Use these helpful ideas to strengthen the online security of your retirement accounts.
Quick takeaways
- Start with the basics, including registering your account online, if available, to protect your information.
- Understand how fraudsters operate, which can help you guard against common schemes such as malicious emails.
- Stay vigilant in public settings and in updating information on financial accounts as needed.
Ten years ago, the thought of managing your retirement savings accounts or your finances online may have never occurred to you.
Today? Nine out of 10 people use a financial tech app.
Whether you’re managing your retirement accounts online or registering online for the first time, “your personal data can be much more secure by taking a few simple steps," says Russ Ayres, vice president and chief information security officer at Principal®. “Use secure login methods, keep your devices and apps updated, and think twice before sharing personal information." Here’s how you can help protect your retirement accounts from fraud.
Here’s why: Setting up your ability to log in—including a username, password, multi-factor authentication, and security question—helps block fraudsters from impersonating you, establishing fake details, and accessing your information. In addition, online access gives your retirement provider an immediate way to contact you if there’s unusual account activity or updates.
Not logging in doesn’t protect your retirement accounts from fraud. Regular reviews, even to check a balance, can help you stay alert to scammers. Pick a cadence—for example, monthly—that works for you.
Think of fraud protection as multiple layers of defense: Each step adds more protection for your information and your money. That’s true for multi-factor authentication (MFA).
MFA requires that you enter a second piece of information (for example, a one-time passcode generated through an authenticator app) in addition to your password. Many industries such as healthcare and financial services already require MFA.
That includes updating addresses and phone numbers when needed, which makes it easier for a provider to confirm it’s you and not someone else trying to steal your identity, as well as contact you if your account would be compromised.
The most popular password in the U.S.? “123456.”
Here’s how to update information in your Principal account:
- Register your Principal account: Log in for the first time.
- Update address and contact info: Navigate to the “Log in” button on any screen, then to “My profile” to update your personal details.
- Change your passphrase: Click “Log in” on any Principal.com page, then click on “My profile” for a link.
- Report fraud: Visit our fraud and unethical conduct reporting page.
Password manager apps rely on a master password, and then the app’s “vault” remembers and auto-fills all passwords you enter. These apps can also generate and remember complex passwords for nearly any site.
If available, account alerts can help notify you of key transactions or changes to personal information. If you didn’t complete those actions yourself, the alerts may indicate fraud. (Alerts are typically under your profile or settings; check each account for specifics.)
To compromise your data and login information, fraudsters rely on multiple schemes. They may embed emails with malicious links. They may also find your username and spoof you with a call, pretending to be your retirement account provider and asking for one-time verification codes to gain account access.
“Cybercriminals are constantly evolving their tactics to exploit vulnerabilities,” says Ayres. “Staying informed and skeptical of unfamiliar links or sources is one of the best defenses you have.”
Hover over suspicious links to see the actual URL; if you don’t recognize it, don’t click. Or, navigate directly to a company’s website on a trusted browser to log in. And stop before sharing any codes; it may be a scam.
Security for your Principal retirement accounts
Principal offers a customer protection guarantee to reimburse participants of employer-sponsored retirement accounts for losses from unauthorized activity occurring through no fault of their own.4 That includes two requirements that help further defend against fraud:
- Online account registration at principal.com and multi-factor authentication activation
- Current contact information, including mobile number and email address
These simple steps not only help protect you from potential fraud, but they also enable Principal to connect with you in the event of a threat. Learn more about what Principal is doing to protect your data.
Use secure networks that require passwords as much as you can; if the network isn’t secure, try to avoid completing financial transactions or forms with personal information. (Many times, free internet access, such as at a coffee shop or airport, may not be secure. To check, look for a padlock next to the network name, which you can typically find in your settings.) Always secure your devices, cover your camera, and stay aware of your surroundings to spot people trying to listen to sensitive conversations.
A once-a-year report can help clue you in if you are a victim of identity theft. If so, you may want to freeze your credit to prevent fraudsters from opening up accounts in your name.
What’s next?
Remember: Register your Principal account to boost security. You’ll create a username and password to start the log in process.
