Security FAQs

Enhanced Online Security is a security feature that adds an additional layer of protection to validate members when they log into Web Banking. This layer includes registering the computer you use when you login for Web Banking.

Enhanced Online Security identifies you as the true owner of your account(s) in two ways:

1. Verifying your Account identity by sending you a One-Time Passcode (OTP) if you are on computer you don’t normally use, Or
2. By recognizing the Computer(s) you normally use for Web Banking Enhanced Online Security remembers your computer by assigning a unique computer identifier (cookie) to each computer you use to access Web Banking. The cookie is used to store the computer identification information only. No personal or private data is stored. If you do not have cookies enabled you will have to enable them for Enhanced Online Security to work.

Enhanced Online Security is required.

The Enhanced Online Security will prevent anyone but you from accessing your accounts through Web Banking - even if they should have your User Name and Passcode. The Web Banking system will not allow access from the computer they are using and they will not have access to the device to which the One-Time Passcode will be sent.

No. Enhanced Online Security only increases the difficulty of anyone other than you from logging in to your Web Banking account.

No. If someone has access to your User Name and Passcode and either a computer you have registered; or has the device to receive the One-Time Passcode, that person could potentially log in to your account.

You can register as many computers as you want. We strongly recommend that you only register the computers that you frequently use to access Web Banking. Then, you only have to enter your User Name and Passcode to access Web Banking from those computers. If you want to access Web Banking from a computer that you haven’t registered, you simply send a One-Time Passcode to your phone after you successfully enter your User Name and Passcode.  Never give anyone your Web Banking Passcode.

If someone tries to log on to your Web Banking account from a computer that you did not register for Enhanced Online Security, they will be asked where they would like a One-Time Passcode (OTP) to be sent. Unless they have the telephone for the designated number, they will not be able to receive the OTP and login.

There are 4 simple steps after you log in to a computer for the first time:

1. Go to the Web Banking Login Page and enter your User Name and Passcode
2. Select the method(s) and phone numbers (text message and/or voice message) to which you want your One-Time Passcode (OTP) to be sent
3. Enter the 6-digit OTP
4. When you’re done, select the button to make your computer "Private"

Yes. You can register as many computers as you want. However, in order to register that computer, you must log in at the computer you wish to register. We recommend that you only register computers that you frequently use to access Web Banking. If you are using a computer that is accessed by numerous users (i.e. at a library), we recommend that you do not register your account on that computer. Instead, we recommend that you login and request a One-Time Passcode.

The registration process adds an additional layer of security to the Web Banking service. It allows the Web Banking system to recognize the computer you are using by placing a cookie on your computer.

The cookie is added to your Browser and will allow the Web Banking system to uniquely identify the computer as one you have authorized for accessing your Web Banking account.

Whenever you successfully login to Web Banking from that computer, you will be recognized and go immediately into Web Banking.

A "Private" computer is one that you have registered so that you do not need a One-Time Passcode (OTP) to access web banking. A "Public" computer is one that you would not normally use to access Web Banking and requires that you request an OTP in order to log in.

The OTP is a secure way to ensure that you, and only you, are the one accessing your account. Rather than answering Challenge Questions, a 6-digit code is sent via Text Message and/or Voice Message. The OTP is used for two purposes:

1. You want to access Web Banking from a computer that you have not registered, or
2. You forget your Passcode and want to reset it yourself without having to call Direct Federal

The Passcode that is known only to you, along with your User Name, is the usual way that you will log in to Web Banking. If you forget that passcode, or if you are logging in to a "Public" computer, you will request and use a 6-digit One-Time Passcode (OTP) to access the Web Banking system. Once that is done, you can re-set your regular Passcode or continue accessing your accounts from the "Public" computer.

This will happen whenever you delete cookies from your computer. Simply get an OTP and set the computer as "Private." If this happens frequently, check your Browser settings. Most browsers let you keep cookies from the web sites you specify.

You will be asked to use a One-Time Passcode after successfully entering your Passcode.

Yes. After entering the OTP for that session, select the button that makes that computer "Private."

We recommend you only register the computers that you frequently use to access Web Banking.  Every computer you register has your unique cookie installed. Should someone gain access to your User Name and Passcode, they can access Web Banking from any computer you have registered.

Yes. After logging in to Web Banking, go to User Options, select the Enhanced Online Security link and select “remove extra security from this computer.”

Yes. After logging in to Web Banking, go to User Options, select the Enhanced Online Security link and select “remove extra security protection on all computers.”

No. You can un-register the computer you are currently using or all of the computers that you have registered.

Yes. After logging in to Web Banking and entering the One-Time Passcode, you can re- register that computer.  See the instructions to register that computer.

Yes. The computer will store unique identifiers (cookies) to identify those members.

Yes. The cookie is stored in the Browser software to identify the computer. If you use multiple browsers, you must login to Web Banking and enter your User Name and Passcode and get a One-Time Passcode (OTP) whenever you use a new browser.

It is a message shared by your Web Browser and our Web Server. The message identifies your unique machine characteristics and stores the message in a Text File. When you log in to Web Banking, our Web Server verifies that the log in is coming from the computer you registered as "Private."  If it is not the same computer, the One-Time Passcode request is triggered.

No. You are still enrolled. However, the security system uses your computer hardware and software information to recognize you are a valid user. If you delete your cookies, the information is no longer available to authenticate your login. You will be prompted to request a One-Time Passcode.

No. It is encrypted, and no externally identifiable end user information is stored in it.

Unless you register the public computer by going to the Enhanced Online Security section in the User Options and select "Private," no cookie will be placed on the public computer. We very strongly recommend that you do not register public computers.