Easing the burden of password management

Cloud software helps advisers keep track of the minutiae

Mar 3, 2014 @ 10:45 am

By Joyce Hanson

With all of the passwords floating around in an adviser's head each day — those necessary to log into a computer terminal, a mobile device or a cloud portal — having a secured method for keeping track of those numbers can be invaluable.

Russ Thornton, vice president at Wealthcare Capital Management, is always scouting around for new technologies that might improve his practice, and he did a lot of research before settling on a solution for managing his many passwords. But the time and effort he invested in a software system were worth it, he said.

“If I get hit by a bus, my wife knows what my master password is, and no one else knows,” he said. “It's only in our heads, not on paper.”

Most password management services are web-based and keep track of users' online accounts, log-ins and passwords on multiple devices. Users typically create a single password to gain access to their password manager, which remembers all of their log-in data and automatically signs them in to their accounts. The software generates random passwords and encrypts information with unreadable code that helps block hackers' routes to password data.

(Don't miss: 10 predictions on the future of mobile devices)

Financial advisers searching for their own password management software are likely to find an enormous array of product possibilities. When faced with all this choice, the best approach after determining software is needed, is to identify how it will be used in a practice, what security issues need resolving and who on the team should use it.

Individual advisers like Mr. Thornton who decide to use software rather than, say, a password-encrypted Excel spreadsheet are best suited for consumer-oriented password management products such as 1Password, Kaspersky Pure, LastPass or Trend Micro DirectPass.

Large advisory firms, on the other hand, will pay more for enterprise software to be used by their information technology teams. Enterprise products include Secret Server, which meets compliance mandates and automatically changes passwords that are shared and managed by teams; Password Manager Pro, which stores and manages shared sensitive information such as documents and digital identities; and CyberArk, which specializes in stopping security attacks.

Mr. Thornton is a LastPass user and pays for the company's premium consumer product, but not its enterprise version, because he is the only user. The premium version, which costs $12 a year, lets him securely encrypt his data in the cloud and allows unlimited use of mobile applications on multiple devices. LastPass also offers a free version for desktops only.

“You create a username and master password, and LastPass doesn't know what your master password is,” he said, adding that the company's slogan is, “The last password you have to remember,” because the software remembers all of his logins for all of his online accounts and also generates secure passwords for new websites.

Matt Pistone, chief technology officer for Riskalyze Inc., a risk engineering software firm that serves advisers, also uses the LastPass consumer version but soon plans to move his growing team of engineers to the enterprise version.

(More: Software tools test portfolios under different world scenarios)

He researched many software password management products and said LastPass and 1Password are the “big dogs” in the advisory industry because they've been vetted by the security community.

“In the context of advisers, it's not just you, it's your clients, and there's legal responsibility attached to that. I would recommend that any adviser should absolutely use some kind of password manager,” Mr. Pistone said.

He also urged advisers not to reuse passwords and to create random passwords that use as many characters, letters and numbers as possible.

“I would love to do 64 characters for every password, but you should have at least 12 characters in your password,” Mr. Pistone said. “If a hacker was trying to get your password, there's no way in the world they're going to guess 32 random letters and numbers.”

Todd Inskeep, senior associate at management and technology consultant Booz Allen Hamilton Inc., noted that most anti-virus malware products, including Kaspersky, Trend Micro, McAfee and Symantec, offer online password management tools.

Regardless of which software they use, financial advisers must remember to use different passwords for different systems, said Mr. Inskeep, whose previous experience includes a position at Bank of America Corp., where he led the bank's consumer security strategy.

“Many people use the same password everywhere,” he said. “Their Facebook password is the same password for their bank, Hotmail and other things they do online. That's a bad practice.”

0
Comments

What do you think?

View comments

Recommended for you

Sponsored financial news

Upcoming Event

May 02

Conference

Women Adviser Summit

The InvestmentNews Women Adviser Summit, a one-day workshop now held in four cities due to popular demand, is uniquely designed for the sophisticated female adviser who wants to take her personal and professional self to the next level.... Learn more

Featured video

INTV

Diversity & Inclusion Awards: 2018 nominations are open

Editor Fred Gabriel and special projects editor Liz Skinner discuss the nomination process for InvestmentNews' inaugural Diversity & Inclusion awards.

Latest news & opinion

Broker protocol: Indecision over recruiting agreement is rampant

Ruckus over recruiting agreement has even wirehouse lifers wondering if it's time

Cetera reportedly exploring $1.5 billion sale

The company confirmed it's talking to investment bankers to 'explore how to best optimize [its] capital structure at lower costs.'

SEC Chairman Jay Clayton outlines goals for a new fiduciary standard

Rule should provide clarity on role of adviser, enhanced investor protection and regulatory coordination.

Advisers bemoan LPL's technology platform change

Those in a private LinkedIn chat room were sounding off about fears the independent broker-dealer will require a move to ClientWorks before it is fully ready.

Speculation mounts on whether others will follow UBS' latest move to prevent brokers from leaving

UBS brokers must sign a 12-month non-solicit agreement if they want their 2017 bonuses.

X

Hi! Glad you're here and we hope you like all the great work we do here at InvestmentNews. But what we do is expensive and is funded in part by our sponsors. So won't you show our sponsors a little love by whitelisting investmentnews.com? It'll help us continue to serve you.

Yes, show me how to whitelist investmentnews.com

Ad blocker detected. Please whitelist us or give premium a try.

X

Subscribe and Save 60%

Premium Access
Print + Digital

Learn more
Subscribe to Print