Easing the burden of password management

Cloud software helps advisers keep track of the minutiae

Mar 3, 2014 @ 10:45 am

By Joyce Hanson

Technology, security, compliance, practice management
+ Zoom

With all of the passwords floating around in an adviser's head each day — those necessary to log into a computer terminal, a mobile device or a cloud portal — having a secured method for keeping track of those numbers can be invaluable.

Russ Thornton, vice president at Wealthcare Capital Management, is always scouting around for new technologies that might improve his practice, and he did a lot of research before settling on a solution for managing his many passwords. But the time and effort he invested in a software system were worth it, he said.

“If I get hit by a bus, my wife knows what my master password is, and no one else knows,” he said. “It's only in our heads, not on paper.”

Most password management services are web-based and keep track of users' online accounts, log-ins and passwords on multiple devices. Users typically create a single password to gain access to their password manager, which remembers all of their log-in data and automatically signs them in to their accounts. The software generates random passwords and encrypts information with unreadable code that helps block hackers' routes to password data.

(Don't miss: 10 predictions on the future of mobile devices)

Financial advisers searching for their own password management software are likely to find an enormous array of product possibilities. When faced with all this choice, the best approach after determining software is needed, is to identify how it will be used in a practice, what security issues need resolving and who on the team should use it.

Individual advisers like Mr. Thornton who decide to use software rather than, say, a password-encrypted Excel spreadsheet are best suited for consumer-oriented password management products such as 1Password, Kaspersky Pure, LastPass or Trend Micro DirectPass.

Large advisory firms, on the other hand, will pay more for enterprise software to be used by their information technology teams. Enterprise products include Secret Server, which meets compliance mandates and automatically changes passwords that are shared and managed by teams; Password Manager Pro, which stores and manages shared sensitive information such as documents and digital identities; and CyberArk, which specializes in stopping security attacks.

Mr. Thornton is a LastPass user and pays for the company's premium consumer product, but not its enterprise version, because he is the only user. The premium version, which costs $12 a year, lets him securely encrypt his data in the cloud and allows unlimited use of mobile applications on multiple devices. LastPass also offers a free version for desktops only.

“You create a username and master password, and LastPass doesn't know what your master password is,” he said, adding that the company's slogan is, “The last password you have to remember,” because the software remembers all of his logins for all of his online accounts and also generates secure passwords for new websites.

Matt Pistone, chief technology officer for Riskalyze Inc., a risk engineering software firm that serves advisers, also uses the LastPass consumer version but soon plans to move his growing team of engineers to the enterprise version.

(More: Software tools test portfolios under different world scenarios)

He researched many software password management products and said LastPass and 1Password are the “big dogs” in the advisory industry because they've been vetted by the security community.

“In the context of advisers, it's not just you, it's your clients, and there's legal responsibility attached to that. I would recommend that any adviser should absolutely use some kind of password manager,” Mr. Pistone said.

He also urged advisers not to reuse passwords and to create random passwords that use as many characters, letters and numbers as possible.

“I would love to do 64 characters for every password, but you should have at least 12 characters in your password,” Mr. Pistone said. “If a hacker was trying to get your password, there's no way in the world they're going to guess 32 random letters and numbers.”

Todd Inskeep, senior associate at management and technology consultant Booz Allen Hamilton Inc., noted that most anti-virus malware products, including Kaspersky, Trend Micro, McAfee and Symantec, offer online password management tools.

Regardless of which software they use, financial advisers must remember to use different passwords for different systems, said Mr. Inskeep, whose previous experience includes a position at Bank of America Corp., where he led the bank's consumer security strategy.

“Many people use the same password everywhere,” he said. “Their Facebook password is the same password for their bank, Hotmail and other things they do online. That's a bad practice.”


What do you think?

View comments

Recommended for you

Sponsored financial news

Upcoming Event

Oct 17


Best Practices Workshop

For the fifth year, InvestmentNews will host the Best Practices Workshop & Awards, bringing together the industry’s top-performing and most influential firms in one room for a full-day. This exclusive workshop and awards program for the... Learn more

Featured video


Pershing's Dolly: 3 challenges facing advisers ahead

What are the biggest challenges facing financial advisers today? Pershing Lisa Dolly explains some of the hurdles, and how great advisers are overcoming them.

Video Spotlight

Will It Last As Long As Your Clients Do?

Sponsored by Prudential

Video Spotlight

The Catalyst

Sponsored by Pershing

Latest news & opinion

Nationwide's 401(k) record-keeping fees are excessive, lawsuit claims

Plaintiffs claim practice of charging plans a percentage of assets is unreasonable.

Wealth management firms struggle with lower fees, fewer new clients

Advisers in North America earned less from clients last year and saw a decline in average fees, according to a new report by PriceMetrix.

These investors are allowed to put $500K into a Roth IRA at once

The HEART Act permits rolling all or part of life-insurance and combat-related-fatality payouts directly into the tax-free retirement plan, but few take advantage.

Labor's Alexander Acosta and SEC's Jay Clayton tell lawmakers they will work together on fiduciary rule

In separate appearances before Senate panels, the regulators stressed the cooperation that Republican legislators and opponents of the DOL fiduciary rule are demanding.

Brian Block denies cooking the books at Schorsch REIT

Former CFO claims everything he did was 'appropriate' and 'correct.'


Subscribe and Save 60%

Premium Access
Print + Digital

Learn more
Subscribe to Print