Security Improvements with New Digital Banking Platform

One of the most important updates with our new OlyFed Digital Banking platform is an upgrade to our login security protocols for online and mobile banking. A key part of this upgrade is the use of a randomly generated six-digit Secure Access Code (SAC) instead of pre-determined security questions.

A SAC is sent to a customer the first time they use a new device to log into our digital banking platform in order to configure that specific device to their digital banking profile. You’ve most likely experiences a similar process in use with other technology providers like Apple and Google.

National Institute of Standards and Technologies (NIST) is the United States agency, which is globally recognized for setting best practices when it comes to user authentication processes and procedures. In recent years, they have acknowledged that security questions for second-factor user authentication are generally not secure. Answers to questions like “What was the name of your first dog?” or “What town were you born in?” are easily discoverable in today’s world of social networking. While there are other options, such as making up fictitious answers to these questions, this security standard then becomes convoluted and difficult to remember for the user, which ultimately compromises the strength of the entire security system.

In today’s world, security professionals have come to a consensus that the most effective form of user identification and verification comes with two-factor authentication (2FA), which requires two different types of certification to prove your identity. The most common form of 2FA is with “something you know” and “something you have”. Think of 2FA in terms of how your ATM card works. In order to withdraw cash from an ATM, you need to have your card (“something you have”) and it requires a PIN number (“something you know”). Just having one of the two items won’t get you anywhere at the ATM; you must have both.

With our new Digital Banking system, we are requiring 2FA for “unregistered devices/browsers”. This means devices and browsers you haven’t used to log into your account before will require a second form of authentication to prove your identity in order to register a new device/browser. The second-factor authentication used here is the 6-digit code sent to you via SMS/text, email, or voice call. All of these are the “something you have” to complete the second half of the 2FA process.

At the end of the day, the best thing you can do to protect your digital banking user account from being compromised is to use good password hygiene. What does that mean exactly? It means using a strong password, preferably a long “passphrase”, which you only use for your OlyFed account. Do not use a password that you’ve already utilized with another website and most importantly do not use a password that can be easily guessed. Using a unique, long (16+ character) passphrase is one of the most effective ways to protect your user accounts. For best practices on how to create strong passphrases, check out this great article from SANS Security Awareness – Passphrases.

Thank you and if you have any questions, please feel free to Contact Me directly.