In order to comply with Executive Order 14028 (Executive Order on Improving the Nation’s Cybersecurity), the National Credit Union Administration’s Office of Examination and Insurance is reminding credit unions that the agency implemented multi-factor authentication (MFA) for the CUOnline application on April 1, 2023.
CUOnline is the NCUA’s web-based application for collecting and disseminating credit union call report and profile data.
Credit unions that have not yet registered their account should have received an email regarding MFA for user accounts. The email from “firstname.lastname@example.org” asks you to register your account (this is the account NCUA associated with the CUOnline user role you previously held).
User accounts NCUA created are formatted like an email address and may look like this: “Mary@12345.cu.” Note that this number is not your credit union’s charter number. Make sure your system’s time is correct for your time zone. Incorrect system clocks interfere with token behavior.
Credit unions should follow instructions in the email they received from the Okta account platform and be aware that registration emails from Okta expire after seven days. Failure to complete your registration may result in technical difficulties and interfere with regulatory filings.