We store passwords in a secure format to keep you safe both at Betterment and elsewhere.
We encrypt your personal information to prevent misuse in the wrong hands.
Only a small subset of Betterment employees have access to customer data.
The Internet can be a scary place: websites can get hacked and private data can get stolen. We understand that personal safety on the Internet is more important now than ever, especially when it comes to managing your investments online. To help keep your investments safe, we have a dedicated security team of experts who think about things like passwords and encryption so that you don’t have to. Here are just a few of the ways that we work to help keep your information safe.
In our digital age, passwords can sometimes feel like the bane of our existence. We’re expected to have different passwords for different websites and have them all be complex but still easy to remember. This often leads to bad habits, like reusing the same password for multiple websites because it feels easier.
This makes passwords a valuable target for hackers. When they hack into a website, this is usually the first thing they go for. We make this more difficult for hackers by storing your password in a format called a “bcrypt hash.” In short, this format is used to store your password in a scrambled state so that any potential hackers can’t read your password. This scrambled state also makes guessing difficult, so an attacker would still need to spend a lot of time and energy to decipher the original password.
We also offer app-specific passwords. For example, tax preparation software will often need access to your accounts to build an accurate understanding of your finances. The risk is that these third-party services have to save a copy of your password. They could use it do anything with your accounts that you could do yourself, including taking actions such as withdrawing all your money or changing your bank account information.
Our app-specific passwords were designed to prevent this scenario. These special passwords grant read-only access to third parties, meaning they can only be used to read information but not change it. If an attacker were to get this password, they would not be able to withdraw any money or make any other changes.
Typically when you log in to a website, you just need your password. Your password is acting as the first factor in place in order to access your account. With two-factor authentication, you not only need your password to log in, but you also need your phone. We’ll text a code to your phone, and you’ll have to enter that code in order to finish logging in. The code is now the second factor in place for account access.
If you enable two-factor authentication, it greatly strengthens the security of your account. Even if an attacker knew your password, they still would not be able to log in unless they also had access to your phone. We all generally have our phones with us, so while this adds very little friction for legitimate customers, it greatly frustrates attackers.
Limited Data Access
At many companies, external network security is taken very seriously, but the internal network can be a data free-for-all. At Betterment, we make sure that this is not the case. Most of our employees do not have access to any customer account information at all. Access to customer data is only given to those who need it.
Engineers who work on our software and administrative tools use a sanitized copy of the necessary data. This means the data is structurally similar enough to real data to get their work done, but does not contain any personally identifiable information.
Limiting access to customer data has two benefits to user safety.
- In the unlikely event that there is an employee with bad intentions, the amount of data they could access is kept at an absolute minimum.
- If an outside attacker found their way inside our network, they would still have a hard time gaining access to customer data.
Even before you log in to your account, encryption has already kicked in via Transport Layer Security (TLS). TLS helps to ensure privacy for all communications between your computer and our servers. Without it, anything you send us—such as your password or bank account information—would be sent out in the open web, making it easy for attackers to access your information. Because of TLS, you can feel confident that any information sent between you and us is kept private as it makes its way through the internet.
We also use encryption when storing your personal information. The information we encrypt includes your financial information, such as bank account and tax identification numbers, to your personal information, like social security number and secret questions.
Our dedicated security team is always working for you.
We understand that when you open an account with us, you’re placing a lot of trust in our services. This is why we have a dedicated in-house security team that works full-time to keep you safe. The team regularly reviews new code to minimize the potential for security issues, they monitor our various tools and systems, and they stay on top of industry trends and events. Keeping your account safe is our top priority, and we hope that gives you peace of mind.
Our Team of Experts
Our executive investing committee includes experts from a range of backgrounds. We make strategic decisions based on a systematic, evidence-based approach.
Is Betterment Worth It? Estimating the Added Value of a Robo-Advisor
Based on our estimation, using Betterment’s retirement recommendations could earn you 38.8% more after-tax money in retirement compared to investing on your own.
How Account Security Works at Betterment
Here are some of the ways we are keeping you and your data safe.
Explore your first goal
This is a great place to start—an emergency fund for life's unplanned hiccups. A safety net is a conservative portfolio.
Whether it's a long way off or just around the corner, we'll help you save for the retirement you deserve.
If you want to invest and build wealth over time, then this is the goal for you. This is an excellent goal type for unknown future needs or money you plan to pass to future generations.