MOHELA Security Information

MOHELA takes security and privacy very seriously. We realize that your data is valuable and we take appropriate steps to protect that data. To protect our borrowers, we have invested in the latest technology; including Web Application and Next Generation Firewalls as well as an industry leading Security Information Event Management Dashboard. We promise to continue to invest in technology and staff to keep your information secure.

When you login to elfi.mohela.com make sure your address bar has green text which shows “Missouri Higher Education Loan Authority (Mohela)[US]”. We invest in an extended validation certificate to ensure our customers know they are going to the secure MOHELA website.

Learn more about Extended Validation Certification.

You will notice that if you try to login to your account from a computer not previously authorized, you will be presented with a challenge question (e.g. “What is the name of your first pet?”). We do this to make your account more secure so if a person obtains your password they will also have to know the answer to your security question to get into your online account. This is a standard practice for financial websites.

DNS is an essential tool for browsing the internet that is transparent to most people. However, under its normal implementation, DNS is not sufficiently secure. To mitigate this risk, MOHELA has deployed an enhanced version of DNS, known as DNSSEC, to protect our site from third party web spoofing and to give users assurance that they will always connect to the real elfi.mohela.com website.

Learn more about DNSSEC.

MOHELA monitors systems internally and externally (when applicable) from an availability as well as a security perspective. We use multiple systems to ensure that systems are performing as expected and their integrity is maintained.

During the course of a year, MOHELA goes through multiple private and government audits which include our physical presence and information systems. This includes ongoing SSAE-18 assessments which show we have appropriate physical, logical, and process controls in place which were audited by a third party.

In response to security vulnerabilities identified in 2014, MOHELA has disabled the use of the older Secure Sockets Layer v3 protocol and requires the use of Transport Layer Security (TLS) for end user connections. This primarily impacts old browser versions, such as Internet Explorer 7 from Microsoft.

MOHELA will no longer support TLS 1.1 beginning December 15, 2016. We will continue to support TLS 1.2, which is supported by newer browsers including:

  • Google Chrome - 30 and above

  • Mozilla Firefox - 27 and above

  • Microsoft Edge - all versions

  • Apple Safari - 7 and above

  • Apple Safari (Mobile) - iOS 5+


If you use an older browser, elfi.mohela.com may not function properly after the update. Please consider upgrading to a newer browser.

To determine which browser you are using, you can use a site like www.whatsmybrowser.org.