Online/Mobile Password and Security Settings

Password/Username Settings

You can elect to force members to follow complex password rules when setting up their online banking password. This requires a combination of three of the following to be included in the password: lowercase letter, uppercase letter, number, and special character.

Leave the box unchecked if you do not wish to enforce these rules. (Members can still use this format if they wish, of course, but will not be forced to do so.)

• NOTE: Activating this will force members to change their current passwords immediately (if they do not already have a complex password).

• Refer to the It's Me 247 Strategies for Controlling Member Access booklet for more details.

• NOTE: If complex passwords are activated, this is also used with BizLink 247.

Check this box to force members to create usernames in online banking and use them in place of their account number when logging into online banking.

Otherwise, usernames are an optional security feature.

The member's username can be viewed and reset on the Update Online Banking Access screen.

• Refer to the It's Me 247 Strategies for Controlling Member Access booklet for more details.

This is informational only and cannot be changed.

The member has three attempts to enter their password correctly. If a member enters an incorrect password three times, online access to the membership is not allowed.

Refer to the It's Me 247 Strategies for Controlling Member Access booklet for more details.

If a password is disabled due to invalid tries, an employee can use the Update Online Banking Access screen to reset the password.

• This member can use the forgot password feature to reset their password. Depending on the Method setting configured at the bottom of this screen, the member will need to answer three questions or perform two-factor authentication to complete this self-reset method.

Use this field to specify the minimum number of characters that must be used for a member's online banking password. This is used by both It's Me 247 and BizLink 247.

NOTE:  Any member with a shorter password length will be required to update their passwords to match the new minimum length requirement upon next login.

• NOTE: Maximum length is 256 characters for It's Me 247 and currently 6-10 for BizLink 247, although this 6-10 is of course impacted by the minimum length selected in this field.

For instructions on using this feature, refer to the It's Me 247 Strategies for Controlling Member Access.

You may use this field to activate an “expiration” period for online banking members. Enter the number of days for the expiration period – maximum 90 days. Enter 999 in this field to never have passwords expire.

• “Expiration” does not mean the password itself needs to be changed periodically; this expiration comes into play only after a member has not logged into online banking for a certain period.

The expiration feature provides an extra measure of security for dormant memberships or members who do not choose to use your self-service options. (Remember that you can also choose to deactivate an individual member's access to these systems completely using the Update Online Banking Access screen.

When a member attempts to access their account through online banking but has not done so for more than the specified period of days, they will be instructed to contact the credit union to reactivate the password.

• If the member’s password does expire, this member can also use the “I forgot my password feature. Depending on the Method setting configured at the bottom of this screen, the member will need to answer three questions or perform two-factor authentication to complete this self-reset method.)

For instructions on using this feature, refer to the It's Me 247 Strategies for Controlling Member Access

This setting controls what the members temporary online banking password will be set to. Members receive temporary passwords for a controlled length of time (24 hours) in certain situations, such as password resets. Credit unions have four options for this configuration:

• Birth/charter year & first 2 letters of last/company name (all caps)

• First 4 of SSN/TIN & first 2 letters of last/company name (all caps)

• Last four of SSN (default)

• Last four of SSN/TIN & birth/charter year

(Corporations will use their TIN, origination date, and company name.)

When a credit union employee resets a member’s password, the Update Online Banking Access screen clearly states this selection so that the employee can advise the member correctly.

For instructions on using this feature, refer to the It's Me 247 Strategies for Controlling Member Access.

New Members and First Time Users

This allows you to select whether your credit union uses a multi-factor technique for new members and first-time users. Some credit unions wish to allow new members to have a period of time until they log into online banking. In this case, select "Do not allow" to not allow MFA use. Then select a number of days in the field below. See # of days a new member has to log into online banking (1-7) field below for another option.)

MFA for First Time and New Users Configuration

To use the two-factor (MFA) option, use this field to select the how the first time or new user can receive their code (email and/or text) the first time they log in to online banking

• NOTE: Your credit union will be charged text banking fees for the outgoing text message containing the access code. Refer to the most recent pricing guides for details.

• Your credit union does not have to be enrolled in the separate Mobile Text Banking feature to use this feature.

Member Experience

The first-time user will access It’s Me 247. From there, the member will select the “First-time User?” link and choose the delivery method they prefer (text or email, depending on what has been configured and what data is already on file for the member). This will prompt the temporary activation code to be sent. The code is good for 24 hours after initial request. For details and pictures of the member experience, refer to It's Me 247 Strategies for Controlling Member Access.

You can also activate MFA for members whenever they login.

This can be used as an alternative to MFA at login. (See above.)

The default for this field is seven. One digit entry.

• If your credit unions wants to lock down access to a shorter time frame than 7 days, set this field to a shorter time frame. The allowed range is 1-6 days. You may also use the MFA option (see field above).

This is used if a credit union activates a member in online banking during the creation of their membership and then resets the password to grant access and does not use the MFA option (see above.). To determine if the password is still valid, the system calculates the number of days past the membership open date. After this configured number of days, the member must call the credit union to reset their password.

• This password's expiration is different than a general temporary password expiration of 24 hours.

This is informational only. This indicates how long the MFA code/password combination is valid for a first time user.

CU Employee Password Reset Methods (Existing User)

Regardless of how the reset method, he member is required to immediately change their password upon login to a password known only to them. Additionally, temporary password reset rules apply, and the member must reset their password in 24 hours or have their password reset again.

For instructions on using this feature, refer to the It's Me 247 Strategies for Controlling Member Access.

This is checked by default and shown for informational use only. This indicates that when the password is reset to the formula selected in the Password/Username Settings section of this screen. The temporary password formula is then used with a password reset on the Update Online Banking Access screen.

Check this box if you want credit union MSRs and other staff to be able to enter a member's custom password on this screen. This would allow a member who is having trouble setting their password online to ask a staff member to enter their preferred password for them.

Leave the box unchecked to block this feature. Instead, staff would need to reset the password to the temporary password setting (or formula, see above).

• Employees begin the process to reset the member's custom password on the Update Online Banking Access screen.

Password Reset Methods for Member in Online Banking (Existing User)

If the member locks themselves out of online banking or otherwise forgets their password, they can use the “I forgot my password” feature to reset their password.

This Method configuration setting allows your credit union to select if they must answer their three security questions (Answer security questions) or if they should receive an MFA login code (Use two factor) to reset their password.

• Note: As noted on the CBX screen, this configuration does not apply to business online banking.

If Answer three security questions is selected, the member will need to answers all three of their security questions to reset their password.

If Use two factor is selected, your credit union can select if the member gets to select to receive their MFA code via text message, email, or either.

• The member will still need to answer a security question when performing the action of logging into online banking after resetting their password.

• Refer to the It's Me 247 Strategies for Controlling Member Access booklet for more details.

• Your credit union may incur fees for the texts sent to members. Refer to the most recent pricing guide for more details.

Regardless of the setting here, if the member does not have security questions configured, they will have to contact the credit union. (An answer to a security question is required each time they log in.) An employee can use the Update Online Banking Access screen to reset their access.

• Once the security questions are reset using this screen, the member will be asked at the next login to set up new answers, which can be to different questions.