Convenient Services

Enhanced Login Security FAQs

EFFECTIVE JANUARY 22, 2007 ENHANCED LOGIN SECURITY WILL BE REQUIRED TO ACCESS YOUR ACCOUNTS ONLINE.  You will be prompted to register at login.  It is a quick and easy process, and once done, logins from that computer will continue just as they always have in the past.  For more details, please review the Frequently Asked Questions below.

System Requirements
Q:  Does the Enhanced Login Security solution work with all of the approved browsers?  
A: Yes.
Q: Can Macintosh/Apple users participate in Enhanced Login Security?  
A:  Yes, all members will be able to use Enhanced Login Security with all of the currently supported browsers.
Q: What are the minimum system requirements for Enhanced Login Security and what operating systems are supported?  
A: Enhanced Login Security does not change the browser and OS certification currently in place by for those products. The browser requirements are the same as the ones in place now.  The computer must accept "cookies", as the registration places a Device ID, "cookie", on the computer that is recognized when the member logs in from that computer in the future.
Q:  Are our current password requirements changing as a result of Enhanced Login Security?  
A:  No changes to password requirements are being made with Enhanced Login Security. We continue to recommend the use of strong password formation requirements. The password rules do not change with the addition of Enhanced Login Security, but we encourage all of our members to use passwords of eight digits or more with a special character included.  Our passwords can be up to 16 digits, and can include letters, numbers, and characters.  As an added securtiy feature, you can also change your login ID to something other than your Member Number.  To update your password or login ID, select "User Options" from the left menu bar when logged in to shareNet.

Product Functionality Questions
Q:  What if the member can't remember the answers to his or her Challenge Questions? 
A:   Members can contact Member Services at (540) 663-2181 to be reset. Note that when a member is reset, they must re-enroll in Enhanced Login Security.
Q:  Will members be able to choose their own questions? 
A:  Members can choose which question of several they wish to use, but the member cannot enter their own challenge questions.
Q: Will the new challenge questions replace the current set of Forgotten Password questions that members use? 
A: No. The new challenge questions are the same as the current Forgotten Password questions.  Only members who do not currently have Forgotten Password questions set up will be prompted to answer them.
Q: Can a member opt-out of Enhanced Login Security?   
A: No.  Effective January, 2007, our regulators are requiring more that just a password to access online banking and complete financial transactions.  Enhanced Login Security will be required to access online accounts beginning January 22, 2007.

Enrollment & Un-enrollment
Q: How is the member's identity authenticated when they request to enroll and accept a cookie on their computer? 
A:  The first time the member enrolls; they are authenticated with their user ID and password. Once the member is enrolled in Enhanced Login Security, two factors are always required, one being the password, and the second being the registration of the computer.  If the member attempts to log in from an un-enrolled computer they will be required to authenticate through a secondary method, the Challenge Questions.
Q: How easy will it be for shareNet users to enroll multiple computers for use? 
A:  ShareNet users will be able to easily enroll additional computers. When accessing shareNet from a computer that is not registered, they will be presented the Challenge Questions.  By answering them correctly, they will be allowed temporary access to shareNet.  While in shareNet, they can register that computer by going to "User Options" and selecting Enhanced Login Security.
Q: How will members handle accessing multiple accounts from one computer?  
A:  Members will be able to access multiple accounts from the same computer. One secure cookie will be stored in the browser for each account.
Q: When a member purchases a new computer, will that need to be enrolled, and how do you un-enroll your old computer?  
A:  Any new computer would need to be enrolled for Enhanced Login Security. Old computers can be un-enrolled by logging in to shareNet from that computer and choosing the "remove extra security protection from this computer" option from the Enhanced Login Security options page under "User Options".
Q: Do members need to uninstall the authentication device (cookie) if they get rid of their computer?  
A: No. The feature is designed such that multiple validations are performed beyond simply checking for the cookie. Knowledge of a cookie does not provide information sufficient to access Internet Banking.
Q: If a member provides the IP address they will be using, can the Credit Union complete the registration process for that machine on their behalf?  
A:  No, the user must enroll the computer themselves.

Cookies
Q: Is the level 1 Device ID simply a cookie, or something more significant/less susceptible to attack?  
A: It is a cryptographically secure piece of data which happens to be stored in a cookie. The cookie-based credential is a unique identifier of the member. It is encrypted, and no externally identifiable member information is stored in it.
Q: Is this device ID a formal certificate or can it be cleared with spyware tools? 
A:  The cookie components will, in general, not be deleted by anti-spyware tools. The cookie device ID can be deleted; it is not a downloaded certificate.
Q: Will this prevent Trojan logging software from compromising passwords? 
A:  Enhanced Login Security, by itself, won't prevent compromise of passwords.
Q: Do cookies or pop-ups need to be enabled? 
A: The same browser setting requirements that are required with shareNet today will also be required for Enhanced Login Security.
Q: What if our members have their computers set not to accept cookies? 
A:  ShareNet currently requires the enablement of cookies. If they are accessing shareNet today, they should not have a problem.
Q: Will the cookie be easily deleted by the member? 
A:  It is possible for members to delete the cookie itself. It can be reinstalled the next time the user logs in from that computer. Our own research, and that of other organizations, indicates that users rarely delete all their cookies.
Q: If a member does delete the cookie, what happens? 
A:  If an member deletes the Enhanced Login Security cookie, they may be prompted to answer the Challenge Questions at their next login. Once they have accessed shareNet, they can re-enroll the computer by going to "User Options"/Enhanced Security Login.
Q: If using a public computer, what happens with the cookie? Is it cleared upon log out?
A:  We strongly recommend that members do not enroll public computers, thus not placing a cookie on the public machine. However users should assume that the cookie does remain on the machine after logout.  They may obtain temporary access to shareNet at a public computer by answering the Challenge Questions.  This will allow them a onetime access without registering that computer.
Q: We occasionally have to have members delete their cookies because they are having problems accessing our web site. Will that affect the cookie you're talking about as well? 
A:  Yes, it will affect that cookie. They will be presented the Challenge Questions at their next login, and will need to re-enroll the computer by going to "User Options"/Enhanced Login Security.
Q: Are there any issues with cookie installation for those that have personal firewalls? 
A:  Personal firewalls should not affect the installation of the browser cookie.

Please contact Members Services at (540) 663-2181 with any questions that you have about this increased security feature for shareNet, or send us a secure email by selecting "Contact Us" on the top menu of any of our web pages.