By: Caitlin,

Security is always top of mind at Dwolla, and it’s something we’ll never stop improving and iterating upon. While Dwolla has always required multiple elements for user sessions, such as email address, password and PIN, we’ve continued to work toward empowering our users with additional security measures.

Today, we’ve released the ability for full Dwolla account holders to enable two-factor authentication (2FA) on their accounts. By enabling 2FA, Dwolla members equip themselves with an additional layer of security in account protection.

How do I enable two-factor authentication?

Visit your account settings page within the Dwolla dashboard. You can navigate to this page by clicking on your avatar in the top right hand corner of your dashboard. From your account settings page, choose Security from the menu on the left.


You’ll notice the option to enable 2FA on your account security page. Choose to enable and re-enter your password.


When enabling 2FA, you will need to download and open an authenticator app, such as: Google Authenticator (iOS, Android), Duo Mobile (iOS, Android), Amazon Virtual MFA (Android), or Authenticator (Windows Phone).

Open your authenticator app of choice, and manually enter the key code or scan the QR code you’ll see on your Dwolla dashboard to generate a six-digit security code within the app.

Enter this six-digit code in step three to enable two-factor authentication on your Dwolla account.


Next time you login to your Dwolla account from any device, you will be prompted to supply a six-digit security code from your authenticator app after you enter your email and password. You can choose to supply this code every time you log in from that device or every 30 days.


Why is two-factor authentication important?

Two-factor authentication helps protect your Dwolla account from the loss of credentials (e.g., your password being stolen). With 2FA enabled, a valid session requires something you know (your userID/Password) and something you have (your 2FA Time-based One Time Password). In short, it helps prevent online identity theft as a victim’s password is not enough for a fraudster to compromise an account.

Why use an authenticator app?

Dwolla chose Time-based One Time Password (TOTP) as our method of two-factor authentication given customer feedback and the high security level provided via the TOTP protocol. TOTP is also extremely strong as no transmission of the passcode is ever made as opposed to SMS (text) which, although unlikely, may be intercepted.

Have questions or feedback on this release? Please respond in the comments below, or on the Dwolla discussion board.

Safe and secure. Learn more about integrating Dwolla:

We'll help you design your ideal payments experience.


Thank you

A Dwolla representative will reach out to you within one business day.


There was an error and your the form was not submitted.

Financial institutions play an important role in the Dwolla network.

Dwolla, Inc. is an agent of Veridian Credit Union and Compass Bank and all funds associated with your account in the Dwolla network are held in pooled accounts at Veridian Credit Union and Compass Bank. These funds are not eligible for individual insurance, including FDIC insurance and may not be eligible for share insurance by the National Credit Union Share Insurance Fund. Dwolla, Inc. is the operator of a software platform that communicates user instructions for funds transfers to Veridian Credit Union and Compass Bank.