TreasuryDirect.gov Security Login Changes 2011

TreasuryDirect.gov is the official US Treasury website that allows individuals to directly buy securities online, including savings bonds and Treasury bonds. The problem is that they don’t want to take any responsibility for unauthorized access to your account, including reported fraud and theft, which actually makes them less consumer-friendly than even those evil megabanks. In the past, they figured the problem would be best solved with a series of clunky security measures.

I’m not sure why, but they have now streamlined the login process to be more similar to banking industry standards. On November 6th, they sent out the following e-mail to account holders:

TreasuryDirect has completed its security upgrades. Now, it is not necessary to use an access card to log into your account. When you log into your account, you will receive an e-mail containing a one-time passcode and the opportunity to register your computer. Also, for your added security, you will select a personalized image and verify your contact information.

The website was subsequently slammed and completely unusable all day. Always fun to spend the day wondering if your money is still there. :) Today, I was able to log into my account and check out the new process. As mentioned in the e-mail, here are the new layers of security:

  • You must enter your account number, no usernames. So it’s still W-123-456-789, instead of something you would use across multiple websites like “johndoe90210″.
  • If your computer is not recognized, a one-time passcode is sent to the e-mail address on file, valid for only 2 hours. You must enter this passcode to go further, and you can set a cookie to remember your computer and skip this step in the future. For some reason, the cookie didn’t work for me, I always have to go the passcode route. (screenshot)
  • You must set a personalized image and caption text. This is standard procedure amongst banks now to prove that you are on the valid TreasuryDirect site and not a fake spoofing website.
  • Finally, you must enter your account password by clicking keys on a virtual keyboard. This is to counteract keyloggers. As before, You can use a physical keyboard simply by disabling javascript.

I see this as an improvement in accessibility, although probably a slight decrease in security. I’m okay with it; I can finally shred my secret decoder ring access card!

Comments

  1. Mickey Blue Eyes says:

    I’m glad they got rid of the secret decoder ring card. I keep losing mine so I have to request another and wait a couple weeks for it to arrive.

  2. I was a rare bird who actually liked the decoder card and felt more secure with it. I never actually broke out the actual card – I’d just log in to Yodlee first and have Yodlee “Show Password” to get the decoder information when I logged in.

    But the amount I feel less secure with the new log in isn’t too bad. Besides, what options do I have – my entire emergency fund is in 2003 I-Bonds there?

  3. I had problems with site using Chrome browser. It kept prompting me for passcode. If I used FireFox, it would not prompt for another passcode.

    Overall, I am happy I no longer need to use card but now have to wait for aggregation sites (ie yodlee among others) to update their system for the change.

  4. Unrelated question but related to treasury direct. I purchasaed 5K papers bonds as gift on my wife’s SSN. Can I convert those paper bonds to ebonds in my account to show up as gift. I have already purchased 5K ebonds as gift to my wife in my account.

    JR

  5. One huge problem is that the electronic bonds and the paper bonds converted to electronic do not show up together. I don’t know why TD keeps them in different accounts. Would be good if I could see the total bonds with TD at any point in time.

  6. PawPrint53 says:

    Uh-oh, I didn’t get the e-mail. Now I wonder if the e-mail address they have on file is correct. So what happens if they send the information to the wrong e-mail address?

  7. I’m still unable to log into my account…it say Treasury Direct is unavailable…Is it just me or does anyone else have this issue. Thanks.

  8. Ardan – you are doing treasurydirect.GOV right? (not .com!) It comes right up for me.

    Then you click on the green Individuals, Enter. Then under Account Center, Log in now click Treasury Direct link. Then TreasuryDirect link again, then chose whether your account number begins with a letter or a number. They seemed to make it hard to find, but I get in no problem.

  9. Yes. I followed exactly what you did but I’m still unable to log in unfortunately.

  10. I believe they are using technology from CA Siteminder/Arcot to implement the authentication scheme. An Adobe flash cookie is used to store the camouflaged secret key. it could be a problem with chrome and flash.

  11. I’m currently using Firefox. I’ve also tried different browser, like IE and chrome, but I’m still unable to log in…

  12. Goldie C. Fronko says:

    I keep getting locked out of our account. I am quite disgusted with this Treasury Direct and I am trying to get my money out of the account to no avail. They keep sending me these passwords and then they say it is not correct. I have spent so much time on ths computer trying to get into my account that I am very tired of it. I wish I knew what I could do to make them give me my money back.

  13. S.J.BETBEZE says:

    I have been trying to access my account for some time. I was advised that my account number had been changed. Then I was given a security code which didn”t do anything. Question—-Do I still have an account ? How do I find what the current value is ? Also –How can I talk to a human about this ?
    my telephone number is — thank you SJB

  14. Egads SJB! Must be frustrating!

    Here’s the treasurydirect page with the phone numbers:
    http://treasurydirect.gov/call.htm

    Of course, for general stuff they say “email or write to us…”

    Here’s the page to contact them, which I presume you’ve already found:
    https://www.treasurydirect.gov/WF/WebFeedback?site=td01&subject=tdlogprob

    If it were me having trouble accessing my account, I’d try writing first, and if no reasonable reply in one week I’d start calling some of the numbers (even if not related) and be an annoying customer until I got someone on the phone.

