You are about to leave TIAA’s website and access websites that are unaffiliated with TIAA. TIAA does not assume responsibility or liability for the content or privacy policies of external sites.
Committed to protecting your data – now and always
Protecting your data
Securing your accounts
Providing customer assurance*
We protect your personal information
- TIAA's Security Operations Center provides fast, accurate, thorough and non-stop protection from cyber attacks
- Stringent security patching practices address vulnerabilities that attackers try to exploit
- Data loss prevention controls help ensure data doesn't fall into the wrong hands
- Robust supplier risk management practices help ensure our suppliers adhere to our expectations
Accounts are protected from unauthorized access
TIAA's log-in security strategy provides faster and more accurate prevention and detection of cybercriminal access techniques.
- 24x7 security monitoring alerts us to potential issues
- Industry threat intelligence helps us stay ahead of attacks
- Established technologies provide efficient prevention, detection and response
- Multifactor authentication (MFA) is always on to help ensure only you can log into your account
Something you know
Like your username, password, SSN or date of birth
Something you have
Like your registered laptop, smartphone or tablet PC
Something you are
Like voice, facial or fingerprint biometrics
Best Practices - TIAA is going passwordless
TIAA is now offering more secure passwordless access option.
TIAA is going passwordless! That’s right…by making the decision to go passwordless, you will limit the hassle of resetting forgotten passwords. Instead, you will have the opportunity to create a passkey that is unique to your specific device which you can use each time you access your account.
In reality, passwords put you more at risk due to the use of the same password for multiple accounts, especially if your password is ever stolen. Removing the need to use a password will add security to your account and better protect your TIAA assets.
If you choose to go passwordless, the experience is easy. Once prompted, you’ll be guided through a few simple steps to create your passkey using the biometric capabilities of your device.
Once you have created your passkey you now have a simpler, safer, and more seamless way to access your accounts.
For more information on how to stay safe online visit tiaa.org/security.
Further strengthen your authentication
Additional verification factors can be added for increased account security.
Add a Trusted Contact
A Trusted Contact is someone age 18 or older who you know and trust who will act as a point of contact should we become concerned about your well-being, whereabouts, or in extreme circumstances, where we suspect you may be the victim of fraud or exploitation.
TIAA provides assurance if an incident occurs
You are reimbursed for any loss due to unauthorized access.*
- View TIAA's Customer Protection Policy
- State and Federal law-based incident response and notifications
- Credit monitoring and identity theft repair if your data is breached
- Regulatory oversight, independent audit and certification of alignment with industry expectations
Resources to protect your online interactions
Strengthen your defenses against cybercriminals by increasing awareness and remaining vigilant.
- Multifactor authenticationOpens pdf
- Security at HomeOpens in new window
- Staying Safe OnlineOpens pdf
- Add additional protection to your accountOpens pdf
- Avoiding Social EngineeringOpens pdf
- Help keep older Americans secure from exploitationOpens pdf
- Cyber safety tips for parentsOpens pdf
- Malware Awareness: What to Know and How to Protect YourselfOpens pdf
- Avoiding Account TakeoversOpens pdf
Report a security concern
Suspicious account activity
Let us know about unauthorized access, issues with your balance, or other security issues.
Call us at 800-842-2252, weekdays, 8 a.m. – 10 p.m. (ET)
Suspicious email
To report a suspicious email, please email us at abuse@tiaa.orgOpens Email.
Resources
We gathered a list of fraud investigative agencies, major credit bureaus and other resources.Opens dialog
Responsible Disclosure policy**
If you are a security researcher and believe you have identified a vulnerability affecting TIAA, please submit a report here.Opens in a new window For other technology related security issues, you can contact us at security@tiaa.orgOpens Email
*Our practice is to reinstate a client's TIAA account in full if there is a loss that is determined to be the result of unauthorized activity through no fault of the client.
**You are about to leave TIAA’s website and access a website that is unaffiliated with TIAA. TIAA does not assume responsibility or liability for the content or privacy policies of external sites.