Create one password to rule them all and simplify your digital world

Before we get started on the main topic, we’d firstly like to say a big thank you to all of our clients who have signed up to our client portal. It’s really appreciated as it improves how we communicate and makes sharing key documents more secure. It also provides clients with real-time access to other functions such as portfolio valuations and reports. If you are a client and you haven’t had a chance to sign up yet, please don’t worry. Your client manager will be in touch if they need to send you anything and help you through the set-up process if necessary.

We’ve had a few questions since starting this initiative, mainly around why we can’t just use email as well as pointing out the inconvenience of having to remember yet another password. This article explains why it’s so important and also introduces a handy solution to make remembering passwords a thing of the past! We have also included our top tips for cyber security at the end of this blog.

Email security

The key problem with email is the relatively low level of security and the general likelihood of it being targeted by fraudsters. Many of the scams and hacking attempts seen today are aimed at gaining access and control of an individual’s email account. From there, the criminal can not only read all your correspondence, but also even pose as you to gain access to other websites, such as banking or your investments.

It’s worth pointing out that email hacking and scam attempts have significantly increased during the COVID-19 crisis as many more people are communicating electronically. One survey suggested that COVID-19 related phishing attacks (where a scammer attempts to trick someone into handing over personal or financial information) have increased by over 600% since the end of February.

By using a secure portal instead of email, we can significantly reduce the likelihood of a fraudster gaining access to anything that may compromise your Equilibrium investments. We are working on a plan to move the vast majority of our digital communications to the client portal. That said, we want to get the right balance between security and ease of access to our messages. For this reason, we will continue to send generic marketing communications by email for the time being.

Not another password!

Our team certainly understand the problem of having too many passwords! We use multiple systems in the course of our work, all of which need separate usernames and passwords. Indeed, it’s not unusual for a client manager to require more than 50 passwords, especially if their clients have investments with a variety of providers.

In such situations, the temptation is always to do one or more of the following:

• Use short, easy to memorise passwords
• Use the same password for multiple systems
• Save passwords in an internet browser
• Use a notebook or spreadsheet to record each password

Unfortunately, this either means that the passwords can be easily cracked, or that one successful hack (or someone finding their notebook!) could compromise every single system used.

We know this is also a problem for many of our clients, so thought we’d share our solution – it might work for you too!

Password managers

Just over a year ago, we introduced password manager software throughout the business. This is one of the key reasons that we’ve been able to transition to working from home so effectively.

A password manager allows you to securely store and use your passwords whenever you need them. It works by recognising the website you are looking at and populating your username and password automatically. This means that ultimately you do not need to know any of your passwords, apart from the master password that you use to log into the password manager. As you only need to remember one password, it can be much stronger than normal.

The key is then to change your passwords to each website you use so that they are very strong and completely unique, which the software does for you. A typical password generated by a password manager looks like this:

0/ma;Cm+ed>`nG%0_(

Not so easy to crack and much more secure than the top five most commonly used passwords revealed by a quick Google search:

1. 123456
2. 123456789
3. qwerty
4. password
5. 111111

You can also store other data against your passwords in the password manager. In the case of the Moneyinfo client portal that Equilibrium uses, you can store your memorable word, just in case it proves to be not so memorable!

Join the password revolution!

Using a password manager takes some getting used to but has been a revelation for us at Equilibrium. It has enabled us to create much stronger and secure passwords and to manage these efficiently.

We believe that a good password manager would also have many benefits for our clients. It can help you to become more secure online and a far harder target for fraudsters. It also simplifies the complexity from maintaining multiple passwords and removes the hassle from signing up to new websites.

There are many password managers on the market, with popular options including Lastpass, Sticky Password, Keeper and 1Password. We use a system called Dashlane and would recommend them as a good place to start, although we have no first-hand experience of the other options mentioned. Dashlane offers a free account, or a paid service at $3.33 per month if you have over 50 passwords or more than one device.

Dashlane is also offering an extended 90-day free trial at the moment to help people working at home during the COVID-19 crisis which can access by clicking here. If you decide to try this and need any help during the set-up process, please don’t hesitate to speak to your client manager. They have experience in using the system and will be happy to assist where they can.

Low tech scams

The rise of internet scams does not mean that lower tech telephone-based scams are not happening anymore. It’s important to be wary of callers and to verify their identity before discussing any personal or financial information. If in doubt, it is always best to phone the caller back on their official number (not on one that they provide you with during the call).