State Police Credit Union

2 Factor Authentication For Home Banking

Beginning in January 2007 all federally insured financial institutions are required to implement a 2 factor authentication system. The traditional single factor system using only account number and password for allowing access to personal information is now considered inadequate. The new law does not require or specify any one way to do this. Instead it lists many ways that may be used to accomplish this. We have selected what we believe is the simplest, least intrusive and secure method.

To login to Home Banking, you type your account number & password as you always have – with no added steps. When you try to access your account from an unknown machine (all computers since we are just starting), a one-time password will be required; the one-time password will be sent to you in a email message. The one-time password is then entered into the login screen. This means you are verifying your identity using information already on file at the Credit Union, that was personally delivered to you, using a method only you can access. Now you understand why we have been asking you for your email address. It is important that we always have a working email address for you. If you have trouble receiving the email with the one-time password try adding cspcu.org to your white list.

At this point you have a choice as to whether or not you consider the PC you are at is one you want to be a secure PC. If you are using a public PC that you would not want anyone else to be able to access your account from, you would not specify it as a secure device. If you are using a home PC or one at work that you have complete control over you could specify it as a secure device. Un-Secure devices will always require the additional one time password to protect your privacy. Secure devices only require the one time password the first time thereby not burdening you again with the additional steps. Please note that if you ever delete cookies on your computer that it also removes the secure status. The next time you login to Home Banking you will have to go through the registration process again.

An additional feature generates a visual cue by applying a one-way cryptographic function to your account/password combination and a series of secret keys. Based on the result of the calculations, a visual cue is selected and displayed on the login screen. The visual cue will be a box with a colored background and a simple word like “Cat” or “Dog” or “AAA”. Your current account number and password combination will always generate the same visual cue. The only time your cue would change is if you change your password. Spammers and Phishers often create web sites that look very similar to the real website for the purpose of tricking people into divulging personal information that can be used for identity theft or other illegal purposes. Only the Credit Unions genuine web site can generate the proper cue for you. If no cue or an incorrect cue is displayed, it will be obvious that something is very wrong with the site.

The Credit Union is committed to providing the highest level of security possible. If you have any questions please call us at 203 235-6957 or 800 310-7728.