Security

Use App-Specific Passwords to Sync Accounts More Securely It’s easy to set up app-specific passwords so that you can help safely share your Betterment data with your other financial providers. In the days before everyone’s financial accounts were available online—and even still—you might bring a shoebox full of financial statements to an advisor, who would pore over them and manually input your data into a computer system. Any big changes in your financial life would require hauling in a new shoebox full of statements, and a whole new round of manual inputs. If this sounds inefficient, it is. But like many things in our lives, technology now makes this much, much easier and better. Data aggregation is the general term for the process of streamlining, sharing, and storing financial information among financial institutions and financial applications, as well as the technology that facilitates it. This can be an incredibly powerful tool, allowing you to better organize a financial life that spans multiple accounts at multiple institutions: in addition to your Betterment account, you might have 401(k) accounts at your job, checking and savings accounts at large national banks, as well as student loans and credit card balances. But, sharing data also raises concerns about security, and you may wonder steps you can take to help protect your financial information while taking advantage of all of the benefits of aggregation. This article encourages you to consider using a technology to help protect your data that is widely available but less widely used than it should be: the application-specific password (or “app-specific password” for short). Tools that help sync external accounts offer a more holistic view of your finances but can lead to potential security risks. To help you understand what the app-specific password is, and why we recommend that you use them, it will be helpful to talk briefly about how companies typically use and share financial data within the data aggregation ecosystem. Sharing data between applications raises the competing concerns of 1) making sure that you have the ability to authorize the applications you use to access the information you need while 2) also making sure that your sensitive financial information—for example, the value of your financial accounts, or transaction data about how and where you spend your money—is secure. Betterment takes the security of your information incredibly seriously, both when we receive your data from an aggregator, and when we provide your data to third-party applications. Generally speaking, companies can be classified into three buckets in the data aggregation ecosystem. First, there are financial institutions, such as banks or brokerages, which are sources of financial account data. Next, there are “third-party applications,” which use financial information to provide other services. And third, there are data aggregators, which are the intermediaries that connect financial institutions with third-party applications. In different contexts, Betterment is both a consumer and a producer of financial data. On the data consumer side, Betterment gives you the option of syncing your external accounts to your Betterment goals. Betterment also is a source of account data for other third-party applications. For example, you may use tax preparation software and want to export transactional data from your Betterment account to the tax software. Or, you may use budgeting software and want to sync your Betterment account to it. App-specific passwords offer a middle ground between complete security and complete visibility of your accounts. App-specific passwords offer a middle ground between the highest levels of security and the maximum ease of data sharing. An app-specific password is generated by the financial institution that produces data that you, as a financial consumer, might want to share with a data aggregator or a third-party application. For example, you can generate a Betterment app-specific password for Mint, go to Mint, and enter that password, rather than your actual login credentials. Importantly, this means that third parties won’t have the ability to make changes to your account or withdraw money from your account. Since an app-specific password provides read-only access to your data, if a third-party application is subject to a hack or data breach, you can sleep easily knowing that a hacker who obtained your app-specific password would not be able to gain full access to your account as a result of that breach. App-specific passwords compare favorably with other types of data aggregation technologies. One of these is “screen scraping,” which allows an aggregator or third-party application to log in to a financial account and capture the information that appears on the screen. There are serious downsides to this approach. Every time you share your user credentials, it increases the opportunities for a bad actor to obtain them; a hacker could compromise your account if it breaches the data aggregator or third-party application. And, because screen scraping requires sharing credentials that provide complete access to the underlying account, anyone who obtains those credentials has the potential to steal not only your data, but possibly to transfer money out of your account as well. An alternative is an application-programming interface, or “API.” An API is a protocol or link between two applications that facilitates the exchange of data. There are many different approaches to creating APIs, but they typically allow the customer to exercise control over the data that is shared, including the ability to turn off access to the data whenever the customer wants. APIs have their drawbacks as well. Because they can be technically complex, APIs can be expensive to build. APIs also don’t follow any set technical standard, and unfortunately, many large financial require that data aggregators and third-party applications build to particular technical specifications that apply only to that one institution’s data. The end result is that APIs make sharing data more complex and, as a result, more expensive for you. Although Betterment is certainly supportive of the data aggregation industry moving toward a shared open architecture framework for APIs (meaning that everybody uses the same technical specifications), we’re not there yet. It will take time, money, and coordination between financial institutions, data aggregators, third-party applications, and regulators to ultimately make that vision a reality. In the meantime, we highly recommend that you take advantage of app-specific passwords, where available, to help protect the data that you share through aggregation. When you use Betterment, we make it easy for you to set up app-specific passwords. Here is a step-by-step guide for setting up an app-specific password to use when sharing your Betterment data. First, go to "Security" within Settings when you log in; scroll down to the section called “App passwords.” This is what you’ll see: When you are asked to generate a new app password, Betterment’s interface will then generate credentials for you to use to input into the third-party application, such as Mint or TurboTax. By entering this password, the application will get access to the data it needs in a read-only format, without providing full access to your Betterment account. And, just like with an API, you have total control over how long the third-party application has access to your data. To end that access at any time, all you need to do is navigate back to the “App passwords” section on "Security" and click “Revoke,” which will terminate the permission associated with the app-specific password to access your data. Use Betterment’s app-specific passwords, and encourage your other providers to adopt them. We hope that you will consider using app-specific passwords where they are available, and that you will push your other financial service providers to make them available if they aren’t already. Using them may be a very small hassle now, but could save you major headaches down the road.

