Anybody else hate the new MyPay login process? It used to be your SSN and PIN. Now you create a user name and a password. Seriously, I don't need DFAS babysitting me and telling me that they've created this new system to protect me. All they've done is piss off most of their users.

I would understand the great "need" for security if you could actually go into mypay and transfer money to different (other peoples) accounts but you can't so it's just silly.

For me its ok. I created a username that is easy to remember (INGUARD) lol. not! and a password that is similar to my AKO.

Piece of cake.

yea, what's someone going to log in to my mypay and do? change my TSP allotment?

You all do know you can start/stop allotments via MyPay ? So, if I have your login info, I can start an allotment to an account only I have access to and you might not see it for months. I can do it in the same amount you already have an allotment for, and by stopping that one, there's no telling how long I could get away with it.

This is meant to defeat keyloggers that steal your account info as you type it, then exfil that info to someone else that can then break into your account. The virtual keyboard prevents that.

I don't know about you, but the more security you can put around my money, the better I like it.

Sailor Dave, they had that virtual keyboard before, it's not new and has be used for years now. The other thing is, any time you start, stop or change an allotment you will receive an email notifying you of the change. Same goes for any changes to your TSP. Hackers would not waste their time on Soldiers Mypay accounts and if they had you'd have heard about it all over the news.

I'm not saying what has been done, I'm saying what can be done. That's their reasoning for at least trying to make it harder. Is that so bad, the folks who handle your money trying to keep it secure ? The email address that gets the notification of the change can also be changed on MyPay. So, I change the email address to my own, make the changes, get the email myself, then change it back to yours. You're still none the wiser till I have a bunch of your money. Your SSN can be had any number of ways. A personal username is a little harder to get. Couple that with the virtual keyboard and it adds a layer of security.

Again, not saying it has been done, but that it can be.

To get into TRICARE is even worse than mypay. They want you to create a complicated new PW with lots of %$§/& every 90 days!

Some IT civilian in the upper echelon of the darkest places convinces his boss that this is necessary and then it is written. If someone wants YOUR info they will get it, there is nothing you can do to stop it. 99.99% of all hackers couldn't care less about YOU or your buddy's information. They have much bigger fish to fry. One person in a high position either gets paranoid or convinced that there is a "genuine" need for this stuff and that's all it takes. I'm not advocating being careless. I'm simply stating a fact and that fact is that the overwhelming majority of the time that digital information is compromised it's not due to hackers, it's because someone loses or has their laptop stolen with sensitive informaiton on it. Physical security is much more important than electronic security. Besides the fact that you aren't allowed to process (receive, store or transmit) any classified information on a govt. computer that isn't labled "secret".

I always have to set up a new password....

You all do know you can start/stop allotments via MyPay ? So, if I have your login info, I can start an allotment to an account only I have access to and you might not see it for months. I can do it in the same amount you already have an allotment for, and by stopping that one, there's no telling how long I could get away with it.

This is meant to defeat keyloggers that steal your account info as you type it, then exfil that info to someone else that can then break into your account. The virtual keyboard prevents that.

I don't know about you, but the more security you can put around my money, the better I like it.

Meanwhile, my SSN is all over the place. MyPay without this new process was a lot more secure than many other things in the military. I'd rather have the old login and take my chances.

Meanwhile, my SSN is all over the place. MyPay without this new process was a lot more secure than many other things in the military. I'd rather have the old login and take my chances.
But, that's the point. Your SSN used to be your login ID. Since it is so "all over the place" if someone did want to do something nefarious, they were already half-way there. At least making a custom ID slows them down a bit. Nothing will really ever completely stop them in their tracks. But the less attractive you can make yourself sends them off looking for someone who doesn't make any effort to secure their personal information.

The bottom line up front is we just spent hundreds of thousands of dollars (I'm guessing but probably close) and inconvenienced millions of users to be "proactive" when there is no history of mypay ever being hacked or even targeted. There are so many "GOOD" targets out there that I highly doubt they'd even waste their time messing with mypay.

It's a non-issue for me. I created a custom ID that was easy for me to remember and that was it.

Anybody else hate the new MyPay login process? It used to be your SSN and PIN. Now you create a user name and a password. Seriously, I don't need DFAS babysitting me and telling me that they've created this new system to protect me. All they've done is piss off most of their users.

MyPay: So easy a caveman can do it :D

I went to Air Assault a month or so ago. My SSN is on the graduation certificate ... really???

An SSN is not considered classified. Check with your S-2, it's true.

Anybody else hate the new MyPay login process? It used to be your SSN and PIN. Now you create a user name and a password. Seriously, I don't need DFAS babysitting me and telling me that they've created this new system to protect me. All they've done is piss off most of their users.

It does seem a bit excessive, if that's what you mean. This point is definitive when you consider the fact that anyone can simply Google the military salary of any branch. This stuff is already public knowledge. It seems the only thing DFAS has succeeded in doing is placing another barrier in front of Soldiers who simply want to check on their pay.