FYI everyone. The tsp website has enacted the requirement for stronger passwords. This has to be done the moment you log in and before you can make any transactions. Be advised not to wait until a few minutes [before the deadline] for anyone wanting to make a transaction.

New passwords need to be over 10 characters with a mix of upper and lower case letters, numbers and special characters.

Geno

Yup, TSP and mypay and every other .gov website. Just be prepared to make a new strong password when you log in. It helps to have something in mind. Strong means anything from 12 alphas to 18 alphas upper and lower case, special characters (which may be limited on some sites), numerics and possibly no repeating from any previous password within some time period, perhaps ever. Rules are not standardized. Remember, this is to protect you from yourself and make your memory better. Best advice is that no password for an application should be similar to any other password for any other application and NEVER, NEVER write them down ANYWHERE. A person I know who works in cybersecurity stated "if you can do your job, we are not doing ours". Get used to it. My best advice is to use the "forgot my password" link if you don't log in every day. For those personnel information sites (like ESS or eOPF) soon you will have no rights to see that stuff anyway. Just trust your employer to take care of you!

It is a brave new world.

PO

Just reset mine, what's next 50 digits?:suspicious:

No. 26 alphas, 10 digits, 15 special characters, non repeated ever. That will soon solve the cyber security problem and make you unable to access the web site. Their problem is solved except for the hackers. If the customer cannot access the web site, mission is accomplished.

Amazing and the Lottery only has 7 numbers and you have something like 1 in 35 million chance of winning, but they can crack your 8 letter, upper and lower case, special characters and numbers passwords in a minute?What?!!!!!

I just changed mine. Now how am I to remember the new word?

I just changed mine. Now how am I to remember the new word?

https://lastpass.com/

FYI everyone. The tsp website has enacted the requirement for stronger passwords. This has to be done the moment you log in and before you can make any transactions. Be advised not to wait until a few minutes [before the deadline] for anyone wanting to make a transaction.

New passwords need to be over 10 characters with a mix of upper and lower case letters, numbers and special characters.

Geno

Thanks for the heads up. Just changed mine.

Now- to REALLY throw a monkey wrench into things.

I have BOTH a Civilian account and a Military (reserves) account.

Both were previously accessible to me under a single User ID.

Yesterday, I changed the password and it was defaulted to the civilian account.

However, I was UNABLE to access my military account.

So today, I logged in using the OLD password that I changed yesterday, and it asked me if I wanted to change the password on my MILITARY account.

So I changed it today to match the civilian account password I changed yesterday.

And now I have access, once again, to both accounts, under a single signon, single password.

But it took two password changes to make that happen.

Who would have thunk it?

But it took two password changes to make that happen.

Who would have thunk it?

Role-based security.....been around a while!:toung:

You can use an email address (made up. Not a real one) as a password. It works and is easier to remember.


Sent from my iPhone using Tapatalk

Smells like Q1 2008 when employee ID became the required log in. I know it sounds simple but it took me a while to get my money back to the G fund and I was traped in a falling market at the time, will never forget the pain of it. I was struck by the pure market timming of the whole event. Look out bellow !!

For two days now i can't access my TSP account. I was going to change my passworsd once i logged in. I called and the lady told me there was updates going on and to try later. Well, I did and no luck. After several attempts to log in it suspends your account for an hour. Seems like there could be another way of doing updates and still allow me to log in. Frustrating!

I tried logging into the TSP Website on Monday but the system would not accept my existing password and I too hit the account suspended for an hour after too many attempts. I called the TSP Thriftline and the rep told that this was happening to "thousands" of members. The only way around it is to request a new temporary password that will be mailed to me in about a week. For now, any TSP transactions I might want to make will have be done via the phone Thriftline at (877) 968-3778.

Okay, I posted yesterday that I had trouble getting into my TSP account. I did again today. When I called the TSP I had the nicest lady tell me how to change the PW. She said to sign in using your account #, next type only first 8 characters of your current password, then hit enter. A screen should prompt you to update your new password. That's it.

