Skip to main content
Personal- current section
Business
Community
About us
Contact us
Security centre
Help & support
Blog
BSB: 633-000
Locate us
Login
Personal banking
Bank accounts
Home loans
Credit cards
Insurance
Investing
Financial advice
Bendigo Bank logo
e-bankingShare trading
Personal bankingBank accountsHome loansCredit cardsInsuranceInvestingFinancial advice
Locate us
About usContact usSecurity centreHelp & supportBlogBSB: 633-000

How to keep your Bendigo Invest Direct account secure with Multi-Factor Authentication (MFA)

26 June 2026

Protecting your account is a priority. Multi-Factor Authentication, or MFA, adds an extra layer of security to help keep your Bendigo Invest Direct account secure. Once set up, MFA applies when you log into your account from either the web platform or mobile app.

What is Multi-Factor Authentication?

Multi-Factor Authentication (MFA) is a security feature that requires more than just your password to log in. Instead of relying on a single step, MFA uses multiple forms of verification, such as:

  • Something you know, like your password
  • Something you have, like your mobile device or authenticator app

This means that even if someone gains access to your password, they may still not be able to access your account.

How does MFA protect your account?

MFA makes the login process more secure by requiring an additional verification step when accessing your account.

Web platform

Each time you log in to your account on the web platform using your username and password, you will also need to enter a time-based verification code generated by your Authenticator App. These codes refresh regularly and are designed to help confirm that it is really you accessing your account.

Mobile app

On the Bendigo Invest Direct mobile app, you may be prompted to set up biometrics or an access code on your mobile device. Once MFA has been completed and your device is recognised as trusted, you may not need to complete MFA each time you log in on that device.

You can then log in using your chosen authentication method, such as biometrics or your password.

MFA may still be required if:

  • You log in on a new or unrecognised device
  • Additional verification is required for security purposes

Trusted device functionality currently applies to the mobile app only. Trusted mobile devices may remain authenticated for up to 6 months.

How to set up MFA

MFA is required for your account and is set up the first time you log in after MFA becomes available on your account.

Before you begin, you will need:

  • A computer connected to the internet
  • Your mobile device with access to the mobile number registered to your Bendigo Invest Direct account

When you log into your account with your username and password for the first time after MFA becomes available, you will be prompted to set up MFA.

1. Verify your identity

You will first receive a one-time verification code by SMS to your registered mobile number. Enter this code when prompted.

2. Download or open an Authenticator App

After entering your SMS verification code, you will be prompted to set up an Authenticator App.

Authenticator apps are secure mobile apps that generate time-based, one-time verification codes directly on your mobile device. These codes refresh regularly and are not sent over SMS, providing an added layer of security. Common examples include Google Authenticator and Microsoft Authenticator.

You can either:

  • Download a new Authenticator App from the Apple App Store or Google Play Store
  • Use an Authenticator App already installed on your mobile device

3. Link your Bendigo Invest Direct account

Open your Authenticator App and select “Scan QR Code”.

Using your mobile device, scan the QR code displayed on your computer screen. This links your account to the Authenticator App and enables it to generate verification codes for future logins.

Your Authenticator App will then display a verification code that refreshes every 30 seconds. Enter this code on the verification screen and select “Next”.

Once setup is complete, MFA will be activated on your account.

4. Save your recovery codes

At the end of the setup process, recovery codes will be displayed. These are one-time use backup codes that can help you access your account if you lose access to your mobile device or Authenticator App.

Store these codes somewhere secure and accessible only to you.

You may need a recovery code if:

  • You lose or replace your mobile device
  • Your Authenticator App is no longer available
  • You are unable to access your usual MFA verification codes

Additional verification when trading international shares

If you trade international shares, an additional verification step will apply when placing your first international trade during a logged-in session.

Before submitting your first international order, you will be asked to enter a one-time verification code sent to your mobile phone via SMS.

Please note:

  • This replaces the current Trading PIN process
  • This verification step is separate from MFA required when logging into your account
  • A logged-in session can last up to 4 hours
  • If you log out and log back in, the session timing resets
  • Subsequent international orders placed during the same logged-in session will not require additional verification

This additional step helps provide extra protection for international trading activity on your account.

Best practices for staying secure

Using MFA is an important step in helping protect your account, but there are additional habits that may further improve your security.

  • Use a strong, unique password that is not reused across other websites or services
  • Keep your contact details up to date so you can receive important account notifications
  • Never share your login details or verification codes with anyone

Scammers may try to contact you by phone, SMS or email while pretending to be from Bendigo. These messages can sometimes appear convincing, but there are common warning signs to look out for.

Be cautious of:

  • Unexpected messages or calls requesting account information
  • Requests for passwords or MFA verification codes
  • Messages creating urgency or pressure to act immediately
  • Suspicious links or attachments from unknown or unverified sources

Additional warning signs may include:

  • Spelling mistakes or unusual formatting
  • Sender details that appear similar but are not official
  • Requests to “verify” or “secure” your account via a link
  • Attempts to collect personal or security information

Bendigo Invest Direct will never contact you to ask for your password or MFA verification codes.

Final word

Keeping your account secure is an ongoing process, and enabling MFA is one of the most effective steps you can take. By adding this extra layer of protection and staying alert to potential scams or suspicious activity, you can help reduce the risk of unauthorised access and keep your account safe.


Bendigo Invest Direct is a service provided by CMC Markets Stockbroking Limited ABN 69 081 002 851 AFSL No. 246381 (“CMC Markets Stockbroking”), a Participant of the ASX Group (Australian Securities Exchange), SSX (Sydney Stock Exchange) and Cboe (previously known as Chi-X) at the request of Bendigo and Adelaide Bank Ltd (ABN 11 068 049 178, AFSL 237879) (“Bendigo"). For a copy of the terms and conditions relating to the Bendigo Invest Direct services and the Financial Services Guides for CMC Markets Stockbroking or Bendigo (or other relevant disclosure documents), contact us on 1300 788 982, visit trading.bendigoinvestdirect.com.au/forms or via email at info@bendigoinvestdirect.com.au.
Please read the disclosure documents for your selected product or service, including the Terms and Conditions, before deciding. Neither CMC Markets Stockbroking nor Bendigo are representatives of each other. To the extent permitted by law, Bendigo will not guarantee or otherwise support CMC Markets Stockbroking’s obligations under the contracts or agreement connected with Bendigo Invest Direct. Information on this page can change without notice to you.

Related Topics

Wealth

Related Articles

Quick links
Banking with us
About us
Help & support
Connect with us

We acknowledge the Traditional Owners and Custodians of the land where we live, learn and work. We pay our respects to all First Nations peoples and acknowledge Elders past and present.

We are dedicated to creating an inclusive and safe space for our team members of all genders and sexual orientations through inclusive hiring, leave policies and workplace design.

Bendigo and Adelaide Bank Limited, ABN 11 068 049 178 AFSL / Australian Credit Licence 237879. Any advice provided on this website is of a general nature only and does not take into account your personal needs, objectives and financial circumstances. You should consider whether it is appropriate for your situation. Please read the applicable Disclosure Documents before acquiring any product described on this website. Please also review our Financial Services Guide (FSG) before accessing information on this website. Information on this page can change without notice to you.

© Copyright 2026 Bendigo and Adelaide Bank