Skip to main content

Two-Factor Authentication (2FA)

Securing your NestEgg account with an extra layer of protection

Written by Greg Boynton
Updated today

Two-factor authentication (2FA) adds a second layer of security to your NestEgg account. In addition to your password, you'll be asked to enter a one-time code from an authenticator app each time you log in. This means that even if your password is ever compromised, your account remains protected.

Your credit union controls when 2FA becomes mandatory. When they turn it on you'll have a grace period, a set number of days, to get it set up. After that, you'll need to complete setup before you can access the platform.

How the rollout works

Two-factor authentication will be switched on for your organisation by the NestEgg team. When that happens, you'll be given the option to set things up each time you login and you'll see a banner in the dashboard letting you know that 2FA is required and giving you the option to set it up. You can dismiss this banner and continue using NestEgg as normal for the time being.


At some point, the option to skip setup will be removed. When that happens, you'll be taken to the 2FA setup screen the next time you log in and will need to complete setup before you can access the dashboard.

We'd recommend setting up 2FA as soon as you see the banner — it only takes a couple of minutes and means you won't be caught out when the grace period ends.

Any new users joining after 2FA has been enabled for your organisation will be asked to set it up on their first login.

What you'll need before you start

You'll need an authenticator app installed on your phone before you can set up 2FA. These apps generate the one-time codes you'll use to verify your identity at login.

You should use the authenticator app that is recommended or mandatory for your organisation.

If you don't already have one, any of the following will work:

  • Google Authenticator — available on iOS and Android

  • Microsoft Authenticator — available on iOS and Android

  • Authy — available on iOS, Android, and desktop

All three are free to download. Once you've installed one, you're ready to set up 2FA in NestEgg.

Setting up 2FA

You can set up 2FA by following the link shown to you at login, or by going to your Security settings directly. The steps are the same either way.

  1. Step 1. Open your authenticator app and tap the option to add a new account. This is usually a + icon or an Add account button.

  2. Step 2. Back in NestEgg when you have clicked the link to get set up, a QR code will appear on screen. Use your authenticator app to scan it.

  3. Step 3. Once scanned, your app will start generating 6-digit codes for your NestEgg account, refreshing every 30 seconds.

  4. Step 4. Enter the current code from your app into NestEgg and click Verify.

  5. Step 5. That's it — 2FA is now active on your account. You'll be taken to the main dashboard.

Can't scan the QR code? If your phone can't scan the QR code, there's a text code shown beneath it. You can type this into your authenticator app instead. See the section below for more detail.

Logging in after 2FA is set up

Once 2FA is active, your login process will have one extra step:

  1. Step 1. Enter your email address and password as normal.

  2. Step 2. When prompted, open your authenticator app and enter the 6-digit code shown for NestEgg.

  3. Step 3. Click Verify to complete sign-in.

Codes refresh every 30 seconds, so enter the code while it's still active. If it expires before you submit, just use the next code your app shows.

Note: After your initial setup, you won't see the QR code again at login, just the prompt to enter your 6-digit code.

Trusted devices

Each time you log in, you'll have the option to mark your device as trusted. Ticking the Trust this device checkbox means you won't be asked for a 2FA code on that device again until the trust expires.

Your credit union sets how long a device stays trusted. Once that period ends, you'll be prompted for a 2FA code again on your next login.

Tip: Only trust devices that are yours and are secure. Avoid ticking this option on shared or public computers.

Managing your trusted devices

You can see all the devices you've marked as trusted in your Security settings. Each entry shows the device name (based on the browser you were using when you logged in).

From this list you can revoke any device you no longer want to trust. This removes it from the list and means you'll be asked for a 2FA code the next time you log in on that device. Revoking a device doesn't log you out of your current session.

It's a good idea to review your trusted devices from time to time and remove any you don't recognise or no longer use.

If you can't scan the QR code

If your phone camera can't read the QR code, NestEgg will also display a text version of the setup code beneath the QR image. To use it:

  1. Step 1. In your authenticator app, look for an option to enter a setup key manually. This is sometimes labelled Enter a setup key or Add account manually.

  2. Step 2. Copy the code shown in NestEgg into your app.

  3. Step 3. Your app will add NestEgg as an account and begin generating codes, just as if you had scanned the QR code.

From this point, setup continues in the same way — enter the 6-digit code into NestEgg to verify and you're done.

Need help?

If you have any questions about setting up 2FA, please contact your credit union administrator or reach out to the NestEgg support team via chat or at [email protected].

Did this answer your question?