Skip to content

Password Guidelines for Financial Advisors

It’s important for financial advisors to be mindful of their cybersecurity practices to ensure that their clients’ personal and sensitive financial information do not get compromised. 

You don’t ever want to find yourself in a situation where unauthorized individuals gain access to your clients’ names, email addresses, or their account credentials. This could turn your existing client relationships sour and hurt your firm’s reputation in the long term. 

To protect against hackers and cyberattacks, your first line of defense will always be a strong password policy. 

How do Hackers Exploit Weak Passwords?

  • Password spraying

The most common way to hack an account is by simply entering as many passwords as possible. Using different automation tools, hackers will try to gain access to an account by using thousands to millions of commonly used passwords, e.g. ‘password123’.

  • Credential Stuffing

This method is similar to spraying but uses previously used passwords discovered through old data breaches and credential leaks. It takes advantage of the fact that many people use the same username/email and password combination for different websites/platforms. According to Google, 52% of the people they surveyed are guilty of this habit. 

  • Password Cracking

Brute force cracking requires more computing power as well more time. This method involves either decrypting password databases and trying different computer-generated combinations of passwords in an effort to arrive at the correct username and/or password combination. 

What Makes a Password Strong?

A strong password policy makes hackers’ jobs much more difficult. In a lot of cases, they’ll just move on to easier targets or lower hanging fruit. It’s not just about your password. Remember that your security protocols also have to be updated to current standards and incorporate industry best practices. 

The three main characteristics of a strong password are:

      • Uniqueness
      • Length 
      • Complexity

Here are the basic rules to making a unique password:

      • The words must not be from the dictionary
      • Has to be at least 8 characters long
      • Needs to combine upper and lower case letters
      • Must contain a number and a special character
      • Not the same as other passwords you’ve used before

You also need to choose your security questions and answers wisely. Security questions are meant to make it harder to reset passwords and gain access to an account. 

Use Password Management Tools

If you have trouble coming up with a unique password, you can use generate a random and unique password using these tools:

        • Secure Password Generator
        • Random Password Generator
        • LastPass Password Generator Tool


The tricky part about using strong and unique passwords is remembering them all. You can use password managers to keep track of your credentials for your most important and sensitive accounts. Tools such as LastPass offer free plans so you can easily give it a try. Password managers make it less confusing to use many different usernames and passwords for different accounts.

Who Should You Include in Your Password Policy

Everyone in your practice, as well as any consultants you hire, should follow your security and password policies. You should also require your clients to follow these best practices to make sure that all their financial accounts are safe, including the ones you don’t directly manage. 

Return to Blog