We use the following methods to help keep your online transactions and personal information safe and secure.
Username and password requirements
To help prevent unauthorized access, we prompt you to create a unique username and password when you first access your account. A password is a string of characters used to access information or a computer. Passwords help prevent unauthorized people from accessing files, programs, and other resources. When you create a password you should make it strong, which means it should be difficult to guess or crack. See below for hints in creating a password that would be difficult to crack.
A Strong Password
- Minimum of eight characters long
- Includes numbers, symbols, upper-case and lower-case letters
- Does not contain your username, real name or company name
- Does not contain a dictionary word
- Is significantly different from the previous passwords
Image verification during login
Before you enter your online password, we ask that you verify your personalized security image. This image would be one that you selected during the creation of your web account. Once the image you have selected is displayed, you can be confident that you are accessing our website, as opposed to a fake site that may be attempting to "phish" for your personal information. If you ever log in and do not see the image you've selected or the image is incorrect, STOP, do not input your password. Please immediately report this to your 529 plan's customer service team.
Note that for some sites where there exists a partner relationship, some users may seamlessly sign into their financial institution's website without seeing a security image. This occurs because of an industry standard technology called federated authentication which exists between your financial institution and us. When you securely log into your financial institution's site and wish to then view your 529 plan account, you will seamlessly and securely be transitioned to our website. Users should familiarize themselves with their financial institution's security and login process to be more able to effectively identify when the process behaves differently than expected.
If you forget your password, answering the security questions you selected when creating your account will allow you to reset your password online. The security questions are designed to be personal to you. The answers should also be easy for you to remember but hard for others to guess. We highly recommend that you do not use questions that may be answered by someone viewing your social media profiles or other information that may be publically available.
Whether you visit us online, or by phone, we always verify your identity before granting access to your accounts.
Transport Layer Security (TLS) technology is used to establish an encrypted connection between your browser and our Web applications. TLS websites start with "https://" instead of "http://" and signify that you are in a secure online session with us. For your protection, we require a modern version of TLS and industry standard encryption strength - these are supported by current versions of all modern browsers.
We're on the lookout for suspicious irregularities across our network and infrastructure every day, all day.
Firewalls are protective barriers that defend our networks and computer systems from hackers and cyber- attackers trying to gain access into our systems. We use some of the strongest firewalls available in the industry to guard the information housed in our servers.
System activity is logged in order to preserve the information necessary to validate the transmission of data or the completion of a transaction.
We monitor transactions for suspicious and unusual behavior to help verify that they are authentic and legitimate.
Restricted access to data
We limit access to systems containing customer data to only those employees who need it to conduct business or support key business functions. Access is continually monitored and only granted to new associates as their role may require.
We make sure that our employees know and adhere to our security policies. We require all associates to participate in ongoing security training, including how to handle sensitive data and to be aware of security risks.
Regularly refine and update security features
We review industry security standards and perform system testing on an ongoing basis to help identify and implement the most up-to-date techniques and technologies, and verify that our systems are performing as expected.