8 Steps to a Safer and More Secure Betterment Account Here are eight safeguards, including Two-Factor Authentication, that help keep your Betterment account safe and secure. At Betterment, your account security is our priority. We’re working hard to continue building ways to help keep your accounts safe and secure. From our robust physical security protections for our servers to the safeguards we’ve put in place to protect you, our services are designed to improve upon traditional security. Built-In Safeguards to Protect Your Account Betterment has already implemented a number of safeguards to help protect your account. These include: Identity Verification. We conduct thorough identity verification checks for all new customers to confirm that the information provided is accurate, not suspicious, and not on any government watch lists. Transaction Review. We monitor transactions on an automated and manual basis to detect potentially fraudulent and suspicious behavior on our customer accounts. Automatic Logout. If you are logged in and inactive for an extended period of time, we’ll automatically log you out of your account to protect you from unauthorized user access. Contact Information Safeguards. Additional security mechanisms are in place to protect you from unauthorized changes to your account information. Account Ownership Verification. We verify that you have proper access to any synced external accounts, to help ensure that you have linked the correct outside account to your Betterment account. System Outage Protection: If there was ever a system outage, we have processes in place to help keep your financial account data safe and secure. Touch ID: When accessing your Betterment account from an iPhone, you can add a layer of protection by requiring your thumbprint for access. You can even use Face ID on an iPhone X. It’s important to remember, however, that even with all of these safeguards in place, there are a few things you can also do to help protect your account. When conducting personal financial business online or on your mobile device, you are also responsible for helping to keep your personal account secure. We recommend taking the following precautions to help protect your account. Practice Good Password Security Your password is the key to your Betterment account, so we want to help ensure that you’re using a good, strong password. We also know that you’ve heard this a million times, but we’re going to tell you what we think makes your password up to snuff. Good passwords are both long and random. For your Betterment account password, you should avoid using names, places, names of products or services (e.g., “investing” or “Betterment”), and any other factoids that people may know about you or that are discoverable online. Each time you create or reset your account password, we’ll help you see how strong it is. We recommend using unique passwords across all of your online services; this prevents any other services from impacting the security of your Betterment account. While good password practice may seem daunting, there are a number of password manager tools to help you generate and remember your passwords safely. Some examples of these tools are 1Password and LastPass. Two-Factor Authentication To help combat security breaches, Betterment uses two-factor authentication (2FA) to help protect your account from theft, even if an attacker has obtained your password. With this additional layer of security, you’ll be required to enter a unique verification code either from a mobile authenticator application or from a text message or voice call when you log into your account on a new device, or, if you haven’t used 2FA on that device for two years. While no safeguard can 100% guarantee protection against a data or security breach, 2FA makes it significantly more difficult for malicious hackers to access your account. Use App Passwords When Connecting Third-Party Applications to Your Betterment Account Personal finance applications and services (such as Mint and TurboTax) make your life easier. But, they also come with additional risks. By using your username and password to connect these services to your Betterment account, you increase the risk of unauthorized access to your account. Instead, Betterment offers the ability to leverage read-only App Passwords for these services. App Passwords allow you to connect these services for convenience and productivity but in a safer way. When using App Passwords, these services will only have the ability to view your account balance and other financial transaction information, without the ability to make changes, withdrawals, or deposits to your account. This way, you can take advantage of the benefits of these services with an additional level of security. From your Security tab, you should also consider periodically reviewing the third-party services you’ve granted access to your Betterment account, and revoke access from any applications or services that you no longer wish to use. Use Only Trusted Machines and Networks You’re probably using one or two trusted devices for your banking and financial activities. On these devices, make sure you are working with the latest security updates to the operating systems and applications installed. This is actually far easier than it sounds, with most systems and applications offering automated update options. Finally, any time you use a public or unsecured wifi network to access the Internet, you should refrain from logging into any websites containing sensitive personal details or financial information. If you must access these websites using an unsecured network, make sure the URL or Web address begins with “https”; the “s” means that it is secure. If You See Something, Say Something In addition to making it more difficult for hackers, implementing our recommended security tips will make it easier for us to identify suspicious behavior on your accounts. This allows us to more quickly alert you of this activity or take necessary action. We also recommend that you periodically review your account to verify any activity and transactions. Remember that Betterment sends transactional emails to confirm any movement into or out of your account, and you can also review your account activity at any time from the Activity tab. If at any time you suspect that your account may have been compromised or misused, please contact our support team immediately. For more information on our security practices and ways to protect your account, you can visit: https://www.betterment.com/security/security-procedures/

