Frequently Asked Questions

Why are you changing the security standards?

We care deeply about keeping your money safe while providing you with easy access to your accounts. With the continued growth of online banking, there are increased needs for greater security standards to keep you and your money well protected. In addition, the government issued new guidelines in 2011, calling for enhanced security measures for online banking. Thus, we are upgrading our security procedures to provide you with the best protection available. Our new security standards will make it even safer for you to monitor and manage your money while safeguarding against unauthorized access to your accounts.


What are the changes?

There are two key changes that you will need to complete now:

1. We will ensure that your login is as strong as it can be. User IDs must be six characters long and they can’t be made up of only numbers (e.g. alphabetic or alphanumeric). They can be made up of a combination of letters, numbers and the following special characters: @$*_-=.!~. Your password must be six or more characters long and must contain both letters and numbers and/or symbols. If your current login does not meet these upgraded minimum requirements, you will be prompted to create a new username and/or password. In addition, if you use your member ID, you will need to create a new username. Once the upgrade is complete for all users, there will be one final step for you to take:

2. We are also implementing a new requirement to verify your identity by phone when you log in. After providing your username and password, you will be asked to provide a phone number for a phone that you have with you. We will immediately send an access code to your phone (via voice or via SMS text message) that you will enter into your computer to complete your login. You can opt to have this computer remembered, so you do not need to repeat this step each time you log in. However, you must obtain a new access code for each computer or mobile device you use to log in that is not remembered on the system.


How will using my phone make my account safer?

We are implementing what is known as “multifactor authentication” which makes it more difficult for phishers and attackers to access your accounts without you knowing it. While this might seem unfamiliar, you actually use it every time you visit an ATM. When you access your account from any ATM, you need both your ATM card (something that you have) and PIN (something that you know).

We’re implementing the same type of protection by using both your password and your phone to access your account. By doing this, even if an attacker or a phisher manages to steal your password and tries to use it to log in, they would be unsuccessful because they would need your phone as well.


Is there anything I need to do?

If your password does not currently meet the new standards, update this information now.  If you do not complete the update before the security upgrade goes live, then you will be asked to update this information upon future login. At that time, you also must have a phone handy and provide the phone number to receive your access code. You will need this phone every time that you need to receive an access code.


Will I always need to use both my password and my phone from now on?

The first time you attempt to log in from a new computer, you will need to use both your password and the access code you receive on your phone in order to log in. If you are accessing from a private computer that you personally use, you can opt for the system to remember your computer for future logins. (See the screen example below.)

By doing this, you will not need to repeat the step of obtaining an access code via phone, and you will only need your username and password in the future to log in.

For the best security protection, we suggest that you always use both your phone and your password. If you do opt to have your computer remembered, we recommend that you do so only on computers that you personally own and that have the latest updates and virus protection software installed on them.


How about if I log in from another computer or mobile device?

The first time you log in from another computer or mobile device, you will need to use both your password and a new phone access code to log in. However, you can choose to have your new computer/mobile device remembered on the system so you only need your username and password for future access to your account online.


What is Multifactor Authentication (MFA)?

MFA is the process used to verify access to only the correct member. MFA means two or more different types, or factors of authentication, must be passed. By using two different factors of authentication, we get a higher assurance that the member is the correct intended user, and not a fraudster. MFA is commonly used to protect remote access like logging to online banking, where your computer or mobile device is something you have, and your username/password, is something you know. Enhanced Multifactor Authentication (EMFA) is an updated version of the security features already in place. EMFA requires you to enter your password (which you know) and a One Time Pass code (OTP) that is generated and sent to your email or phone via text or voice call. These two factors authenticate that you are the owner of the membership.


What if I don’t want this EMFA, can I have it removed from my account?

We cannot remove EMFA from your account. All Dort Federal Credit Union online banking users are required to enroll their memberships.


When will I know that EMFA is set for my accounts?

Beginning December 12, 2012, you will be prompted to sign up when you login to your Online Banking session. Follow the instructions to enroll and register your computer by providing the information requested. You will be required to go through the EMFA process the first time you login on a computer or device. For example, if you login on your work computer and home computer, you will be need to go through the EMFA twice – once on each.


What is a One Time Pass Code (OTP) and how do I use it?

An OTP is a six-digit SINGLE-USE code that is **only valid for 10 minutes once received**. This OTP, or single use code, is sent to you by text, voice call or email – whichever delivery method you choose. At the same time you request your OTP via text, email or voice call, a dialog box will open up on your screen. Keep this box open and when you receive your OTP code, enter it into the designated field.


Why did I not receive my OTP when I requested it by email?

The OTP is instantly sent upon request. Most times the email is received within several seconds; however, delays can occur, depending on your email service provider.  OTP emails may get filtered into spam or junk folders. Check your Spam or Junk folder as well. You should also double-check to make sure the email address was entered correctly. Typos are easy to make.


What information will be required?


When you log in to Dort Online Banking you will notice a new screen appears prompting you to enter a mobile phone number, a landline number, and to verify your email address, or enter a new one. This new security procedure gives you enhanced protection by using a stronger authenticator and is known as EMFA. 

