Guess what? It just got easier to access your TreasuryDirect account. If you’re not familiar with TreasuryDirect, it’s a website run by the US Treasury which allows individual investors to make direct purchases of Treasury securities. And it used to be a huge pain in the butt to login.
Not only did you need your account number and password (which was entered on a virtual keyboard), but there were multiple security questions, plus you needed a physical access card. This card was roughly equivalent to an old-school secret decoder ring in that they’d give you row/column coordinates and you had to look up values on your card and enter them in the appropriate fields.
Using the card itself wasn’t terribly hard, but you had to keep track of it and have it handy whenever you wanted to login. I ended up taking a picture of mine and storing the image inside a encrypted password keeper because, without it, I couldn’t get into our account.
And if you lost your card? Too bad for you… You’d have to call the Treasury, verify your identity, and then wait for a replacement card to be snail-mailed to you before you could get back in.
I was thus intrigued when I got an e-mail last month saying the following:
Dear TreasuryDirect Account Holder:
We’re committed to providing a secure environment for your investments and personal information.
In a few weeks, we’ll be replacing the access card with personalized images, one time passcodes, and computer registration as new layers of security to your TreasuryDirect account. Continue to use your access card until you’re notified within your TreasuryDirect account.
Thank you for using TreasuryDirect.
Woohoo! No more physical access cards! And no more lists of security questions. In their place would be a much more standard login process involving personalized images, computer registration, and one-time passcodes. The changes apparently went live this past Friday (Nov 4th) and I was able to test them out over the weekend.
In short, the login process is now a whole lot easier. I started by entering my account number, after which I was greeted with the following message:
We are unable to recognize your computer. (You may not have registered your computer or some settings may have changed.)
To provide an additional form of authentication, we have sent you an e-mail containing a one time passcode. The passcode will be valid for 2 hours from the time it was sent. If you do not receive your e-mail within 30 minutes, please contact us at 304-480-7711. Please enter your passcode, indicate whether you want to register your computer, and click Submit.
The one-time code showed up a few minutes later. I clicked the “Remember This Computer” box, entered my code, and clicked submit. I was then asked to enter my password using a the mouse to click buttons on a virtual keyboard. Interestingly, I noticed that the password is not case-sensitive — kind of odd for a website that seems so focused on security.
After that, I was asked to choose a personalized image and enter a caption, which will be presented me in the future so I’ll know that I’m on the real TreasuryDirect site as opposed a scammer’s site designed to steal my credentials. This is pretty much standard fare for financial institutions nowadays, and I’m glad to see the Treasury taking a step into the 21st century.
But guess what? While logging out and logging back in to test the process for this article, I somehow managed to lock myself out of my account!
For security reasons, your account has been locked and cannot be accessed. Please contact us at (304) 480-7711.
As I write this, I’m sitting on hold waiting to get my account unlocked. Even with the new security features, some things never change…
Update: I was on hold so long that it forced me over to a voicemail system where I had to leave account and contact details so they could call me back. I’m still waiting for that call.