DALBAR has given retirement plan providers’ requirements for plan participants’ passwords a thorough going-over, and has named the five top plan providers for their attention to detail. (Photo: Shutterstock)

DALBAR has given retirement plan providers’ requirements for plan participants’ passwords a thorough going-over, and has named the five top plan providers for their attention to detail.

According to DALBAR, those firms—and all the rest, for that matter—have to juggle requirements that protect clients and at the same time avoid making it too difficult for those clients to use the system.

Since passwords are “the first line of defense in cyber security,” the protection factor has to be pretty stiff.

But at the same time, the password is also “the greatest threat to the client experience,” so plan providers have to keep from chasing participants away with requirements that make it just too difficult.

In its third-quarter WebMonitor of participant websites, DALBAR focused on passwords, “driven by the growing national concern over cyber security that now requires plan fiduciaries take an active interest in how well participants’ data and assets are being protected.”

Here are the top 5:

1. TIAA: TIAA came out on top, by having the best password practices among leading retirement plan providers.

Not only does its Security Center provide details about how participants are protected, how they can protect themselves and how to recognize and report fraud, it also monitors password creation by presenting users with a visual requirement checklist that enables passwords to be created quickly but at the same time ensures that complexity requirements are met.

2. Principal Financial: Principal Financial, in second place, provides resources with insights into what the firm does to protect website users. It highlights measures users can take to protect themselves, provides current fraud/scam alerts and gives users a mechanism to report security concerns.

3. Wells Fargo: Wells Fargo, in third place, provides clear complexity requirements, as well as a listing of password do’s and don’ts so that users can’t go wrong.

4. Merrill Lynch: Merrill Lynch, in fourth place, “is among the top in Functionality and Usability,” says DALBAR, adding that it “clearly lays out its password requirements and excels in its offering of resources geared toward guiding participants to operating safely while online.”

5. VALIC: In fifth place for the first time, VALIC has a participant site that “houses a highly comprehensive security center.” In addition, its password creation standard is the industry high for password length, the report says, capitalizing on the fact that longer passwords are stronger passwords.