication, you will need to contact Virginia529’s customer service department at 1-888-567-0540 for assistance. You may be asked for additional information or documentation so that Virginia529 can verify your identity and help restore your account access.

Ask yourself who else has access to your account and if they may be trying to log in to the account. If you are concerned that your account may be compromised, consider changing/strengthening your password and contact Virginia529’s customer service department at 1-888-567-0540 to let them know there was an unauthorized attempt to access your account.

If you are utilizing a tool that aggregates data from multiple accounts (e.g. Mint, Yodlee), please note that enabling multi-factor authentication may prevent these programs from accessing your account.

Multi-factor authentication is currently available to all Virginia529 customers as an opt-in service. It is strongly recommended that you enable at least one multi-factor authentication method for the enhanced security of your account.

Virginia529 currently offers three multi-factor authentication methods to accommodate customers with different types of devices at their disposal. All three methods (authentication app, email and Text/SMS) can be accessed without a smartphone.

Internet access is necessary for the authentication app and email methods. Users without smartphones may use an authenticator app, or access email on a tablet. Users without smartphones or tablets may alternatively use the email method or a basic cellular phone number to receive a Text message with a verification code to approve or deny requests.

Aggregators provide a service that allows users to pull together balance and activity information from different financial accounts into a single view on the aggregator’s web site. Personal finance software such as Yodlee® and account aggregation programs like Mint® are examples of a few such services.

Essentially, use of multi-factor authentication will disrupt aggregator access to your Virginia529 account. This will happen because aggregators will not be able to use your existing login credentials to access the account as they have no way of receiving your multi-factor authentication PIN.

But Virginia529 now offers a that will allow you to create an aggregator read-only Virginia529 account prior to enabling multi-factor authentication. Using Virginia529’s third-party account access platform will allow an aggregator service to access select Virginia529 account information without disruption from multi-factor authentication.

A third-party access account is a sub‐account that you, the Virginia529 account owner, will create. You will select an account nickname, login ID and password for the account that is different from that of your primary Virginia529 account. You will also be prompted to create an expiration date for this Virginia529 read-only account.

Once created, the third-party sub‐account will allow you to continue to utilize your aggregator service. The benefit of the Virginia529 third-party access account is that you no longer need to provide an aggregator service with your personal primary Virginia529 account login information. As an added bonus the third-party account access platform will only give access to the necessary information needed to create your financial view such as basic account and investment details along with account transactions. The aggregator will no longer have access to your personal and sensitive information.

Your aggregator service may no longer be working because you have not created a Virginia529 third-party access account. To create your Virginia529 third-party account:

  • Log in to your account
  • Select "Manage My Account"
  • Select "Link Personal Finance Software"

You will select an account nickname, login ID and password for the account that is different from that of your primary Virginia529 account. You will also be prompted to create an expiration date for the Virginia529 third-party access account.

Once created, this new Virginia529 third-party access account will allow you to continue to utilize your aggregator service.

When a Virginia529 account owner passes away, ownership automatically transfers to the designated survivor named on the account. If a valid designated survivor is not named, Virginia529 reserves the right to designate the account beneficiary (student) as the new account owner if the student is over the age of 18.  If the student is under the age of 18, Virginia529 may set up a custodial account (under the UTMA) for the benefit of the student and designate a custodian to manage the account until the student reaches the age of 18. Per the Prepaid529 and Invest529 Program Descriptions, Virginia529 may consult take the suggestion of the executor or representative of the deceased account owner’s estate when naming a custodian for a student.

If both the account owner and designated survivor have passed away, complete and submit the Transfer Account Upon Death of an Account Owner Form along with a copy of the death certificates.

Need to report suspicious or fraudulent activity?

Timely action is important—contact Virginia529 immediately.