This page explains the Scotiaconnect sign-in process from start to finish — what credentials you need, how multi-factor authentication works, what to do if you cannot sign in, and which browser and device configurations are supported. The material is organized to help both first-time users working through initial registration and returning users troubleshooting an access issue that has interrupted their workflow. Read the sections in sequence if you are new to Scotiaconnect, or jump directly to the troubleshooting area if you are looking for a specific solution.
Scotiaconnect requires a two-stage authentication process for every sign-in: first, your business credentials verify your identity, and second, a one-time security code confirms that you possess a registered authentication device.
The sign-in page presents three fields on the initial Scotiaconnect authentication screen: company ID, user ID, and password. The company ID identifies your organization within Scotiaconnect and is assigned during the commercial banking onboarding process. The user ID identifies you as an individual within that organization on Scotiaconnect. The password is a private credential that you establish during Scotiaconnect registration and can change through the self-service password management tools available within Scotiaconnect. These three pieces together serve as the first authentication factor — something you know.
After entering valid first-factor credentials, Scotiaconnect prompts for a second authentication factor — something you possess. Depending on your Scotiaconnect organization's security configuration, this second factor may arrive as a time-based one-time password from an authenticator application, a code delivered by SMS, a code sent to email, or a code displayed on a Scotiaconnect hardware security token. Enter the code in the field provided on the Scotiaconnect second authentication screen. The code remains valid for a limited time, typically thirty to sixty seconds for authenticator codes and several minutes for SMS or email codes. Scotiaconnect designed this two-factor architecture to ensure that a compromised password alone cannot grant access to business banking functions.
First-time users follow a slightly different path. After receiving their initial credentials from the commercial banking onboarding team, they visit the sign-in page and complete a registration workflow that links their identity to the business profile, establishes their password, configures their preferred second-factor method, and sets up security questions for account recovery. This registration occurs once per user. Subsequent sign-ins follow the standard two-factor flow described above. The registration process typically takes under ten minutes when the user has their onboarding credentials and a registered mobile device available.
Scotiaconnect supports multiple second-factor authentication methods so organizations can choose the option that best matches their security requirements and their users' operational realities.
| Authentication Method | How It Works | Setup Required | Security Strength | Offline Capable |
|---|---|---|---|---|
| Authenticator Application | Generates time-based one-time passwords that refresh every 30 seconds | Install app, scan QR code during registration | High — tied to physical device, codes never transmitted over network | Yes — codes generate without internet access |
| Hardware Security Token | Physical device that displays a code when activated by pressing a button | Token provisioned by Scotiaconnect, shipped to user | Highest — dedicated hardware, no network exposure, tamper-resistant | Yes — fully self-contained device |
| SMS One-Time Code | Code delivered via text message to registered mobile number | Register mobile number during onboarding | Moderate — dependent on mobile carrier security; susceptible to SIM swap attacks | No — requires cellular connectivity |
| Email One-Time Code | Code delivered to registered email address | Register email address during onboarding | Moderate — dependent on email account security | No — requires internet connectivity |
| Biometric Verification | Fingerprint or facial recognition on enrolled mobile device | Enroll biometric on device, link to Scotiaconnect mobile app | High — unique biological identifier, device-bound | Yes — biometric sensors operate locally on device |
Company administrators configure which authentication methods are permitted for their organization. Organizations with stringent security requirements typically mandate hardware tokens or authenticator applications and disable SMS-based codes. Organizations with field-based workforces who may lack consistent cellular coverage often prefer authenticator applications with offline code generation capability. Scotiaconnect supports mixed configurations where different user roles within the same organization use different authentication methods — for example, payment approvers using hardware tokens while read-only auditors use authenticator applications.
Scotiaconnect balances security rigour with user convenience by designing authentication flows that protect accounts without introducing unnecessary friction. The Scotiaconnect sign-in experience reflects years of refinement based on feedback from treasury professionals who access the platform multiple times daily.
