We have provided stronger safeguards to your Online Banking account. A security upgrade was completed in October 2012. Implementation of this security enhancement provides two critical benefits:
- Ensures your login is strong — When logging in, the system reviews the strength of your username and password. The enhanced security requires both your username and password to be six or more characters long and contain both letters and numbers and/or symbols. If your login does not meet the upgraded security requirements, you will be asked to create a new username and/or password.
- Obtain an access code — You will be asked to provide a phone number where you can immediately receive an access code via text and/or automated voice message. A new access code will be required each time you log in on a computer or mobile device not recognized by the system.
We are pleased to deliver this security upgrade to make it even safer for you to manage your money online.
Why are you changing the security standards?
We care deeply about keeping your money safe while providing you with easy access to your accounts. With the continued growth of online banking, there are increased needs for greater security standards to keep you and your money well protected. In addition, the government issued new guidelines in 2011, calling for enhanced security measures for online banking. Thus, we are upgrading our security procedures to provide you with the best protection available. Our new security standards will make it even safer for you to monitor and manage your money while safeguarding against unauthorized access to your accounts.
What are the changes?
There are two key changes that you will need to complete:
- We will ensure that your login is as strong as it can be. User IDs must be six characters long and they can’t be made up of only numbers (e.g. alphabetic or alphanumeric). They can be made up of a combination of letters, numbers and the following special characters: @$*_-=.!~. Your password must be six or more characters long and must contain both letters and numbers and/or symbols. If your current login does not meet these upgraded minimum requirements, you will be prompted to create a new username and/or password. In addition, if you use your member ID, you will need to create a new username. Once the upgrade is complete for all users, there will be one final step for you to take:
- We are also implementing a new requirement to verify your identity by phone when you log in. After providing your username and password, you will be asked to provide a phone number for a phone that you have with you. We will immediately send an access code to your phone (via voice or via SMS text message) that you will enter into your computer to complete your login. You can opt to have this computer remembered, so you do not need to repeat this step each time you log in. However, you must obtain a new access code for each computer or mobile device you use to log in that is not remembered on the system.
How will using my phone make my account safer?
We are implementing what is known as “multifactor authentication” which makes it more difficult for phishers and attackers to access your accounts without you knowing it. While this might seem unfamiliar, you actually use it every time you visit an ATM. When you access your account from any ATM, you need both your ATM card (something that you have) and PIN (something that you know).
We’re implementing the same type of protection by using both your password and your phone to access your account. By doing this, even if an attacker or a phisher manages to steal your password and tries to use it to log in, they would be unsuccessful because they would need your phone as well.
Is there anything I need to do?
You will be prompted to take these steps the first time you log in to Online Banking. At that time, you also must have a phone handy and provide the phone number to receive your access code. You will need this phone every time that you need to receive an access code.
Will I always need to use both my password and my phone from now on?
The first time you attempt to log in from a new computer, you will need to use both your password and the access code you receive on your phone in order to log in. If you are accessing from a private computer that you personally use, you can opt for the system to remember your computer for future logins. (See the screen example below.)
By doing this, you will not need to repeat the step of obtaining an access code via phone, and you will only need your username and password in the future to log in.
For the best security protection, we suggest that you always use both your phone and your password. If you do opt to have your computer remembered, we recommend that you do so only on computers that you personally own and that have the latest updates and virus protection software installed on them.
How about if I log in from another computer or mobile device?
The first time you log in from another computer or mobile device, you will need to use both your password and a new phone access code to log in. However, you can choose to have your new computer/mobile device remembered on the system so you only need your username and password for future access to your account online. Again, we recommend that you do so only on computers that you personally own and that have the latest updates and virus protection software installed on them.