May 2018 – Investor Account Login: Reviewing Online Login and Security Procedures

As more clients manage their accounts online, firms must safeguard account and personal information through stringent security practices, starting with their login procedures. The growing threat of cybersecurity breakdowns and digital thefts further necessitates first-rate security measures. This Asset Management Monitor – Investor Report reviews the authentication and security measures that coverage firms employ in their online account login processes.

All 17 firms in the Asset Management Monitor – Investor coverage group provide a relatively easy login experience. Aside from Calvert, all firms implement multiple access points from the public homepage, most commonly from the site header. More than half of firms (60%) allow clients to log in directly from a field on the homepage. Most firms (87%) employ single-factor authentication requiring a client’s user ID and password. Leaders, however, go above the standard login practices by employing multi-factor authentication, requiring randomly generated codes or security question answers in addition to the standard user ID and password combination. Firms also need to consider protection measures for logout and inactivity processes. Two-thirds of firms use a dedicated logout page to confirm a successful sign off. All firms implement inactivity logout, and most (73%) provide a confirmation page or message notifying users that they have logged out successfully.

 Are you an AMM-I subscriber?Not an AMM-I subscriber?