    Good luck!

  15. over christmas I lost 3 bonds in all the excitment. Can you please help me out. I purchased them in October 2011. I have the copies. and I cant get through the phone line are always busy. Please help me out. taddah2002@yahoo.com Thank you Very Much

  16. Mary Anne says:

    We moved and need to change info. We have tried for over a week to contact them. First used the toll free number and left message. My husband emailed two days later and got a call the next morning but still could not log in with one time password. His account got locked. Have called and email several times and no one will return calls, this is ridiculous. Any suggestions.

  17. Janice Schlosser says:

    I have been trying for well over a week to get to speak to a human, rather than a computer!! I have been emailed that I would be called, and never have been, and it’s been about ten days now. I originally planned to add to my account, now all I want is to close my account, and have the money in there returned to my bank !!

  18. Mary Anne says:

    Someone finally called yesterday morning and both of us stayed on line with him until we were able to both access our accounts. We were so frustrated by the process that we sold all bonds in the accounts.

  19. I logged into Treasury Direct today by typing ‘treasurydirect.gov’ into my browser and what appeared to be the real website popped up. I was able to enter my account number, then, instead of notifying me an email with the one time passcode had been sent, a screen appeared requesting verification of demographic info. I know they have been updating security lately and thought this was more of same. I started filling it in then realized it was asking for SSN, address, drivers license number & issuing state, bank account #, routing #, etc. I deleted info from the fields I had started to fill in and ‘x-ed’ out of the form – definitely a scam page looking to steal your identity – and scary as I typed in ‘treasurydirect.gov’ and did not access the site from a link.

  20. John Smith says:

    I had my password and account number, but I was still forced to go through the verification process when I logged in from my laptop computer instead of my desktop that I had used before. It went through the entire process, and then asked me to answer 3 security questions, but it presents 10 of them and expects you to know which to answer. I answered all 10, as it said you could do. I was locked out, of course. I have emailed twice, and left phone messages twice, with no replies, and no call backs. This is a national disgrace. I will sell all my bonds the moment I get my access again.

    What a mess.

  21. I have tried logging into Treasury Direct several times in the past two days, and it says that they have sent me a temporary passcode, but I never received it after multiple tries. The one time I did receive a code (an hour after it was sent), treasury direct did not accept it and said it had encountered an error or maintenance or something. I tried calling them, but I was on hold for a long distance call for too long so I hung up and tried emailing them. Has anybody else been having similar problems?

  22. This new Treasury Direct process is broken and the user support to fix the problem is non-existent. It is impossible to call the number listed on the one time user code page (that never comes by email) and actually talk to a person. They get back to you when they “can”. I will not be purchasing any Treaury products from here on out.

  23. Jennifer, you were in the form to open a new account. That is easy to do if you click on something forgot my acct # or other ways. Others: the issue is just the end of paper bonds being sold… Thousands of new customers trying to set up electronic accounts and calling over and over. They are definitely calling back, but not as quickly as you are used to. Stick with it… The level of customer service will get back to normal once the hurdle is over. And, if you the security questions during login, it just means you for your password wrong three times. It then asks for your SSN and security questions before letting u change it, which is a good practice of security.

  24. This is absolutely intolerable. For a straight week I have been leaving my contact information on Treasury Direct. I need my money and the one time passcode is not being sent and there is no way to get a live body. ( I know its Washington) This is unacceptable. No one returns a call and there is no way to speak to someone.

  25. Wow, I thought I was the only one who was having these problems. So what happens after this goes on for a couple weeks? I was unaware of this change because my email on record was old, now my One Time Passwords are getting sent to an address I can’t access and no one is answering the phones. This is ridiculous.

  26. I converted all of my kids paper savings bonds into centralized, electronic bonds on Feb. 22 (and I had to send in my paper bonds to TD). This process was only supposed take 3 weeks max. It’s Mar. 29 and 13 of the 15 are still “in progress” status. No one replies to emails or contact forms sent. The 304-480-7711 number puts you in a long loop until you’re forced to leave a message (and of course no one calls you back). And now I just updated Firefox and can’t get into my account. It says it sent me my one-time code, but nothing has been received. This is ridiculous.

  27. I am so pissed-off I can’t get them to answer the phone – who can we complain to about this – I want my money – any other phone # to try?

  28. I sent in some old paper bonds with delivery confirmation and know that they got there, but I see nothing. How long does the process take of converting some of my older paper bonds into this system and then transferring them into my bank account? I’m older now and don’t get out much.

Speak Your Mind

*