Ellevest is all about getting more money into the hands of women. But you know what else we’re all about? Protecting that money once you’ve got it.
Ellevest takes your security seriously — we’re continuously improving and exploring new methods of keeping your account safe from unauthorized access. Currently, that includes two-step authentication (aka 2FA), alerts when your password has been compromised, and occasional requests to update your login credentials. Ellevest uses 2048-bit RSA for certificates and supports the strongest encryption suites available and has an A+ rating from Qualys.
You should also make sure that the data you’re giving your investment advisor is kept secure. When you’re investing online, you always want to confirm that the company you invest with is using Secure Sockets Layer (SSL) Certificate. A secure URL begins with “https” rather than “http.” The “s” in “https” stands for secure, which indicates that the site is using SSL.
At Ellevest, we encrypt your data and store it in data centers that meet security best practices. But you can (and should!) do even more to protect your personal information, with Ellevest and beyond.
Ellevest recommends the following best security practices:
- Creating a strong password for your Ellevest login. Password generators or managers are ideal options for creating and storing complex passwords on private devices.
- If your password has been compromised in a data breach on another app or site, reset your Ellevest password to something stronger and more complex.
- Keeping your contact info up to date across your accounts (with Ellevest and elsewhere).
- Turning on phone or email alerts, if available, for any account editing or new transactions.
- Opting in to multi-factor authentication whenever possible, including 2FA, authenticator apps, and biometrics (FaceID, etc).
- Only storing your passwords and / or PINs in a password manager app (and not in your Notes app or on a sticky note on your desk).
- Knowing the usual outreach policies of the companies and providers you pay money to and / or have accounts with (especially when they’re asking for your personal info, online or on the phone).
- Looking extra carefully at sender email addresses before replying or clicking on attachments or links.
Frequently asked questions:
- What is a data breach?
- This happens when sensitive personal information has been exposed via unauthorized access.
- What type of information can be exposed in a breach?
- Depending on the source storing the information that was infiltrated, data ranging from login credentials (user IDs and passwords), financial account data, Personal Identifiable Information (PII), contact information, and even medical history.
- Is this the same as identity theft?
- Compromised passwords sometimes result in identity theft, but identity theft occurs when someone uses your personal information to open unauthorized accounts or gain transactional access to already existing accounts. To determine whether you may be at risk of identity theft, identify what information is available if someone is logged in.
- Do I need to close my Ellevest account if my password is compromised?
- No, you don't need to close your Ellevest account(s).
- If my password was compromised, were any transactions made without my consent?
- Ensure the accuracy of data including personal contact information, linked accounts, and expected transfers by logging in, then take the next steps to change your password.
- If my password was compromised, how can I reactively secure other personal information that's been exposed?
- What is Ellevest doing to safeguard my account from unauthorized access?
- Ellevest is continuously improving and exploring methods to mitigate risk of unauthorized access including requesting updating login credentials from alerts of compromised passwords and using two-step authentication.
To find out more, please visit our Security Page at ellevest.com/security.