A Note from CU*Answers on Browser Security and Online Banking Passwords

When entering your password and/or security question to access the new It’s Me 247 online banking, you may encounter a message similar to the one pictured below:

Please note: this does not mean that your account or password have been compromised.  This message is also not originating from It’s Me 247 online banking.  Instead, it is originating from Chrome, as the browser now features built in functionality where it can intercept password fields and compare them against lists of compromised passwords from the dark web.  While it was possible for users to encounter this message using the old version of It’s Me 247, users may notice this more frequently with the new It’s Me 247, both for passwords and for the answers to security questions.

There are many reasons why password fields are identified as such, including certain protections that web browsers and other devices provide for these specially-designated fields:

  • Predictive text: If a field is not a password field, the system will attempt to determine what you are trying to type, and could potentially display your security answer or password as a potential predictive answer, and/or store whatever you enter as a potential entry for future typing.
  • Copy/Paste: Password fields are protected from copy/paste, meaning that you cannot copy from a password-type field and paste that value to another application.

We are also hearing buzz that other browsers are working on adding similar functionality down the road.  For more details on password features in Chrome and other browsers, take a look at the articles and resources below:

Chrome

Edge

Firefox

Please take this opportunity to educate your teams and your members about what a message like this means.  Encourage them to change their passwords more frequently, and to use secure password practices as well.