Why Secure Passwords Are Critical For RIAs

Author: Craig Pollack Date: Jan 02, 2018 Topics: _Investment Advisor Blogs

Having secure passwords could help eliminate enormous risks for Los Angeles investment advisors. If a password is not secure, a single flimsy word or phrase is all that stands between a hacker and your client’s data.

Secure passwords are complex. You may even have minor difficulty remembering them at first. That will make them a lot harder for hackers to crack using password-generating programs.

Overall, passwords are an essential part of our life. We use them to access email accounts, banking information, social networking sites, and the files we need to do our work.

Because keeping track of multiple logins can be difficult, many people use the same two or three passwords. These logins also happen to be notoriously easy to guess: names, dates of birth, mother’s maiden name, and other predictable details.

What Passwords Should NEVER Include

Your password should never include or consist of the following:

  • The actual word “password”
  • Sequential numbers or letters such as “123456789” or “abcdefg”
  • Easily guessed combinations such as “yourname123” or “abc123”
  • A single word that appears in any dictionary

Methods of Password Hacking

When a password is not secure, there are multiple ways to crack it and steal the information that it is supposed to safeguard. Here are some of the most commonly used ones.

  • Prying Eyes: If you work in a cubicle, or anywhere that is semi-public, be careful when logging into your accounts. Disgruntled employees have been known to shoulder surf, or watch a co-worker enter their username and password so that the information can be used to access and damage company resources if they are terminated.
  • Guesswork: Certain programs are engineered to guess your password based on information discovered about you online, such as names, dates of birth, license plate numbers, and more.
  • Dictionary-Based Hacks: These programs will run every word in a dictionary in an attempt to find a password.
  • “Brute Force”: This method is exactly what its name implies. Special programs or software will run every conceivable keystroke combination at an alarmingly high rate of speed. The best defense against these attacks is to have a lengthy and detailed password that includes special characters, numbers, punctuation marks, and both upper and lower case letters.

Additional Password Security Measures

Whenever possible, investment advisors should implement two-factor authentication protection to their accounts. This means that after inputting a password, a secondary verification system kicks in. Examples include a code sent to the RIA’s smartphone or RSA SecurID, which generates an authentication code at predetermined intervals.

Two-factor authentication ensures that a compromised password will not leave the account exposed. Hackers will have no easy way of bypassing the secondary authentication, making a two-factor system highly recommended in financial services environments.

Bottom Line

Los Angeles investment advisors need to remember that protecting their accounts with strong, secure passwords and two-factor authentication is not optional. FINRA, the SEC, and other regulatory bodies require investment firms to impose stringent levels of data protection.

By educating themselves on the dangers of loose password security, investment advisors will do a better job of fulfilling their obligations to the firm and their clients.

Is your investment advisor firm using secure passwords? Let us know your thoughts in the Comments box below.

The IT Security Primer For RIAs eBook



Craig Pollack

Craig Pollack

Craig is the Founder & CEO of FPA Technology Services, Inc. Craig provides the strategy and direction for FPA, ensuring its clients, business owners, and key decision makers leverage technology as efficiently and effectively as possible. With over 30 years of experience building the preeminent IT Service Provider in the Southern California area, Craig is one of the area’s leading authorities on how small to mid-sized businesses can best leverage and secure their technology to achieve their business objectives.