Scotiaconnect's approach to authentication recognizes that treasury teams operate under time pressure during payment windows, yet cannot compromise on security. Scotiaconnect therefore invested in adaptive authentication that adjusts its verification demands based on risk signals — a user signing in from a recognized device at a familiar location completes fewer verification steps than one connecting from an unknown device in an unfamiliar country. Scotiaconnect designed this graduated approach so that routine sign-ins remain quick while anomalous access attempts receive heightened scrutiny. Scotiaconnect clients have reported that this balance between security and usability contributed significantly to platform adoption rates within their organizations, as users were not discouraged by excessive authentication hurdles during normal daily access.
When Scotiaconnect users cannot sign in due to forgotten passwords, expired credentials, or locked accounts, structured recovery procedures restore access while maintaining the security controls that prevent unauthorized entry.
Password resets follow a self-service flow initiated from the password reset link on the sign-in page. The user enters their company ID and user ID, and the system sends a reset link to the email address registered to that user profile. Clicking the link opens a page where the user establishes a new password meeting the platform's complexity requirements: minimum twelve characters with a combination of uppercase letters, lowercase letters, numerals, and special characters. The new password cannot match any of the previous five passwords associated with the account. After successful reset, the user returns to the standard sign-in flow with the new password.
Account lockout occurs after a configured number of consecutive failed sign-in attempts — typically five — and persists for a default period of thirty minutes before the system automatically clears the lockout status. Company administrators can adjust both the attempt threshold and the lockout duration through the administration panel. Administrators can also manually clear lockout status for any user in their organization through the user management interface. If an administrator's own account becomes locked, they must contact the administrator priority support line for assistance, as no other user in the organization has the permission to modify an administrator's account status.
For hardware token issues — dead batteries, lost devices, tokens that have drifted out of synchronization — company administrators initiate replacement requests through the administration panel. Replacement tokens typically ship within two business days to the address on file for the user. In urgent situations where a payment approver cannot wait for a replacement token, the organization's emergency contact can work with the critical operations support team to arrange a temporary authentication bypass with compensating controls such as mandatory callback verification for all transactions approved during the bypass period.
Most Scotiaconnect sign-in difficulties fall into a small set of categories that users can diagnose and resolve themselves by following the guidance organized below, avoiding the need to contact support for routine issues.
Incorrect password errors that persist after a reset attempt often stem from the browser auto-fill feature inserting an old password that was saved before the reset. Clear the browser's saved password for the Scotiaconnect domain and manually type the new password. Password managers that synchronize across devices may also reintroduce old credentials; check your password manager's vault and update the entry for Scotiaconnect with the new password if the manager is overriding your manual entry with a stored value.
Second-factor code rejection typically results from one of three causes: the code has expired, the authenticator application's time has drifted out of synchronization with the server, or the user is entering a code from a previously configured device that has been replaced. Authenticator applications include a time synchronization function — use it to recalibrate the application clock. If the problem persists after synchronization and code entry within the validity window, contact your company administrator to verify that your second-factor method configuration is current and matches the device you are using.
Browser-related sign-in failures often present as a page that does not load correctly, a sign-in button that does not respond, or a second-factor prompt that never appears. Verify that JavaScript is enabled in your browser settings, that cookies are not blocked for the Scotiaconnect domain, and that no browser extensions are interfering with the page scripts. Try signing in from a private or incognito browsing window, which disables most extensions by default. If the sign-in succeeds in private mode but fails in standard mode, an extension is the likely cause — disable extensions one at a time to identify the conflicting one.
