Among retail investors, there is serious concern around brokerage security. While just a few years ago the SEC reported that advisers had a 74% rate of being cyber-attacked, that has changed. The great news for investors is that mobile devices have improved an already improving security landscape for online investing. In addition to mobile being a first line of defense, luckily for investors, brokers have stepped up to the plate with strong security features to keep intruders locked out. We surveyed the top US brokers to find out which technologies are helping keep their assets safe. Here’s what investors can do to add even stronger protection to their accounts.
Stick To Mobile Devices
Today, the most exciting security advancements are built for mobile devices. Mobile fingerprint readers add an extra layer of security by encrypting user credentials and requiring TouchID authentication. Voice recognition and eye-scan capabilities are just around the corner. Already, some finance apps are beginning to release “selfie auth,” which uses facial recognition technology to verify their identity.
Malware & Phishing Emails
Millions of desktops are infected with malware, which sits idle in the user’s browser, waiting to copy their username & password credentials. On mobile devices, strict approval processes in the Apple and Google app stores prevent most malware; it is estimated that there are less than ten thousand mobile device malwares, and most are confined to jailbroken devices.
Another common desktop scam: phishing emails. A user receives an email that looks like it came from their bank, clicks a link leading to a site that looks like their bank’s site, and unknowingly enters their login credentials on a fraudulent site. Mobile phones are mostly immune to phishing, since banking emails deep link a user to their mobile banking app, not their website.
Your Password: Choose Wisely
A Verizon study this year found that 63% of financial data breaches involve weak or default passwords, so investors should start by creating a secure password. Sites like howsecureismypassword.net can tell you how long it would take a computer to crack your password, so you can test out all of your old favorites. As a rule of thumb, always use the maximum amount of characters allowed by your broker, mix symbols, numbers and caps, and change your password every 6 months.
|Broker A||Yes||Yes, free|
|Broker B||Yes||Yes, free|
|Broker C||Yes||Yes, free|
|Broker E||Yes||Yes, free|
|Broker H||No||Yes, free|
Double Layer Protection
Many brokers offer 2-factor authentication, which requires users to enter a numeric PIN, received via SMS, in addition to their password. However, none of the brokers activated this feature automatically; the user has to seek it out on the security settings page. Security-savvy investors should activate 2-factor auth; by requiring both “something you have” and “something you know” to login, 2-factor auth can keep an account secure, even if its password alone is easy to crack. Since they receive an SMS for each attempted login, users with 2-factor auth are alerted when someone attempts to access their account, allowing them to contact their broker and eliminate fraud before it begins.
For security-conscious investors, a strong password and 2-factor auth are no-brainers. To fight the factors they can’t control, investors should stick to mobile devices, which reduce the risk of malware and phishing emails and take advantage of state-of-the-art identity verification technologies.