Bad news, money-makers. The popular stock-trading app Robinhood recently sent emails to an undisclosed number of users, letting them know that the company made a bit of a boo-boo and stored their passwords on its servers in plaintext.
While you probably get a number of emails from your various financial institutions, and probably filter Robinhood’s to a folder (or trash) if you’re a fairly active trader, you’re definitely going to want to comb through your email app or web-based service to see if you’ve been affected by this issue.
Even if you haven’t, or are too lazy to look, changing your password on the service is easy. Pull up the app and use the “reset password” link on the login page, or visit this link on the web.
Once you’ve done that, make sure you’ve set up two-factor authentication on your account so you’re a bit more protected even if someone has managed to decipher your password. I almost feel like I don’t even need to tell you that, because it would be the absolute worst practice in the world to only have a simple password protecting a financial app like the one you use to buy and sell stocks.
Even though Robinhood has a verification system in place that alerts you via text message or email whenever there’s a new login attempt for your account, you absolutely should use every security measure you can get your hands on for your financial services. This is not an area where you want to be lazy about your account security, because the consequences could be disastrous—even more so than when your favorite stock pick tanks.
The Best Password Managers
Last week, we asked you to fill us in on your favorite password managers. After combing through…
Read more Read
As for Robinhood’s plaintext problem, the company maintains that no third-party used them to access user accounts. That’s reassuring news, even though you should still be a little upset about the company’s gaffe. As they wrote in an email to affected users:
“When you set a password for your Robinhood account, we use an industry-standard process that prevents anyone at our company from reading it. On Monday night, we discovered that some user credentials were stored in a readable format within our internal systems. We wanted to let you know that your password may have been included.
We resolved this issue, and after thorough review, found no evidence that this information was accessed by anyone outside of our response team. Out of an abundance of caution, we still recommend that you change your Robinhood password.”
And, of course, please don’t use a new password for Robinhood that you use for other services around the web. You’re better than that.