|
1. How can I securely access my TSP account information?
If you want to access account information and make on-line transactions through this Web site, your browser must support Secure Sockets Layer (SSL) version 3.0 or higher, and 128-bit encryption. To access account information through this Web site, you will need to use your TSP account number and your TSP Web password. If you have forgotten your Web password, you can get a new one through Account Access. If you have forgotten your account number, you can also use the TSP Web site to request to have it mailed to you.
2. How does the TSP safeguard account information on the Internet?
There are three ways the TSP keeps account information secure:
3. How does my Web browser affect the security of TSP account information?
Your Web browser must meet TSP requirements for maintaining the privacy and security of your TSP account information, i.e., your Web browser must support Secure Sockets Layer (SSL) and 128-bit encryption.
For more information about encryption on your browser, look in the security information section of the browser's "Help" feature. You can also contact your system administrator or your Internet service provider for information about the level of encryption on your Web browser.
4. I work overseas. Am I able to use the Account Access feature because of restrictions on 128-bit encryption?
Yes. This Web site uses an encryption technique — Global Secure Site ID — that establishes temporary 128-bit encrypted sessions for overseas TSP participants when they use the Account Access section of this Web site. This encryption is accessible to you if you use a recent version of a Web browser.
5. What if I do not want to have online access to my TSP account information?
You can block online access to your personal TSP account information by writing to the Thrift Savings Plan. Include your TSP account number and your date of birth in your letter. If you block online access, you will not be able to access your personal TSP account information on this Web site. However, you will still be able to access your account through the ThriftLine unless you also block access to your account through the ThriftLine. (You will have to write to the TSP to unblock access.)
6. My TSP account number and Web password are automatically filled in after I type the first digit of my TSP account number. What can I do to eliminate this security hazard?
Some Web browsers offer an AutoComplete feature. We recommend that you disable this setting so that your browser does not save the TSP account number or Web password previously entered into form fields.
To disable the AutoComplete feature:
7. My TSP account number and Web password work. However, when I use the AOL, MSN-TV, or Unix browser, I sometimes get an invalid error message, or the messages "The security certificate was signed by an unknown authority" or "The security certificate presented by this website has expired or is not yet valid." How can I correct this?
You can verify the validity of a site certificate by double clicking on the lock icon or URL (i.e, tspweb2.tspsec.tsp.gov) in the bottom right corner of the screen on the Account Access login page.
These error messages can occur if the clock on the workstation is set beyond the date range on the certificate. To correct the date/time, go to the Control Panel and select "Date and Time" and make the adjustments in the window that displays.
Most Unix, AOL, and MSN-TV users who are experiencing difficulties accessing their TSP accounts do not actually have the most recent browser and encryption module installed. Downloading and installing the latest browser and/or operating system patches that have 128-bit encryption usually takes care of the problem. You can generally download the latest version of a browser with the necessary encryption free of charge from the Internet. However, if the problem persists, we recommend using a different Web browser.
8. Why do I get the error message "You cannot access this account for one hour. Please check the TSP account number and Web password and try again later?"
This error message reflects a feature designed to protect the security of your TSP account information. It is invoked when three attempts have been made to access your TSP account information using an incorrect TSP account number or Web password. The feature discourages unauthorized users from making repeated attempts to gain access to your TSP account information. If you have forgotten your Web password or TSP account number, you will need to look them up before you can proceed. If you do not know your Web password you can request that a Web password or your TSP account number be mailed to your address of record. Use the Account Access section of the Web site to request a new password. (We do not e-mail Web passwords or account numbers or provide them over the telephone.) Without your correct identifying information, the system cannot distinguish you from an unauthorized user.
9. My browser certificate has expired. What does that mean? What should I do?
This is not a TSP-related issue. If you try to access one of our Account Access secure pages and you encounter a browser warning dialog box stating "Certificate Authority has expired," the warning message refers to the root VeriSign® Certificate Authority (CA) certificate expiration, which does not affect the Secure Sockets Layer (SSL) encryption used with this Web site. You can avoid the warning by upgrading your Web browser.
10. Why do I get the error message "A browser-to-server authentication error has occurred because your IP address has changed since you logged into the Account Access section"?
To ensure the security of your TSP account information, your temporarily assigned Internet Protocol (IP) address for Internet access must remain the same during the entire time you are using the Account Access section of this Web site — beginning when you enter your TSP account number and Web password in the Account Security login screen and ending when you exit the Account Access session. This Internet access IP address, which is controlled by your Internet Service Provider (ISP) or your Internet Network Security office, is not the same as the IP address of your workstation on a Local Area Network (LAN) or on your home computer. Rather, it is a temporary Internet access IP address assigned to your computer session each time you connect to the Internet.
In the past, we noticed that during some Web sessions, a few ISPs and some agencies' Internet network security offices (which maintain a series of external Internet Firewalls to protect their Local Area Networks) randomly changed the IP address for different Internet transactions (even if the user is in the same Web session). By using revolving IP addresses for individual data transmissions, they hope to add extra security for LAN users using the Internet, as well as to balance the traffic load on the Internet. Unfortunately, this strategy of revolving external Internet Firewall IP addresses creates a browser-to-server authentication problem. As a result, when the IP address changes, your TSP Web session is aborted with the session error message 7B, "A browser-to-server authentication error has occurred because your IP address has changed since you logged into the Account Access section." Participants using dial-up ISPs should try accessing Account Access using a connection that does not continually change the IP address during a Web session.
To assist participants using workstations on a .gov or .mil LAN behind multiple firewalls, the Network Security Administrator can contact the TSP Webmaster to have their agency's or service's registered .gov or .mil IP address for their multiple external Internet Firewalls added to the "TSP Agency or Service IP Address Exception" list.
11. Why do I get the error message "This part of the TSP Web site is currently unavailable"?
The Account Access section of this Web site involves the electronic transmission of information between this Web site and the TSP record keeping system. Periodic routine maintenance on the record keeping system may temporarily interrupt or suspend the transmission of information to this Web site. To keep these interruptions to a minimum, the TSP performs many routine maintenance tasks in the evenings and the early morning hours.
Unexpected interruptions may also occur as a result of heavy traffic on the Internet (generally between 4:00 p.m. and 9:00 p.m. eastern time). Internet traffic congestion and temporary interruptions tend to occur at peak inquiry periods such as when quarterly participant statements are made available to participants.
If an interruption occurs while you are accessing your TSP account information, you will receive the message "This part of the TSP Web site is currently unavailable. Please try again later." To determine when a scheduled outage will occur and how long it is expected to last, click on the Account Access Scheduled Outage page.