What Encryption Means for Your Financial Security Encryption and hashing are mechanisms used to conserve your data’s confidentiality and integrity, so that your secrets are kept secret when you send them to us and our servers. You have secrets. They could be passwords, credit card numbers, or even your social security number (SSN). In this digital age, sometimes you have to share those secrets with specific companies, like your financial providers. Encryption is a way to help ensure the confidentiality of a communication between you and the intended recipient, allowing you to share your secrets with that recipient—and no one else. The Problem When you send a message on the internet, it passes through infrastructure maintained by different corporations and people. These parties include people sharing your Wi-Fi network, your employer, and your Internet Service Provider (ISP)—and any one of them could potentially read your messages. When you sign up with Betterment, you must provide your SSN. If we were to send the digits of your SSN over the internet without using encryption, your secret could be exposed to any one of the parties that exist between your computer and our servers. The Solution Fortunately, the problem has already been solved. We use encryption to prevent unauthorized parties from reading your data. To encrypt a message, your computer uses a secret encryption key to “jumble” letters in a specific way into what is known as ciphertext. Only those with the appropriate decryption key are able to turn the ciphertext message back into a meaningful one in the form of plaintext (i.e., your original unencrypted message). The keys are shared between the two parties through a secure key exchange protocol. Encryption makes it significantly harder for anyone besides you and your intended audience to be able to read your messages, since they would not have the secret key necessary to decrypt your message. For example, instead of sending your SSN, your computer sends the encrypted version of your SSN, which is also encoded to prevent transmission errors and would look something like: U2FsdGVkX18eKKilyXU8SGAwB/3Si0YrQcbrU223/YU= To anyone able to view the above ciphertext in our SSN example, the message is a meaningless sequence of characters. Our servers are the intended recipient and have the appropriate decryption key, so we can actually read this and turn it back into the original plaintext message, which is your actual SSN. Betterment helps keep your account secure. At Betterment, we handle many secrets. We use encryption, among other security procedures, to help ensure the confidentiality and integrity of data in transit between your device and our servers. When you log in to your Betterment account on your web browser or mobile app on an untrusted network, such as a coffee shop with an open Wi-Fi network, your communication with Betterment is encrypted. Hence, it cannot be read by anyone snooping on your communications via the open network. Once we receive your data, we store some of it when necessary so that it can be made available to you the next time you access your account. Encryption is used internally within our systems to safeguard the secrets you’ve entrusted us with. Any of your secrets that need to be stored on our servers are first encrypted, and then stored in ciphertext form. The original secret itself is never stored in plaintext form. Secrets should stay hidden, even to us. In some cases, we don't need the ability to read or know the actual value of your secret. Take passwords, for example. A password is used to authenticate you under the assumption that it is something only you know, and no one else knows. When you try to log in to your Betterment account, we only need to verify that the password you entered when logging in matches the one you entered when creating your account. How can we compare the two values without actually looking at your password? Enter hashing. Hashing algorithms are used when we want to store a secret, but we do not need the ability to decrypt it. For example, your passwords are hashed. This process turns them into an unreadable sequence of characters, called a hash. Unlike encryption, hashing can’t be reversed. Given a hashed message, you cannot retrieve the input that generated the message. When you log in, the password you entered goes through the same hashing algorithm used when you set up your account. The hash of the password you just entered is compared to the hash we have on file from when you registered your account. If the hashes are the same, then you’ve entered the same password. We can therefore allow you to log in without ever storing your actual password—only the hash. Please note this article’s purpose is to explain some of the core concepts behind securely storing secrets, and as a result it presents a simplified view of complex technical processes. We're here to help. Have questions about how to keep your account safe? Feel free to reach out to us. We’re always happy to help. We have a dedicated security team working for you and are happy to answer any questions you might have.