TSP: FAQs, Ch#3A, AA Browser & Web Site Security, 2004-08-30

Frequently Asked Questions

Account Access:
Browser and Web Site Security

Select one of the topics below.

(For browsers that cannot read JavaScript, please select items below.)

How can I securely access my TSP account information?

How does the TSP safeguard account information on the Internet?

What if I do not want to have online access to my TSP account information?

What is encryption?

How does my Web browser affect the security of TSP account information?

I work overseas. I am unable to use the Account Access feature because of restrictions on 128-bit encryption. What can I do?

With Microsoft Internet Explorer, my SSN and PIN are automatically filled in after I type the first digit of my SSN. What can I do to eliminate this security hazard?

My SSN and PIN work on the ThriftLine. However, when I use the AOL, Web-TV, or Unix browser, I sometimes get an invalid SSN/PIN error, or the message "The security certificate was signed by an unknown authority." How can I correct this?

My browser certificate has expired. What does that mean? What should I do?

What should I do if my version of Netscape is affected by the two FedCIRC Advisories FA-2000-05, "Netscape Navigator Improperly Validates SSL Sessions," and FA-2000-08, "Inconsistent Warning Messages in Netscape Navigator"?

Frequently Asked Questions
Table of Contents

Return to Top of Page

1. How can I securely access my TSP account information?

If you want to access account information and make on-line transactions through this Web site, your browser must have Secure Sockets Layer (SSL) and 128-bit encryption. To access account information through either this Web site or the ThriftLine, you will need to use your Social Security number (SSN) and your TSP Personal Identification Number (PIN). If you have forgotten your PIN, you can get a new one through Account Access or by calling the ThriftLine.

2. How does the TSP safeguard account information on the Internet?

There are three ways the TSP keeps account information secure:

The TSP never sends your name or SSN over the Internet.

The TSP computer system requires you to enter your TSP Personal Identification Number (PIN) before it allows access to your TSP account information.

The TSP computer system uses state-of-the-art encryption technologies.

3. What if I do not want to have online access to my TSP account information?

You can block online access to your personal TSP account information by writing to the TSP Service Office, National Finance Center, P.O. Box 61500, New Orleans, LA 70161-1500. Include your SSN and your date of birth in your letter. Note, however, that if you block online access, you will not be able to access your personal TSP account information on either this Web site or the ThriftLine. (You will have to write to the TSP Service Office to unblock access.)

4. What is encryption?

Encryption is a process by which your password and all information relating to you and your TSP account information is scrambled and locked with a mathematical key during an electronic transaction for your protection. Most browsers have an icon such as a key or a lock to represent an encrypted mode or session. A broken key, open lock, or no lock indicates that the session or mode is not encrypted.

5. How does my Web browser affect the security of TSP account information?

Your Web browser must meet TSP requirements for maintaining the privacy and security of your TSP account information. Your Web browser must support Secure Sockets Layer (SSL) and 128-bit encryption. The 128-bit encryption must be downloaded and activated on your browser.

For more information about encryption on your browser, look in the security information section of the browser's "Help" feature. You can also contact Netscape, Microsoft, your system administrator, or your Internet service provider for information about the level of encryption on your browser.

6. I work overseas. I am unable to use the Account Access feature because of restrictions on 128-bit encryption. What can I do?

This Web site now uses upgraded encryption — International Step-up or Global Server ID — that establishes temporary 128-bit encrypted sessions for overseas TSP participants when they use the Account Access section of this Web site. This encryption is accessible to you if you use a recent version of a browser, such as Netscape Navigator, or later versions of Microsoft Internet Explorer. You can find technical information about this encryption technology on the Internet.

7. With Microsoft Internet Explorer, my SSN and PIN are automatically filled in after I type the first digit of my SSN. What can I do to eliminate this security hazard?

We are aware that this happens with some computer systems and have determined that its source is the AutoComplete feature of the MSIE (Microsoft Internet Explorer) browser. We recommend that you disable this feature immediately so that it does not store a SSN or PIN previously entered in your MSIE file.

To disable the AutoComplete feature:

First, click on Tools (MSIE v.5) or View (MSIE v.4).

Then, click Internet Options to bring up the Internet Options window. Once in that window, click on the Content tab. Then click the AutoComplete button to bring up the AutoComplete Settings window.

Next, de-select the check box for User names and passwords on forms, and also click the Clear Forms and Clear Passwords buttons to clear your AutoComplete settings.

Finally, click OK to save the new settings.

8. My SSN and PIN work on the ThriftLine. However, when I use the AOL, Web-TV, or Unix browser, I sometimes get an invalid SSN/PIN error, or the message "The security certificate was signed by an unknown authority." How can I correct this?

We have discovered that most Unix, AOL, and Web-TV users who are experiencing difficulties accessing their TSP accounts do not actually have the most recent browser and encryption module installed. Downloading and installing the latest browser and/or operating system patches that have 128-bit encryption usually takes care of the problem. You can generally download the latest version of a browser with the necessary encryption free of charge from the Internet. However, if the problem persists, we recommend using the most recent version of the Netscape Navigator browser.

9. My browser certificate has expired. What does that mean? What should I do?

This is not a TSP-related issue. If you try to access one of our Account Access secure pages and you encounter a warning dialog box stating "Certificate Authority has expired," the warning message refers to the root VeriSign® Certificate Authority (CA) certificate expiration, which does not affect the Secure Sockets Layer (SSL) encryption used with this Web site.

You can avoid the warning by upgrading your browser. To download the latest version of your preferred Internet browser now, visit either Netscape's Web site, www.netscape.com, or Microsoft's Web site, www.microsoft.com.

10. What should I do if my version of Netscape is affected by the two FedCIRC Advisories FA-2000-05, "Netscape Navigator Improperly Validates SSL Sessions," and FA-2000-08, "Inconsistent Warning Messages in Netscape Navigator"?

This is not a TSP-related issue. These advisories represent Internet security flaws that occur when security certificates have expired. You can avoid the security flaws of older versions of browsers by checking to see whether your browser's security certificates have expired and, if necessary, upgrading your browser to the latest version. To download the latest version of your preferred Internet browser, visit either Netscape's Web site, www.netscape.com, or Microsoft's Web site, www.microsoft.com. For background information regarding security flaws and possible technical solutions, click on Security Advisories.

Return to Top of Page

TSP: General, Page Footer, 2004-05-24