Changed mine to 12 characters the day before yesterday, it still works!

Okay, I posted yesterday that I had trouble getting into my TSP account. I did again today. When I called the TSP I had the nicest lady tell me how to change the PW. She said to sign in using your account #, next type only first 8 characters of your current password, then hit enter. A screen should prompt you to update your new password. That's it.


Changed mine to 12 characters the day before yesterday, it still works!

It sounds to me like they truncated the password field in the database. So all passwords used prior to changing only have 8 valid characters to validate against.

Probably happening to millions, if not all TSP accounts!!

This is what TSP Posted on its site May 11, 2014 and you can check it out at TSP.gov:
Stronger Web passwords — (May 11, 2014) The TSP now requires that all Web passwords be at least 10 characters in length. The next time that you log into the My Account section of our website, you will be prompted to change your password to one of your choice using our new requirements. Be aware that the TSP does not email you to change your password.

Guess what! They did not implement the part that says the next time you log in you will be prompted to change your PW! They are correct as they did not email anyone to let them know you would be locked out of your account if you did not have at least a 10 character length PW! Also, they did not tell anyone they would have to wait for up to 10 days to get a new PW thru the mail before they could get into their account again! How inefficient and moronic can the Gov and TSP be?? Now, TSP is very secure because most of its members are locked out of TSP’s online Service!
A Newspaper Story on this should be ran to embarrass the Managers at TSP, because they need to be embarrassed, and they need to apologize to all TSP members, or be replaced with competent people who know something about the security needs of a TSP online account! It certainly does not need or require a PW length of 10 digits or more, as there is very, very, very, little rick that someone or anyone could actually remove money from someone’s account even if they were somehow able to get into it or login to it! Its not like an online banking account, where someone could actually remove money from if they were able to access another person’s account! TSP needs to get real and be honest with its members!!

I had to call TSP twice in as many days in order to get that answer "only first 8 characters of your current password". I was a little pi$$ed.

I tried my new (more than 10 character) password just now-- No problem at all.

I have no issues looking at my account.

FWIW I logged in yesterday with my 8 character password and changed it. It works today. What sux is that I could actually remember the 8 characters. Now if I lose the media I keep the passwords on I am truly forked. I am not sure I like the idea of keeping all my login info on somebodies server in somebodies cloud.

FWIW I logged in yesterday with my 8 character password and changed it. It works today. What sux is that I could actually remember the 8 characters. Now if I lose the media I keep the passwords on I am truly forked. I am not sure I like the idea of keeping all my login info on somebodies server in somebodies cloud.

I had the same concerns, especially being an uhmm...techie:cool:--until I actually seriously researched the issue and realized how the process works. (A little understanding as to how passwords can be neutralized also helps in trusting the process.);)

It sounds to me like they truncated the password field in the database. So all passwords used prior to changing only have 8 valid characters to validate against.Actually, the wording before was that your password had to be exactly 8 characters. How's that for making life easier for the cracker? Anyways, if you had created a password with more than 8 characters, those beyond would have been ignored like Microsoft did in Hotmail. Now that the password length is increased to 10 min - 32 max you are typing in characters that you always typed but were never part of your password. It would have been better if they had checked and generated an error message for out of range passwords, but I guess that was too much to ask for.

Actually, the wording before was that your password had to be exactly 8 characters. How's that for making life easier for the cracker? Anyways, if you had created a password with more than 8 characters, those beyond would have been ignored like Microsoft did in Hotmail. Now that the password length is increased to 10 min - 32 max you are typing in characters that you always typed but were never part of your password. It would have been better if they had checked and generated an error message for out of range passwords, but I guess that was too much to ask for.
Got it!

FWIW most of those 8 character passwords were generated by TSP. Mine was and I'm willing to bet a warm Natural Lite most other's were. I never changed t because I could remember the one they sent. Cactus, I think you are exactly right.

PO

<sarcasm>

Very happy TSP decided to weaken my old password by limiting it to 8 characters without telling me. Very nice, it is only my largest store of wealth. Time for me to 'share the wealth', eh.