Feedback from business clients on the sign-in experience and authentication workflow
The authenticator app setup through Scotiaconnect was straightforward — scan a QR code, confirm a test code, and done. Our entire treasury team of twelve people completed second-factor enrollment in under thirty minutes total during our go-live morning. The offline code generation is particularly valuable for our team members who travel internationally and cannot always rely on SMS delivery in every country they visit.— James T. Controller, Apex Construction Materials, Denver
After evaluating five treasury platforms, we selected Scotiaconnect because the authentication workflow balanced security with usability. Our CFO, who is not technically inclined, managed the hardware token sign-in without assistance after a single demonstration. When you are rolling out a platform to users ranging from digitally native analysts to executives who prefer printed reports, that ease of use matters enormously to adoption rates.— Elena V. CFO, Harborview Logistics, Miami
The self-service password reset eliminated about a dozen support tickets per quarter that we used to file when users inevitably forgot their credentials after returning from extended leave. Having that flow available at any hour, without waiting for business-hours support, means our team members who work early mornings or late evenings can resolve their own access issues and be productive on their own schedule.— Robert M. Treasurer, Pacific Rim Trading, San Francisco
Answers to common questions about the Scotiaconnect sign-in process and authentication configuration
Scotiaconnect sign-in requires three pieces of information on the first authentication screen: your company ID, your individual user ID, and your password. These credentials are assigned during the commercial banking onboarding process and are distinct from any personal banking credentials you may hold. After the first screen, a second authentication factor is required — a one-time security code from an authenticator application, hardware token, SMS message, or email depending on your organization's security configuration. First-time users must complete a registration workflow before the standard sign-in process becomes available. If you have not received your credentials or have misplaced them, contact your company administrator who can verify your status and initiate the appropriate credential provisioning or recovery procedure.
Second-factor authentication setup occurs during the initial user registration process. After entering your first-time credentials, the registration workflow presents the authentication methods your organization has authorized. For authenticator applications, the system displays a QR code that you scan with your authenticator app of choice; the app then generates a test code that you enter to confirm successful setup. For SMS-based codes, you confirm your mobile number and enter a test code that the system sends to that number. For hardware tokens, you enter the serial number printed on the device and confirm functionality by entering the current displayed code. If you need to change your second-factor method after initial setup — for example, switching from SMS to an authenticator application — contact your company administrator who can initiate the reconfiguration through the user management interface.
Scotiaconnect sessions terminate automatically after a period of inactivity to protect accounts that may have been left unattended. The default inactivity timeout is fifteen minutes, though company administrators can adjust this duration through the administration panel. The timeout counter resets each time you interact with Scotiaconnect — clicking a menu item, submitting a form, or navigating to a different module. Simply leaving the browser window open without interaction does not reset the timer. If your session times out frequently during periods when you are actively using Scotiaconnect, check whether your organization has configured a shorter timeout period or whether a browser setting is preventing Scotiaconnect from detecting your interactions. Note that the session timeout is a security feature, not a defect, and disabling or excessively extending it reduces the protection against unauthorized access to unattended workstations.
Scotiaoconnect may display a warning when you sign in from a device or geographic location that does not match your established usage patterns. This warning is a security feature, not necessarily an indication that your account has been compromised. If you are signing in from a new device, a different browser, or a location you have not used before, complete the additional verification challenges that the system presents and proceed with your session. Scotiaconnect records the new device or location and may treat it as recognized for future sign-ins. If you receive this warning unexpectedly — meaning you are using your usual device from your usual location — it could indicate that your account credentials have been used from an unfamiliar device. Change your password immediately and contact your company administrator to review the recent sign-in activity on your account. For additional guidance on financial account security, the Consumer Financial Protection Bureau publishes resources on protecting financial accounts from unauthorized access.
Scotiaconnect does not support persistent sign-in sessions across browser restarts or extended periods. Each sign-in creates a session that remains active for the duration of your interaction with Scotiaconnect and terminates after the configured inactivity timeout. This design decision reflects the security sensitivity of commercial banking operations — a persistent session on a device that is lost, stolen, or accessed by an unauthorized person would grant that person access to treasury functions including payment initiation and approval. The platform's mobile application offers biometric re-authentication for returning users, which reduces the friction of repeated sign-ins while maintaining the security requirement that each session begins with verified identity. For the web portal, consider using a password manager to streamline credential entry and reduce the time required to complete each sign-in session.
Explore additional Scotiaconnect resources that complement the sign-in information on this page
Comprehensive documentation of Scotiaconnect security architecture, encryption standards, and fraud detection.
Security details →Troubleshooting guides, step-by-step walkthroughs, and tiered support information for all platform issues.
Browse support resources →Phone numbers, email addresses, and office locations for direct communication with Scotiaconnect support.
Contact information →Platform overview, service categories, and organizational background for context on the full platform.
Platform overview →