Enhancing Account Security with One-Time Passcodes
Why Did We Change Our Online Banking Login Method?
In our commitment to safeguarding our members from fraudulent activities, we have introduced One-Time Passcodes (OTPs) as a protective service. In the ever-evolving landscape of cybersecurity, traditional username and password combinations alone are no longer sufficient to protect your sensitive financial information. This is where OTPs come into play as a vital component of two-factor authentication (2FA), providing an additional layer of security. The use of OTPs is not only a standard level of defense for financial institutions, but a crucial measure in guaranteeing the safety and security of your account information.
We acknowledge that enhanced protection can occasionally pose challenges to certain services, but we view them as essential for ensuring the safety of our members financial information. While remaining steadfast in our resolve to uphold financial security, we are developing methods to reduce the frequency of OTP usage without significantly compromising safety. The well-being and privacy of our members are of paramount importance to us, and we are dedicated to taking all necessary measures to shield you from potential risks or harm.
Key Reasons for Using OTPs
- Dynamic Authentication: OTPs generate unique codes for each login attempt, making it significantly more challenging for unauthorized individuals to gain access to your account. The dynamic nature of OTPs ensures that even if one code is intercepted, it is rendered useless for future logins.
- Mitigation of Credential Theft: In the unfortunate event of a data breach or a phishing attack, where login credentials may be compromised, OTPs act as a strong defense. Even if a malicious actor gains access to your username and password, they would still require the current OTP for authentication.
- Protection Against Keyloggers: Traditional passwords are susceptible to keyloggers, malicious software that records keystrokes. Since OTPs are often delivered through separate channels (e.g., SMS, email), they remain secure from keylogging attacks.
- Secure Online Transactions: Especially crucial for financial transactions, OTPs ensure that the person initiating the transaction possesses physical access to the registered email address or mobile number. This adds an extra layer of security to your online banking activities.
- Compliance with Security Standards: Financial institutions are obligated to adhere to stringent security standards and regulations. By implementing OTPs, credit unions and banks ensure compliance with these standards, contributing to the overall security of your account.
- Reduced Risk of Account Takeover: OTPs play a pivotal role in preventing account takeover attacks. Even with stolen credentials, attackers would need the current OTP to successfully authenticate and gain control of your account.
We understand the importance of keeping your financial information secure, and the use of OTPs aligns with our commitment to providing you with the highest level of protection.
Minimize OTP Use
We acknowledge that increased security measures can occasionally pose challenges. Consider one of the following measures below to minimize the redundant use of OTPs when accessing your Members 1st account.
- Register commonly used devices for accessing your Members 1st account to remove OTP requests from secured devices.
- Download the Members 1st Mobile App to access your account with biometric authentication, such as touch ID and face ID, rather than OTPs.
Security Best Practices
- Don't Share OTPs: OTPs are meant to be confidential. Never share them with anyone, including friends or family. Legitimate service providers will never ask for your OTPs.
- Verify Recipient: Double-check that you are entering OTPs on legitimate websites or apps. Verify the authenticity of the request before providing any codes.
- Beware of Phishing Attempts: Be cautious of phishing emails, messages, or websites that attempt to trick you into providing OTPs. Always verify the legitimacy of the communication and source before entering any codes.
- Secure Email Accounts: Since many accounts use email for password recovery or OTP delivery, ensure the security of your email account. Use strong passwords, enable 2FA, and monitor for any unusual activity.
- Logout When Not in Use: Always log out from accounts, especially on shared or public devices. This ensures that even if an OTP has been used, an attacker cannot gain access to your account without the current OTP.
Resolving Connection Errors with Third-Party Apps
If you are experiencing issues with OTPs when using third-party links, there are a few troubleshooting steps you can take. One solution is to try unlinking and relinking your third-party accounts to correct any connectivity issues. Additionally, it's important to eliminate redundant OTP requests by setting up device registration. Manually registering your device will ensure you only receive OTPs when necessary and reduce the likelihood of encountering issues with third-party links. If you continue to experience problems, reaching out to the support team from the specific third-party service you are using may be helpful.
Some known examples of where this might occur include QuickBooks, Quicken, Coinbase (and other cryptos), Every Dollar, and Mint.