How Account Security Works at Betterment

Here are some of the ways we are keeping you and your data safe.

The Internet can be a scary place: websites can get hacked and private data can get stolen. We understand that personal safety on the Internet is more important now than ever, especially when it comes to managing your investments online. To help keep your investments safe, we have a dedicated security team of experts who think about things like passwords and encryption so that you don’t have to. Here are just a few of the ways that we work to help keep your information safe.

Password Safety

In our digital age, passwords can sometimes feel like the bane of our existence. We’re expected to have different passwords for different websites and have them all be complex but still easy to remember. This often leads to bad habits, like reusing the same password for multiple websites because it feels easier.

This makes passwords a valuable target for hackers. When they hack into a website, this is usually the first thing they go for. We make this more difficult for hackers by storing your password in a format called a “bcrypt hash.” In short, this format is used to store your password in a scrambled state so that any potential hackers can’t read your password. This scrambled state also makes guessing difficult, so an attacker would still need to spend a lot of time and energy to decipher the original password.

We also offer app-specific passwords. For example, tax preparation software will often need access to your accounts to build an accurate understanding of your finances. The risk is that these third-party services have to save a copy of your password. They could use it do anything with your accounts that you could do yourself, including taking actions such as withdrawing all your money or changing your bank account information.

Our app-specific passwords were designed to prevent this scenario. These special passwords grant read-only access to third parties, meaning they can only be used to read information but not change it. If an attacker were to get this password, they would not be able to withdraw any money or make any other changes.

Two-Factor Authentication

Typically when you log in to a website, you just need your password. Your password is acting as the first factor in place in order to access your account. With two-factor authentication, you not only need your password to log in, but you also need your trusted device. We’ll text you or call you with a code, and you’ll have to enter that code in order to finish logging in. The code is now the second factor in place for account access.

Two-factor authentication strengthens the security of your account. Even if an attacker knows your password, they still would not be able to log in unless they also had access to your trusted device. While this adds little friction for legitimate customers, it frustrates attackers. We’ll even remember which trusted devices you’ve logged in with in the past, so that you don’t have to keep entering codes when you log in repeatedly with the same device.

Limited Data Access

At many companies, external network security is taken very seriously, but the internal network can be a data free-for-all. At Betterment, we make sure that this is not the case. Most of our employees do not have access to any customer account information at all. Access to customer data is only given to those who need it.

Engineers who work on our software and administrative tools use a sanitized copy of the necessary data. This means the data is structurally similar enough to real data to get their work done, but does not contain any personally identifiable information.

Limiting access to customer data has two benefits to user safety.

  • In the unlikely event that there is an employee with bad intentions, the amount of data they could access is kept at an absolute minimum.
  • If an outside attacker found their way inside our network, they would still have a hard time gaining access to customer data.


Even before you log in to your account, encryption has already kicked in via Transport Layer Security (TLS). TLS helps to ensure privacy for all communications between your computer and our servers. Without it, anything you send us—such as your password or bank account information—would be sent out in the open web, making it easy for attackers to access your information. Because of TLS, you can feel confident that any information sent between you and us is kept private as it makes its way through the internet.

We also use encryption when storing your personal information. The information we encrypt includes your financial information, such as bank account and tax identification numbers, to your personal information, like social security number and secret questions.

Our dedicated security team is always working for you.

We understand that when you open an account with us, you’re placing a lot of trust in our services. This is why we have a dedicated in-house security team that works full-time to keep you safe. The team regularly reviews new code to minimize the potential for security issues, they monitor our various tools and systems, and they stay on top of industry trends and events. Keeping your account safe is our top priority, and we hope that gives you peace of mind.