</sarcasm>

Question to all:

I redid my password a few weeks ago tot he more complex version...and it worked fine.

BUT...now I went to re-enter it and evidently my PW does NOT work. Seems I might have written it down on a piece of paper I might have trashed.

Only option I can now find is to request a new PW be mailed to me...which can take 3-10 business days.

So my question is..without a PW...is there any way you can still make an IFT by calling in to TSP and giving your account # and perhaps answer a security question?
I wanted to make an IFT today but got stymied! :(
Thanks...FWM

Question to all:

I redid my password a few weeks ago tot he more complex version...and it worked fine.

BUT...now I went to re-enter it and evidently my PW does NOT work. Seems I might have written it down on a piece of paper I might have trashed.

Only option I can now find is to request a new PW be mailed to me...which can take 3-10 business days.

So my question is..without a PW...is there any way you can still make an IFT by calling in to TSP and giving your account # and perhaps answer a security question?
I wanted to make an IFT today but got stymied! :(
Thanks...FWM

I think DreamboatAnnie called in an IFT recently...DBA?

BUGA BUGA!

Question to all:

I redid my password a few weeks ago tot he more complex version...and it worked fine.

BUT...now I went to re-enter it and evidently my PW does NOT work. Seems I might have written it down on a piece of paper I might have trashed.

Only option I can now find is to request a new PW be mailed to me...which can take 3-10 business days.

So my question is..without a PW...is there any way you can still make an IFT by calling in to TSP and giving your account # and perhaps answer a security question?
I wanted to make an IFT today but got stymied! :(
Thanks...FWM


I think DreamboatAnnie called in an IFT recently...DBA?

Thanks Ravenfan,
I just found out my answer...to anyone else in this situation.

YES...you can do an IFT over the phone while you have no online password and are requesting a new one mailed to you (could take 10 business days). All you do is call, enter your Account number into the automated system...then choose to speak to a live rep...then they will ask you some questions about your personal data (where you live, date of birth, type of retirement system you're on)...and then you can say what you want to do with your IFT...and they do it. Did it this evening and they said it will go thru COB tomorrow.

Usually like to wait and see what the market does...but did not want to get into a situation where you can't get thru to a live person right away and miss noon EDT deadline.

Thanks for the help...and I hope this helps someone else.

Thanks Ravenfan,
I just found out my answer...to anyone else in this situation.

YES...you can do an IFT over the phone while you have no online password and are requesting a new one mailed to you (could take 10 business days). All you do is call, enter your Account number into the automated system...then choose to speak to a live rep...then they will ask you some questions about your personal data (where you live, date of birth, type of retirement system you're on)...and then you can say what you want to do with your IFT...and they do it. Did it this evening and they said it will go thru COB tomorrow.

Usually like to wait and see what the market does...but did not want to get into a situation where you can't get thru to a live person right away and miss noon EDT deadline.

Thanks for the help...and I hope this helps someone else.

Roger that! Glad to hear you were successful.:D

Question to all:

I redid my password a few weeks ago tot he more complex version...and it worked fine.

BUT...now I went to re-enter it and evidently my PW does NOT work. Seems I might have written it down on a piece of paper I might have trashed.

Only option I can now find is to request a new PW be mailed to me...which can take 3-10 business days.

So my question is..without a PW...is there any way you can still make an IFT by calling in to TSP and giving your account # and perhaps answer a security question?
I wanted to make an IFT today but got stymied! :(
Thanks...FWM

i have the same issue. new password worked for several logins over a week or more but quit working yesterday. i know i wrote it down right and typed it in right on several login attempts.

i was not trying make an ift, so i haven't worried about it.

i figure greg long and the software brainiacs over at tsp.gov that have increased management fees ever since limiting ift's will eventually hire a consultant to figure out how inadequate and ancient their software is.

i think it's crying shame it takes 2 weeks in the mail to reset my tsp password to access my money. if i lock myself out of a secure government network that requires a security clearance to access other people's and uncle sam's money, i can reset it by answering as series of security questions or call help desk and instantly be restored access.

