Retirement, Investments, & Insurance for Individuals Build your knowledge 10 tips to help protect your retirement accounts from getting hacked

10 tips to help protect your retirement accounts from getting hacked

From two-factor authentication to secure Wi-Fi access, these easy to-dos help keep your online accounts safe from fraudsters.

Man in suit looking at his phone to check personal information.
4 min read |

Quick takeaways

  • Start with the basics, including creating login credentials and strong passphrases, to protect your information.
  • Understand how fraudsters operate, which can help you guard against common schemes such as malicious emails.
  • Stay vigilant in public settings and in updating information on financial accounts as needed.

Ten years ago, the thought of managing your retirement savings accounts online may have never occurred to you.

Today? Financial app installs continue to surge, jumping 50% from 2022 to 2023 alone. Chances are, if you’re not currently checking in on your savings through your phone or computer, you might in the future: Most Americans now prefer using apps or websites to do their banking.

Whether you’re managing your retirement accounts online or setting up log in credentials for the first time, "taking some simple precautions can help keep your personal information safe," says Meg Anderson, vice president-chief information security officer at Principal®. "Use strong passwords, keep your software up to date and don't give out your personal information to an unverified source." Try these steps to help you protect your retirement accounts from fraud.

1. Create login credentials for your account.

Here’s why: Setting up online access helps block fraudsters from impersonating you, setting up fake credentials, and accessing your information. In addition, online access gives your retirement provider an immediate way to contact you if there’s unusual account activity or updates.

2. Check in on your account.

Not logging in doesn’t protect your retirement accounts from fraud. Regular reviews, even to check a balance, can help you stay alert to scammers. Pick a cadence—for example, monthly—that works for you.

3. Look for multi-factor authentication requirements.

Think of fraud protection as multiple layers of defense: Each step adds more protection for your information and your money. That’s true for multi-factor authentication (MFA). When you’re logging in, MFA requires that you enter a second piece of information (for example, a one-time passcode generated through an authenticator app) in addition to your password. Many industries such as healthcare and financial services already require MFA. (All Principal online accounts require MFA.)

4. Keep your account information up to date.

That includes updating addresses and phone numbers when needed, which makes it easier for a provider to confirm it’s you and not someone else trying to steal your identity. (For your Principal accounts, navigate to the “Log in” button on any screen, then to “My profile” to update your personal details.)

5. Use a passphrase instead of a password. Really.

The most popular password in the U.S.? “123456.” Fraudsters can guess short, weak passwords in five minutes or less. Instead, set up or switch to a passphrase, which is simply three to five unrelated but meaningful (to you) words and number combinations. An example might be a number plus favorite fruit plus a meaningful location and a character: 94-Lemonbrownmountain$. (You can update your Principal passphrase at any time. Click “Log in” on any page, then click on “My profile” for a link.)

6. Try a password manager or vault.

Apps like LastPass, Dashlane, and 1Password rely on a master password, and then the app’s “vault” remembers and auto-fills all passwords you enter. These apps can also generate and remember complex passwords for nearly any site.

Security for your Principal retirement accounts

Principal offers a customer protection guarantee to reimburse participants of employer-sponsored retirement accounts for losses from unauthorized activity occurring through no fault of their own. Effective July 2, 2024, that guarantee includes two new requirements that will help further defend against fraud:

  • Online account registration at and multi-factor authentication activation
  • Current contact information, including mobile number and email address

These simple steps not only help protect you from potential fraud, but they also enable Principal to connect with you in the event of a threat. Learn more about what Principal is doing to protect your data.

7. Set up alerts.

If available, account alerts can help notify you of key transactions or changes to personal information. If you didn’t complete those actions yourself, the alerts may indicate fraud. (Alerts are typically under your profile or settings; check each account for specifics.)

Tip: If you get hacked, report the incident immediately to the company or institution (use this fraud reporting link for Principal if needed), and also through the Internet Crime Complaint Center.

8. Understand common fraud schemes.

To compromise your data and login credentials, fraudsters rely on multiple tricks such as embedding emails with malicious links. "There are bad actors out there who will use all kinds of tricks to access your personal information," says Anderson. " Don’t click or download anything from a source you don’t recognize." Hover over suspicious links to see the actual URL; if you don’t recognize it, don’t click. Or, navigate directly to a company’s website on a trusted browser to log in.

9. Skip the free Wi-Fi.

Use secure networks that require passwords as much as you can; if the network isn’t secure, try to avoid completing financial transactions or forms with personal information. (Many times, free internet access such as at a coffee shop or airport may not be secure. To check, look for a padlock next to the network name, which you can typically find in your settings.) Always secure your devices, cover your camera, and stay aware of your surroundings to spot people trying to listen to sensitive conversations.

10. Monitor your credit report.

A once-a-year report can help clue you in if you are a victim of identity theft. If so, you may want to freeze your credit to prevent fraudsters from opening up accounts in your name.

What’s next?

How are you progressing toward your retirement goals? Log in to to see how you’re doing. Want to save outside of a workplace 401(k)? We can help you set up your own retirement savings with an IRA or Roth IRA account.