Published on

Florida Blue New Security Steps

Authors
  • avatar
    Name
    Steve Manning
    Twitter

FloridaBlue Members will see extra security steps when they log in to their online accounts

Summary

To keep our members’ sensitive and personal information safe when they access their health insurance information online, through our website or native app, we’re adding an extra layer of security to the member account login process.

Details

Starting this month, we’re adding identity verification and multifactor authentication at member login on our website and native app. Members will need to take these extra steps when they access their member account.

  • Here’s what to expect:

  • Identity Verification. Members will be asked for extra information to prove their identity the first time they log in. They’ll enter their:

  • Address, mobile phone number, and birthdate If we can’t verify their identity this way, they’ll get to choose from two other options.

Take a picture of your driver’s license or government issued ID and a snapshot of your face. (Note: Many people have gone through a similar process with other accounts that ask for personal information, or when making mobile deposit to their bank.) OR Answer several personal history-related questions, like “Which of these addresses have you lived at?” They’ll only need to do this first step once, unless they forget their username or password, or change their phone number or email address.

  • Multifactor Authentication. After completing step 1, every time members log in, they’ll enter their username and two passcodes. One will be their password and the other, a PIN code sent to their phone.

Background

Today, data breaches that expose user credentials are becoming more common. Multifactor authentication has become an industry standard to protect against this, and consumers now expect it as part of the login process. When a person enters a username, password, and extra identification — like a code sent to their cell phone or other device — it significantly lowers the chances their account will be hacked.

Timing

Security updates will be rolled out in phases between mid-February and early April.

ASO Groups — mid-February Fully Insured Groups (Large, Mid, and Small) — early March

A general awareness announcement will be emailed to all members the week of February 12. We’ll send members a second email that includes more details just prior to their phase’s rollout.

Next Steps If members reach out to you with questions, use the talking points below to help answer them.

Will I have to do identity verification more than once? Most of the time, no. It’s good for the life of your Florida Blue account. If you switch plans but keep the same online account, your identity verification remains intact. If you forget your username or password, though, you may need to complete the process again. If you lose access to your phone number or email account on file with us — same thing.

Are you storing any of the data that is being used to complete identity verification? No. It gets scrubbed from the system after you’re done. I don’t want to do multifactor authentication every time I log in. Is there a way to skip it? Multifactor authentication means you take an extra verification step every time you access your online account. But if you click the button that says you’re working from a trusted device, you may be able to bypass this step at future logins. What happens if I log in using a different device? Identity verification is tied to your username and password — as long as you use that account, you won’t need to repeat identity verification. You will need to repeat multifactor authentication when you login, though — since your new device isn’t “trusted” yet.

• I don’t have a mobile phone. Can I verify my identity without one?

Yes. To verify your identity, you may enter your regular phone number, on file at Florida Blue. Then when you choose how you’d like your passcode (PIN) delivered, click the option that says Voice.

You’ll get a phone call telling you your passcode.

For multi-factor authorization at future logins, you may choose the option that sends your PIN to your email address.

I have a facial recognition app on my mobile phone. Do I still have to complete identity verification and multifactor authentication? Yes, you do. Your facial recognition gives you access to your phone, but it won’t open your online member account. You’ll need to do the verification steps to get into your member account.

Discuss on TwitterView on GitHub