News & information

Update to security enhancements to LiteBlue

Recently, NALC reported that some Postal Service employees were unknowingly providing their LiteBlue login credentials to fraudulent and criminal websites that appeared in popular search engines with similar names and web addresses to LiteBlue. Unfortunately, as a result some postal employees had their entire paychecks rerouted to criminals’ bank accounts instead of being deposited into their own.

To improve the security of LiteBlue, on Jan. 15, the Postal Service implemented multifactor authentication (MFA) when logging in. MFA provides an extra layer of security and may already be familiar to most through online accounts at financial institutions by confirming a code received via text message or through an app. Now, unless already done so since MFA was implemented, when employees sign in to LiteBlue they will be required to reset their Self-Service Profile (SSP) password, verify the last four digits of their Social Security Number (SSN), and set up their MFA preferences. On Jan. 17, a mandatory stand-up talk about multifactor authentication for LiteBlue should have been given in all stations and offices throughout the country. That stand-up talk can be found here. Additionally, instructions and videos to help set up MFA can be found here.

To further protect employees' accounts, the Postal Service temporarily disabled allotment and net-to-bank changes. Although many have secured their account by setting up MFA, the Postal Service reports that 38 percent of all postal employees have yet to do so. The ability to make allotment and net-to-bank changes will remain disabled until a greater number of employees have protected their accounts. In the meantime, employees can still use a postal computer to access PostalEASE to make allotment and net-to-bank changes. All letter carriers should set up MFA on their accounts as soon as possible.