If you have chosen to add a phone number to send a text message and clicked ‘Activate’, you will receive a text message containing a single use passcode also known as OTP. When you enter this SINGLE USE passcode on the security screen, the system will recognize you as the authorized member. 

For convenience, after you successfully authenticate with your password and OTP, you may enroll your computer for use in authentication. If you choose to enroll your computer, a special Browser Cookie will be present on your computer which will enable our system to recognize you. With the enrollment of your computer the rest of your online banking experience will remain exactly the same as before we instituted this EMFA. In other words, you will only need your Username and password to access your online account.

**NOTE**: Unless you clear your cookies, your computer is set to disable cookies at the end of each internet session, or you’re running security software that does not allow for cookies,  you will only need to enroll a computer once, per membership. The next time you log in using the same computer you will not have to take this extra step—just log in as usual. If you choose to clear your cookies, or have disabled cookies being stored, you will need to get a single use passcode each time you log in to online banking.


If either member owner accesses the online account, will all owners receive the OTP every time one of us checks our account?

At the enrollment of your account you will be presented with a screen where you can enter up to 2 phone numbers to receive text messages or voice calls and 1 email address. So when you or your joint owner logon to your online banking account from a computer that is not registered as ‘Private’, you can select the specific phone number or email address you want the OTP sent to.


Why am I receiving a message that I have an existing banking session open, when I don’t?

This error indicates that the previous online banking session was not closed properly by clicking on the ‘Sign Off’ button. Close all browser windows and then sign back in. If you are still experiencing an error message, click here for information on **Deleting All Temporary Internet Files**.


I am outside of the United States and limited to receive my OTP by email. Why?

Unfortunately, our online banking system cannot accommodate international phone numbers at this time, so this limits our overseas members to the email option only if they do not have a U.S. phone number.


I did not receive the OTP through any of the options (email, text, or voice call). What should I do?

Contact Member Services so that an OTP can be generated over the phone. We can be reached at 810.767.8390 or 800.767.8390.


Everything I hear or read says that allowing cookies to reside on your computer is not good security. If I allow Dort Federal's cookie, won’t I be less secure?

Click here for more information on Cookies.


I set my computer to ‘Private’, but I am still asked for an OTP every time I sign on. Why?

This is likely because you have your browser set to delete cookies on exit or you manually delete the cookies. You may also have security software installed on your PC that removes the cookies. Please check your browser settings to make sure you are not deleting them. Click here for more information on Cookies.


I received an error message when trying to log into my account. What’s wrong?

Click here and here for help with error messages.


What about Mobile Banking?

Mobile Banking will require that you enroll in EMFA. If you have registered for EMFA on a PC, then the next time you login to mobile banking you will be asked to use your new Username and password and you will have register the device using the one-time passcode. If you haven't registered for EMFA on a PC, then you will login into mobile banking using your Member Number and password just as you do now.


Can I access Dort Online from other computers at home, work, or when I’m travelling?

Yes, you can access your accounts from any computer. However, when you sign in from a computer you have not registered as ‘Private’ and which does not have the special Browser Cookie, you will need to authenticate. This means you will be required to request an OTP after logging in with your Username and password.

You may enroll multiple computers as ‘Private’, but be mindful not to enroll a computer that you don’t often use, or that is shared with people you do not know. Enrolling a non-trusted computer is equivalent to lending your ATM card to a stranger.


If I forgot my Username and/or password, how do I get it?

If you have already registered with EMFA, then you will be able to reset your password yourself by following the onscreen instructions on the login error page. If you have also forgotten your Username, and have registered an email address in EMFA, then you can have the Username emailed to you. Just follow the onscreen instructions on the login error page.


If I enter the wrong phone number or email address, how do I change it?

If you have entered a wrong phone number or email address but have been able to verify your account with a correct one, then you can change or remove your other phone number or email address by logging into your account and going to "my profile".

If you have entered a wrong phone number or email address when first registering for EMFA, you can overwrite the incorrect one with the correct one.


I didn’t get my code by text, what do I do?

On the dialog screen you can request another is sent to you, you can select a voice call instead, or you can receive an email.


I  have dial-up Internet service, how do I get my code?

If you a dial-up Internet connection, then you will have to use a cell phone or an email address to receive your code.


Where in the text message is my code?

The code is in the body of the text message. It is not the phone number sending the text.


How do I know what browser I’m using?

Look on your browser's tool bar for help link or ? button. There should be an "About..." link underneath that button that will tell you what browser you are using. Here is a list of the browsers we recommend for use with our online banking.


Why do you keep changing online banking?

We are trying to make it more useful and more secure. You can't improve without changing.


What are the service hours when I can call for help?

Our usual service hours are 8am to 6pm, Monday through Friday and 9am to 12:30pm on Saturdays. For December 13, and 14 our service hours will be 8am to 8pm to help our members get through the initial setup.


Why can’t my username be my membership number?

Our regulators have told us it isn't secure for our members to use their membership number to login to online banking.


The username I want to use is taken, what do I do?

All of the usernames have to be unique so you will need to create a new one.