Feb 19, 2020 New Changes to Web-Portal Password Requirements
We are committed to protecting your personal and financial data. We have robust software security systems in place and test them regularly. Whenever possible, we use multi-factor authentication (or two-factor authentication). Multi-factor authentication is just as important as having a strong and secure password.
In addition to multi-factor authentication, we have specific policies and procedures to protect your personal information from getting into the wrong hands. In our efforts to continually improve on our password procedures, we are releasing several new password requirements when logging into your web portal.
- The minimum password length is now 10 characters
- You cannot change your password to one that is known to be compromised
- Your password cannot contain your first or last names, your user ID, your email address, or variations of the words “password,” or “Advisor/Adviser”
On the roadmap- More changes pending
- If you log in using a password that is known to be compromised, you will be required to change it
- Passwords will not be able to contain several date-related words (year, month name, and season)
- Passwords will no longer expire
- Security questions will be retired
- Several new multi-factor authentication options will be added, in addition to email and text message
- You will have the opportunity to view your password as you are typing it
Protecting your password from predators
The National Institute of Standards and Technology (NIST) released new recommendations for adequate password protections. Among those suggestions are the obvious, like no sequential numbers, and the not so obvious—such as the ability to use any special character if desired. The most important recommendation was to “restrict passwords obtained from previous breach corpuses.”
There were 1,224 data breaches exposing nearly 447 million records of personal information in 2018, such as usernames and passwords. How do we limit those breaches from creeping into our systems?
Aside from these changes, what are some good tips and tricks to creating and maintaining a secure password?
- Do not reuse passwords across websites – Even if you have created a strong password that you can easily remember, once that password is compromised, your data on every site where you have used that password is now vulnerable.
- Adhere to modern password guidelines -To do this, we have to disregard some habits of the past. Today, complex passwords, with variations of upper and lower case, numbers and special characters, are not necessarily stronger. Longer is always better in today’s world. Password hints can easily be found in the age of social media, so do not use them as a means of password recovery.
- Use a password manager, but not the one built into your web browser -Using a password manager means you only have to remember one complex password, and the rest are stored away for safekeeping. Internally at Leonard Rickey, we use Lastpass, but 1Password and RoboForm have high marks from industry experts as well.
- Set up multi-factor authentication -It seems simple, but it is instrumental. Even if your password is compromised, this is another layer of protection that saves your information from being stolen.
To check if one of your passwords has been compromised, visit haveibeenpwned.com.
And for more information regarding protecting your financial accounts and identity, check out our blog on other cybersecurity tips: Cybersecurity 101
Leonard Rickey Investment Advisors, PLLC (“LRIA”), is an SEC registered investment adviser located in the State of Washington. Registration does not imply a certain level of skill or training. For information pertaining to the registration status of LRIA, please contact LRIA or refer to the Investment Adviser Public Disclosure website (www.adviserinfo.sec.gov).
This is provided for general information only and contains information that is not suitable for everyone. As such, nothing herein should be construed as the provision of specific investment advice or recommendations for any individual. To determine which investments may be appropriate for you, consult your financial advisor prior to investing. There is no guarantee that the views and opinions expressed herein will come to pass. This newsletter contains information derived from third party sources. Although we believe these third-party sources to be reliable, we make no representations as to the accuracy or completeness of any information prepared by any unaffiliated third party incorporated herein and take no responsibility therefore.
Any projections, forecasts and estimates, including without limitation any statement using “expect” or “believe” or any variation of either term or a similar term, contained here are forward-looking statements and are based upon certain current assumptions, beliefs and expectations that LRIA considers reasonable or that the applicable third parties have identified as such. Forward-looking statements are necessarily speculative in nature, and it can be expected that some or all of the assumptions or beliefs underlying the forward-looking statements will not materialize or will vary significantly from actual results or outcomes. Some important factors that could cause actual results or outcomes to differ materially from those in any forward-looking statements include, among others, changes in interest rates and general economic conditions in the U.S. and globally, changes in the liquidity available in the market, change and volatility in the value of the U.S. dollar, market volatility and distressed credit markets, and other market, financial or legal uncertainties. Consequently, the inclusion of forward-looking statements herein should not be regarded as a representation by LRIA or any other person or entity of the outcomes or results that will be achieved by following any recommendations contained herein. While the forward-looking statements here reflect estimates, expectations and beliefs, they are not guarantees of future performance or outcomes. LRIA has no obligation to update or otherwise revise any forward-looking statements, including any revisions to reflect changes in economic conditions or other circumstances arising after the date hereof or to reflect the occurrence of events (whether anticipated or unanticipated), even if the underlying assumptions do not come to fruition. Opinions expressed herein are subject to change without notice and do not necessarily take into account the particular investment objectives, financial situations, or particular needs of all investors.
For additional information about LRIA, including fees and services, please contact us for our Form ADV disclosure brochure using our contact information herein. Please read the disclosure brochure carefully before you invest or send money.