I must have missed the announcement because I just noticed that the Thrift Savings Plan has changed the login procedure on their website this month. This comes only a few days after myPay increased their security features by installing a virtual keyboard for PIN input. The TSP now requires an 8 digit password instead of the previous 4 digit PIN. To change your PIN to a password, go to the website, input your account number and PIN as normal, and you will be prompted to change your PIN to a password.
The TSP made the change to increase security. According to the TSP website:
“We now require you to log into the Account Access section of this Web site with a longer, more complex Web password – a unique combination of letters and numbers that you can choose yourself or have the TSP’s computer generate for you.”
I think it’s great that the TSP is taking measures to increase security, but the new password rules really aren’t that much better than the old PIN. The rules require the password contain exactly 8 digits, at least 1 number and 1 letter, and NO special characters. The last requirement goes against every recommendation I’ve heard for a “strong” password.
What’s even better (sarcastic), is that you still need to remember your PIN if you want to access your account through the ThriftLine, the telephone access center. Your password will not work for the phone system.
In my opinion, the TSP did not do as much as they could have done to increase security or ease of use. In my opinion, the virtual keyboard at myPay is far more secure than the 8 digit password at TSP. The myPay system is also better for the user because the PIN did not change. Now TSP users have to remember their password for computer access and their PIN for telephone access. Thanks TSP, for adding one more password to the list of 20+ that we have to remember for all of our other accounts.