Just tried mine and it still works. I changed it 5/13. Something that works for me but is not without risk is to put the password in a file of some sort and copy and paste it. How you secure that file is up to you, there are lot's of options. The right click paste usually will not work on most web sites but the keyboard command which I'm sure everyone knows usually does.

Just tried mine and it still works. I changed it 5/13. Something that works for me but is not without risk is to put the password in a file of some sort and copy and paste it. How you secure that file is up to you, there are lot's of options. The right click paste usually will not work on most web sites but the keyboard command which I'm sure everyone knows usually does.

my favorite keyboard command is 'ctrl z'. it works almost everywhere except for on tsptalk.com, which is too bad because there are a lot of things i should've ctrl z'd around here.

oh well, you is what you is.

Thanks Ravenfan,
I just found out my answer...to anyone else in this situation.

YES...you can do an IFT over the phone while you have no online password and are requesting a new one mailed to you (could take 10 business days). All you do is call, enter your Account number into the automated system...then choose to speak to a live rep...then they will ask you some questions about your personal data (where you live, date of birth, type of retirement system you're on)...and then you can say what you want to do with your IFT...and they do it. Did it this evening and they said it will go thru COB tomorrow.

Usually like to wait and see what the market does...but did not want to get into a situation where you can't get thru to a live person right away and miss noon EDT deadline.

Thanks for the help...and I hope this helps someone else.Hi FWM, I've done IFTs by phone many times and they have always been accurate...the downside is that the confirmation letter takes a week to receive. Just need the TSP phone number (1-877-968-3778) and your TSP account number. They ask the questions you mention and you can change allocations and/or do IFT, and they can give you balance of each fund at that point in time.

They are quick at answering phone...I've done it 5 minutes before noon. The other day I was gonna try at two minutes before noon but changed mind and hung up. I've never been put on hold and they answer within about 15-30 seconds after you enter your account number....at least that has been my experience for past year. Total transaction time is about 2-3 minutes if you don't ask for balances. Obviously, it is less stressful if you call 15-30 minutes in advance...thats plenty of time. Bye for now DBAnnie :D

my favorite keyboard command is 'ctrl z'. it works almost everywhere except for on tsptalk.com, which is too bad because there are a lot of things i should've ctrl z'd around here.

oh well, you is what you is.

I have this in my office...

http://media-cache-ec0.pinimg.com/originals/e9/54/3d/e9543d748b36d246df2013000c920e40.jpg

I see a number of responses mentioning talking to the TSP folks by phone but I'm surprised no mentioned using the phone menu with your account number and pin to call in the IFT yourself. I've done that when I couldn't get the internet to work. It goes a lot faster than talking to a person and you don't have to answer all those questions.

Why does TSP still use SNAIL MAIL? All my other financial accounts allow me to get a new password by either eMail, phone or a Helpdesk after verifying that I am the person who owns the USERID, knows the security questions?

To me it seems like another expense that the government has to pay to mail the info to me along with taking so long to get it.

Just my thought

i have the same issue. new password worked for several logins over a week or more but quit working yesterday. i know i wrote it down right and typed it in right on several login attempts.

i was not trying make an ift, so i haven't worried about it.

i figure greg long and the software brainiacs over at tsp.gov that have increased management fees ever since limiting ift's will eventually hire a consultant to figure out how inadequate and ancient their software is.

i think it's crying shame it takes 2 weeks in the mail to reset my tsp password to access my money. if i lock myself out of a secure government network that requires a security clearance to access other people's and uncle sam's money, i can reset it by answering as series of security questions or call help desk and instantly be restored access.

fortunately i did not repeatedly enter the password enough times yesterday to cause a total lockout. I tried the exact same password i have written down (the one that worked for a couple weeks, and then did not work for the last two days) and it works today.

FWM, check your password and see if it works, unless you already ordered a replacement, i bet it works today, mine does.