Meet our writer
The Betterment Security team shares how we built features to protect our customers and what we learned along the way.
Articles by Betterment Security
How to Keep Your Account and Data Secure
Betterment is hard at work to make sure our products are secure so you can use them with ...How to Keep Your Account and Data Secure Betterment is hard at work to make sure our products are secure so you can use them with peace of mind. Here are a few tips on how to manage passwords, two-factor authentication, and general security preferences to help you stay safe. Managing My Account: How can I report suspected fraud? If you suspect debit card fraud, log in to your account through a web browser or mobile app to lock your card. Once locked, it cannot be used for any transactions. For all types of suspected fraud, please call Betterment as soon as possible so that we can further assist you. Passwords: What makes a strong password? Strong passwords are critical to helping ensure that your money and data are not compromised. The most important requirement for a good password is that it should be unique (distinct passwords for each online account you use). This protects your Betterment account when there is a data breach or compromise of your password at another company. Good passwords are also long and random. For optimal password protection, consider a longer phrase or character set. Betterment requires users to use at least eight characters, although 10+ is better. Avoid the following: last names, common places, names of products or services, or other identifying information that is discoverable online.You may consider using a “passphrase,” or a collection of random words separated by hyphens, commas, spaces, or other special characters (e.g., “elephant gray wrinkles, animals”). Another method: take a familiar phrase or sentence (from books, movies or pop culture, etc.), and use the first letter from each word. Then jumble the phrase with numbers or symbols for extra complexity. For example: “The sky is gray before it rains.” becomes “Tsigb4ir.!” While good password practice may seem daunting, there are a number of password manager tools to help you generate and remember your passwords safely. Some examples of these tools are 1Password and LastPass. App Passwords: How do I set up an App Password? Need to connect to financial applications and services such as Mint® or TurboTax® ? To do so safely, activate an App Password. This means only connected applications can use the password to see your account (“read-only” access). It will not work for logging into Betterment directly. To set an App Password, select “Settings” from the menu and then “Security.” Click “Generate a new App Password” in the section “App Passwords.” We’ll then ask you which application the password is for. Lastly, we’ll show you the password we generated for you – and will only display it once. Simply copy and paste the 20-character password shown and use it to log in to the application you set it up for. Two-factor authentication: What is two-factor authentication? Two-factor authentication (2FA), a requirement for Betterment accounts, helps to protect you from theft, even if an attacker has obtained your password. It provides an additional layer of security and requires a one-time passcode from either a mobile authenticator application, our preferred method, or from a text or voice message when you log into your account. The former is a more effective way of combating account takeover attempts (including cases where mobile numbers have been hijacked – known as SIM swapping). No safeguard can guarantee 100% against a data or security breach, but 2FA makes it significantly more difficult for malicious hackers to access your account. To set up two-factor authentication, head to “Settings” and follow the prompt... Once 2FA is activated, we’ll remember which trusted device you used. This will prevent you from having to enter codes every time you sign in on the same device. What do I do if my phone was lost or stolen? If your device was lost or stolen, please call us and we will help you set up 2FA on your new device. How to spot malicious phishing attempts In today’s complex digital landscape, hackers employ fraudulent “phishing” campaigns, a type of “social engineering” attack, to dupe users into clicking malicious links – often rerouting to a fictitious webpage capable of harvesting credentials, or deploying malware to infect your device or network. Hackers often use this as a staging effort to plan more sophisticated or dangerous attacks targeting you or your organization. These attempts may occur using email, text message or phone calls, or social media accounts. Watch out for emails impersonating Betterment. These may come from a domain other than Betterment.com, and could contain questionable URLs, grammatical errors, unfamiliar names or titles, strange/urgent requests, or may arrive in your inbox at odd hours. If you believe you’ve identified a phishing attempt impersonating Betterment, please do not engage with it, and forward it to our Fraud Prevention Team (firstname.lastname@example.org) as soon as possible. Minimizing damage from identity theft If your personal or financial information is accidentally disclosed or deliberately stolen, you may be at risk of identity theft. Report this to Betterment’s Fraud Prevention Team: email@example.com The Federal Trade Commission (FTC) also recommends steps that you should take to protect yourself following identity theft at their website: https://www.identitytheft.gov/.