With all of the passwords floating around in an adviser's head each day — those necessary to log into a computer terminal, a mobile device or a cloud portal — having a secured method for keeping track of those numbers can be invaluable.
Russ Thornton, vice president at Wealthcare Capital Management, is always scouting around for new technologies that might improve his practice, and he did a lot of research before settling on a solution for managing his many passwords. But the time and effort he invested in a software system were worth it, he said.
“If I get hit by a bus, my wife knows what my master password is, and no one else knows,” he said. “It's only in our heads, not on paper.”
Most password management services are web-based and keep track of users' online accounts, log-ins and passwords on multiple devices. Users typically create a single password to gain access to their password manager, which remembers all of their log-in data and automatically signs them in to their accounts. The software generates random passwords and encrypts information with unreadable code that helps
block hackers' routes to password data.
(Don't miss: 10 predictions on the future of mobile devices)
Financial advisers searching for their own password management software are likely to find an enormous array of product possibilities. When faced with all this choice, the best approach after determining software is needed, is to identify how it will be used in a practice, what security issues need resolving and who on the team should use it.
Individual advisers like Mr. Thornton who decide to use software rather than, say, a password-encrypted Excel spreadsheet are best suited for consumer-oriented password management products such as 1Password, Kaspersky Pure, LastPass or Trend Micro DirectPass.
Large advisory firms, on the other hand, will pay more for enterprise software to be used by their information technology teams. Enterprise products include Secret Server, which meets compliance mandates and automatically changes passwords that are shared and managed by teams; Password Manager Pro, which stores and manages shared sensitive information such as documents and digital identities; and CyberArk, which specializes in stopping security attacks.
Mr. Thornton is a LastPass user and pays for the company's premium consumer product, but not its enterprise version, because he is the only user. The premium version, which costs $12 a year, lets him securely encrypt his data in the cloud and allows unlimited use of mobile applications on multiple devices. LastPass also offers a free version for desktops only.
“You create a username and master password, and LastPass doesn't know what your master password is,” he said, adding that the company's slogan is, “The last password you have to remember,” because the software remembers all of his logins for all of his online accounts and also generates secure passwords for new websites.
Matt Pistone, chief technology officer for Riskalyze Inc., a risk engineering software firm that serves advisers, also uses the LastPass consumer version but soon plans to move his growing team of engineers to the enterprise version.
(More: Software tools test portfolios under different world scenarios)
He researched many software password management products and said LastPass and 1Password are the “big dogs” in the advisory industry because they've been vetted by the security community.
“In the context of advisers, it's not just you, it's your clients, and there's legal responsibility attached to that. I would recommend that any adviser should absolutely use some kind of password manager,” Mr. Pistone said.
He also urged advisers
not to reuse passwords and to create random passwords that use as many characters, letters and numbers as possible.
“I would love to do 64 characters for every password, but you should have at least 12 characters in your password,” Mr. Pistone said. “If a hacker was trying to get your password, there's no way in the world they're going to guess 32 random letters and numbers.”
Todd Inskeep, senior associate at management and technology consultant Booz Allen Hamilton Inc., noted that most anti-virus malware products, including Kaspersky, Trend Micro, McAfee and Symantec, offer online password management tools.
Regardless of which software they use, financial advisers must remember to use different passwords for different systems, said Mr. Inskeep, whose previous experience includes a position at Bank of America Corp., where he led the bank's consumer security strategy.
“Many people use the same password everywhere,” he said. “Their Facebook password is the same password for their bank, Hotmail and other things they do online. That's a bad practice.”
