Online/Mobile Password and Security Settings

Screen ID:

UCUOBSEC-01

Screen Title:

Online/Mobile Password and Security Settings

Panel ID: 6819
Tool Number: Multiple
    Click here to magnify

Access this screen by selecting Online Banking Password and Security Settings on the Online Banking Configuration Options screen.

This screen allows you set online banking password configurations, including your temporary password configuration and minimum password length. See the field descriptions below for more details.

Use Enter to move to the second screen where you can configure and activate MFA at login for It's Me 247 and BizLink 247. Knowledge Base items on this subject appear on that topic.

For instructions on online banking security, refer to the It's Me 247 Strategies for Controlling Member Access.

Field Descriptions

Formula for Temporary Passwords

Use this formula for temporary passwords (password resets & new members via Method A)

This setting controls what the members temporary online banking password will be set to. Members receive temporary passwords for a controlled length of time (24 hours) in certain situations, such as password reset, promotional campaign, and when activated as a new member. Credit unions have four options for this configuration:

  • Birth year + First 2 Letters of Last Name (ALL CAPS) (X)

  • Last four of SSN + Birth year (N)

  • Last four of SSN (default) (S)

  • First 4 of SSN and First 2 Letters of Last Name (ALL CAPS) (B)

(Corporations will use their TIN, origination date, and company name (in place of last name).)

When a credit union employee resets a member’s password, the reset screen will clearly state this selection so that the employee can advise the member correctly.

For instructions on using this feature, refer to the It's Me 247 Strategies for Controlling Member Access.

New Members - Method A (Formula)

Method A: # of days a new member has to log into online banking (1-7)

The default for this setting is seven. If a credit union activates a member in online banking during the creation of their membership and during workflow controls, this setting limits the number of days that member can log into online banking. Credit unions can select from one to seven days. After this configured number of days, the member must call the credit union to reset their password.

Method B: New Members and First-Time Users (Multi-Factor)

Method B: Allow first time setup via email and/or text message

This method uses a multi-factor technique for brand new members. This technique can also be used by existing members the very first time they access online/mobile banking.

To use this method, select which method of first time set-up you would like members to use (email and/or text). The member will then receive a temporary code in the method of choice using the contact information already on file in CU*BASE. This code is then entered on the log in screen by selecting the "First Time User?" link. The code is good for 24 hours after initial request.

NOTE: Text message fees do not apply for the outgoing text message containing the access code. Your credit union does not have to be enrolled in Text Banking to use the text code feature.

Member Process

The first-time user will access It’s Me 247. From there, the member will select the “First-time User?” link and choose the delivery method they prefer (text or email, depending on what has been configured and what data is already on file for the member). This will prompt the temporary activation code to be sent. The member must enter the code within 24 hours and then proceed through the regular first-time login process, including setting up a new username, password, and security questions, along with other first-time user steps (accepting the use agreement, etc.).

For details, refer to It's Me 247 Strategies for Controlling Member Access.

Other General Password Settings

# of password retries allowed before the account is locked

This is informational only and cannot be changed. The member has three attempts to enter their password correctly. If a member enters an incorrect password three times, online access to the membership is not allowed.

If a PIN/password is disabled due to invalid tries, an employee can use the speed sequence PIN or Tool #14 Member Personal Banker to reset the password, OR the member can use the forgot password feature and answer their security questions to reset their password.

Enforce complex password (will force password change unless password is already complex)

You can elect to force members to follow complex password rules when setting up their online banking password. This requires a combination of three of the following to be included in the password: lowercase letter, uppercase letter, number, and special character.

Leave the box unchecked if you do not wish to enforce these rules. (Members can still use this format if they wish, of course, but will not be forced to do so.)

  • NOTE: Activating this will force members to change their current passwords immediately (if they do not already have a complex password).

  • Refer to the It's Me 247 Strategies for Controlling Member Access booklet for more details.

  • NOTE: If complex passwords are activated, this is also used with BizLink 247.

Allow employee to manually enter a custom PIN for the member

Check this box if you want credit union MSRs and other staff to be able to enter a member's password using the speed sequence PIN or Tool #14 Member Personal Banker feature. This would allow a member who is having trouble setting their password online to ask a staff member to enter their preferred password for them.

Leave the box unchecked to block this feature. Instead, staff would need to reset the PIN to the temporary password setting (see above), which would then force the member to change his PIN the next time they log on to online banking.

  • NOTE: There is no expiration for this password, and the member will not be forced to change upon login.

Minimum length for password (6-10)

Use this field to specify the minimum number of characters that must be used for a member's online banking password. This is used by both It's Me 247 and BizLink 247.

NOTE:  Any member with a shorter password length will be required to update their passwords to match the new minimum length requirement upon next login.

  • NOTE: Maximum length is 256 characters for It's Me 247 and currently 6-10 for BizLink 247, although this 6-10 is of course impacted by the minimum length selected in this field.

For instructions on using this feature, refer to the It's Me 247 Strategies for Controlling Member Access.

Expire stale password after xx days of non-use (max = 90, Never expire 999)

You may use this field to activate an “expiration” period for online banking members. Enter the number of days for the expiration period – maximum 90 days. Enter 999 in this field to never have passwords expire.

  • “Expiration” does not mean the password itself needs to be changed periodically; this expiration comes into play only after a member has not logged into online banking for a certain period.

The expiration feature provides an extra measure of security for dormant memberships or members who do not choose to use your self-service options. (Remember that you can also choose to deactivate an individual member's access to these systems completely using the speed sequence PIN or Tool #14 Member Personal Banker.

When a member attempts to access their account through online banking but has not done so for more than the specified period of days, they will be instructed to contact the credit union to reactivate the password. (If the member’s password does expire, this member can also always use the “I forgot my password feature and answer a security question to reset the password.)

For instructions on using this feature, refer to the It's Me 247 Strategies for Controlling Member Access

Other Security Settings

Force usernames

Check this box to force members to create usernames in online banking and use them in place of their account number when logging into desktop or mobile online banking.

Otherwise, usernames are an optional security feature.