Child Support Business Online Services (CSBOS) 133-02140000

Item

Description

1

Does the CSBOS user need to remember anything like a password?

No. Once the user has created a passkey, CSBOS users don’t need to log in with their Login ID and password. They simply authenticate using their passkey for example:

• biometrics
• fingerprint recognition
• facial recognition
• screen lock
• PIN
• swipe pattern
• security key

2

Can someone else use my passkey?

No. The passkey only works on the user’s device the passkey was created on.

3

What if the CSBOS user gets a new device or operating system?

The user can request a password reset. A password reset will reset the authentication credentials and allow the user to create a new passkey.

A Service Officer in Employer Services must only complete a password reset in Cuba for an Administrator user for organisations with an Employer attribute.

Service Officers cannot reset sub-user passwords in Cuba.

If a password reset is required for an organisation with Financial Institution attributes, this request must be referred to the Financial Institutions Liaison Team via email

The user can create up to 3 passkeys. This needs to be completed during the initial passkey registration. Adding an additional passkey for back-up is recommended.

Item

Description

1

User does not have a compatible device or operating system

Passkeys are available on most devices. Users should make sure they have the most recent software update on their device. If the device has the most recent software and passkeys are not supported, they should be prompted to use another device or consider other sign in options such as authenticator.

If the user attempts to create a passkey on a device that does not support passkeys, the user will be advised by the device.

For example:

• This device does not support passkeys. You will need to try again on a different device
• You need to update to iOS 16 or above on your device
• You need to update to Android 9 or above on your device

2

Unable to access passkey to log in/device is lost or stolen

If the device with a passkey is lost or stolen, users can still log in to CSBOS if they have added more than one passkey. If the user only set up one passkey, a password reset is required.

For:

• Administrators, Employer Services can complete a password reset
• Sub-Users, an Administrator will need to complete a password reset

If a password reset is required for an organisation with Financial Institution attributes, this request must be referred to the Financial Institutions Liaison Team via email.

Once the user logs in with their Login ID and password; they will need to add a new passkey or register an authenticator.

3

Shared devices

Passkeys should only be created on a trusted device. A trusted device is a device they own and do not share with anyone else.

Example:

If the user created a passkey using a shared device, and they created it using their own trusted device by scanning the QR Code option.

When using a shared device, users should ensure that they:

• create a passkey that is specific to them, using a trusted device using lock screen or security key that is securely stored
• always sign out of their CSBOS account when finished and close all browser tabs and the browser window
• clear the browser cache, cookies and history after signing out of CSBOS

Note: if users have created a passkey on a shared device, and are concerned about the security of their account, staff should recommend they remove the passkey.

Item

Description

1

Does it cost anything to use an authenticator?

There are many free authenticators, while others may require a subscription or cost for certain features. Users should check the specific authenticator.

2

Is a second device required when using a QR code?

Users who are using a laptop or desktop computer, will need to use another device to scan the QR code.

Users who are using a mobile device, like a mobile phone or tablet, may be able to use the QR code on the same device by trying to:

• press and hold the QR code, or
• take a screenshot and press and hold the QR code in their device’s photos app

If these options do not work, the user should try to add an authenticator using the Add authenticator app during set up.

Users who are unsure how to access a QR code may need to seek help from another source, for example, Google search, for instructions for their specific device or computer.

3

How does a user log in once an authenticator has been added to a CSBOS account?

Once an authenticator has been added to the user’s CSBOS account, they can use it to log in to CSBOS. The user will log in with their Login ID and password followed by a time-based one-time password (TOTP).

4

Are all authenticators compatible to add to a CSBOS account?

No. When a user attempts to add an unsupported authenticator, they will receive error FBTOTP337E The submitted one time password is invalid. 1 incorrect attempt(s) have been made. You have 4 attempts remaining.

To use an authenticator supported by CSBOS, such as Google Authenticator, it is recommended the user adds the authenticator by selecting Open authenticator app or scanning the QR code. This avoids the authenticator defaulting to an unsupported standard when using the Setup key option.

Users who are using an authenticator that is not supported by CSBOS, such as Microsoft Authenticator, will need to try adding a different authenticator.

CSBOS supports authenticators that are compatible with the SHA256 security standard. Authenticators that do not use this standard will not work with CSBOS.

When using the manual Setup code option, some authenticators will default to an unsupported security standard. Some authenticators may let users change the settings to the compatible standard SHA256. If unable to change the settings, users should try adding the authenticator by scanning the QR code.

Item

Description

1

Why does it say the authenticator code is invalid or incorrect?

The user could have entered a code incorrectly, or the code is invalid (not supported by CSBOS), or has timed out. Users are prompted to check their authenticator and try again.

Authenticators use a time-based one-time password (TOTP). For the TOTP to work, the device the authenticator is on, needs to accurately show the user's local time. If the authenticator code is invalid, make sure the device's automatic date and time option is turned on.

2

Unable to access the authenticator to log in/device is lost or stolen

If the device with Authenticator is lost or stolen, users can still log in to CSBOS if they have added a passkey. If the user has not set up a passkey, a password reset is required.

For:

• Administrators, Employer Services can complete a password reset
• Sub-Users, an Administrator will need to complete a password reset

If a password reset is required for an organisation with Financial Institution attributes, this request must be referred to the Financial Institutions Liaison Team via email.

Once the user logs in with their Login ID and password; they will need to add an Authenticator App and/or create a new Passkey.

3

Authenticator not working

Check the CSBOS user has the latest version of the authenticator installed and/or have the user restart the authenticator app.