How does the enrollment process work?
When you enroll for PenFed Online, you will select a user name and password to access your accounts online. You will also select a personal security image and phrase. Whenever you log in, we display your image and phrase so you can be assured that you are not accessing an imposter site.
PenFed also checks the computer you are using. Typically, you will access PenFed Online from one or two computers, such as your work and home systems. The system remembers your computers. Should you need to log in from a different computer, such as an Internet café, the system takes additional steps to verify your identity, by asking you to answer a secret question that you selected during enrollment.
The system remembers your computer(s) by assigning a unique identifier (a standard secure cookie) to each computer you use to access PenFed Online. The cookie is used to store the identification only. No personal or private data is stored in any way.
How is this more secure?
The PenFed Online logon process protects you from accidentally revealing your user name and password to a fake site. In addition, if someone does get your user name and password, they still cannot access your account because the computer they are using is not one of your registered computers. The system will then challenge the hacker to answer one of your secret questions, which they will not know, and they will be turned away.
Can't someone steal my security image and phrase?
No. Your personal security image is only shown to you if you log in from a registered "safe" computer, or, if you have answered a challenge question. So, it is not possible for an unauthorized person to get access to your personal security image.
What are challenge questions? Why do I need to set them up?
Challenge questions allow you to log in to PenFed Online from a new computer. When we detect that you are logging in from a new computer, you are asked a challenge question before allowing you access. Because you are the only one who knows the answer, we know it is really you. If someone has stolen your username and password, they cannot log in because they do not know the answers to these questions.
Why am I being asked a challenge question when I try to access PenFed Online?
There are several reasons why you might be challenged. These challenge questions are meant to keep phishers and hackers out because only YOU know the answer to these questions. Some reasons you might be challenged: you are logging in from a different computer, you are using a different browser, or you cleared all the cookies on your computer. If you are challenged, answer the question with the correct answer, and you will then be shown your personal security image and phrase.
After you answer the question, you will be asked whether we should remember this computer for future log-ins. If you are using a personal computer, you can answer "yes". If you are using a public computer, you should answer "no".
Should I register my computer?
PenFed highly recommends registering computers you regularly bank from as a strategy against unauthorized logon attempts.
There are a rapidly growing variety of illegal programs called Trojans that may be silently operating on your computer. Trojans are written to intercept your keystrokes (including the password or challenge question answers you type) while on financial sites.
PenFed has designed our logon security to protect against this by not challenging logins from registered, “trusted” computers so your answers are not presented or exposed to this illegal software. Should the illegal Trojan capture your password, a criminal would not have the answers to your challenge questions should they attempt to logon. Since their computer wouldn’t be registered, they will be challenged but won’t have access to the answers.
What if I log in at work, or from other computers?
If you use multiple computers to check your account (such as your work computer), you can "register" any computer that you know is safe. You will just need to go through one extra step of answering a challenge question. Once you have successfully answered your question, you are shown your personal security image and phrase, and asked for your password.
There is no limit to the number of computers you can register.
What if I share my computer with someone who has their own account? Can we both login from the same machine?
Yes, you can use the same computer to access your individual accounts. There is no limit to how many people can log into PenFed Online from the same computer.
What happens if someone steals my password? How does PenFed keep them from accessing my account?
When someone tries to log in using your stolen user name and password, we recognize that they are logging in from a different computer and ask them a challenge question. Since you are the only one who knows the answers to the questions they cannot give a correct answer. They will never see your personal security image or phase or be able toaccess your account.
Can I change my personal security image or phrase?
Yes, you can change your personal security image and phrase at any time. To make the change, go to the Account Actions tab after you logon.
Can I use or upload my own picture as my personal security image?
No. PenFed does not allow your own picture to be used. You must choose from our list of pictures.
I am at the PenFed website, and don't see my personal security image. I am being asked a question. Am I at the real PenFed site? What is happening?
First make sure you are at the legitimate PenFed website by typing in the web address (URL) of www.penfed.org directly into the web browser. Do not cut and paste the address from an email, and do not click on any links.
If you still see a question, answer the question, and you should see your personal security image and phrase. If it is there, you can be confident you are at the real PenFed web site.
Whenever you use a new computer or a public terminal, you are asked a question to make sure someone hasn't stolen your username and password. This might also happen in cases if you delete cookies from your computer or use a different browser.
Why is my browser’s address bar green when I visit penfed.org?
This is a new security feature that you may have seen on other web sites such as eBay.com and Amazon.com. Newer internet browsers (the list is below) can turn your address bar green when visiting a website with the highest security encryption and authenticity ratings. The green bar assures visitors and members that they are interacting with the real Pentagon Federal Credit Union website and not being hi-jacked to an illegal version that might steal personal information or silently download malicious programs onto your computer.
Internet browsers that can recognize the green bar: Internet Explorer 7, Firefox 3.x+, Opera 9 and Safari 3.2+.