CO

PY

RIG

HT

CO

RP

OR

AT

E I

NS

IGH

T, I

NC

. KEEPING LIFE INSURANCE CLIENTS SAFE ONLINE

AUTHOR: IAN M LUNDAHL

FEBRUARY 2013

Corporateinsight.com | Blog | Twitter | LinkedIn | Facebook | SlideShare | Google+

LOGIN SECURITY PRACTICES

ABOUT CORPORATE INSIGHT

2

AB

OU

T U

S

Connect With Us

Corporate Insight provides competitive intelligence and user experience research to the nation’s

leading financial institutions. For over 20 years, the firm has tracked technological developments

in the financial services industry, identifying best practices in online banking and investing, online

insurance, mobile finance, active trading platforms, social media and other emerging areas. There

are no assumptions in Corporate Insight’s work – we use live accounts at all of the firms we

research, providing our clients with unparalleled, unbiased intelligence on the competition.

For additional information on Corporate Insight, please visit www.corporateinsight.com/about-us.

Chase Marshall

Director – Business Development

212-832-2002 x-140

cmarshall@corporateinsight.com

Ian Lundahl

Senior Analyst – Life Insurance

Monitor

212-832-2002 x-101

ilundahl@corporateinsight.com

TABLE OF CONTENTS

3

TAB

LE O

F C

ON

TE

NT

S

Introduction

Key Findings

Login Security Best Practices

Recommendations

About Corporate Insight

4

LIF

E I

NS

UR

AN

CE

MO

NIT

OR

ABOUT LIFE INSURANCE MONITOR

Life Insurance Monitor focuses on the online and offline user experience leading life insurers offer prospects, clients and advisors. Using actual life insurance policies and authentic advisor website access, our subscription research service goes beyond the public website to give you a unique, first-hand look at the online resources, account documents and sales materials competitors provide to their clients and financial advisors.

Life Insurance Monitor Subscription Deliverables

Life Insurance Monitor subscriptions are company-wide. A single subscription makes the service available to all employees without seat licenses or restrictions. The service includes a variety of deliverables that collectively provide a comprehensive look at the online experience being offered by your competitors and other leading insurers:

Monthly Research Reports – In-depth reports that focus on key aspects of the online prospect, client and advisor user experience, account documents, life insurance industry trends and more. Reports include:

Detailed reviews of each Life Insurance Monitor firm

Key findings and best practice analysis to help improve your company’s offerings

Handy matrix summarizing your competitors’ offerings

Bi-Weekly Updates – Comprehensive review of changes and additions to competitor public, client and advisor websites.

Client & Advisor Website Videos – Go behind-the-login and take a first-hand look at the online resources being offered to clients and advisors by your competitors.

Client & Advisor Collateral Materials – All materials and communications that we receive are available for subscribers to view or download online. This includes account statements, newsletters, marketing pieces, disclosure documents and email communications. Competitor Summary Matrices – Breakdown of the key client and advisor website features offered by all Life Insurance Monitor firms. Analyst Support – Personalized research support from our experienced Life Insurance Monitor team

INTRODUCTION

5

INT

RO

DU

CT

ION

6

INT

RO

DU

CT

ION

BACKGROUND

This presentation is based on research from our recent Life Insurance Monitor report – Client Login Access: Private Site Login Security Processes. The report focuses on client login security across the life insurance industry.

Inside, we will take a high-level look at the key findings from the report, highlight login security best practices from industry leading firms and offer recommendations for improving your firm’s login security.

FIRMS COVERED IN REPORT

7

INT

RO

DU

CT

ION

Our full Life Insurance Monitor coverage group features 14 firms

Twelve of the fourteen firms were covered in this report

o AXA Equitable

o Genworth Financial

o The Hartford

o John Hancock

o Liberty Mutual

o Lincoln Financial

o MassMutual

o MetLife

o Nationwide

o New York Life

o Northwestern Mutual

o Pacific Life

o Prudential

o USAA

KEY REVIEW CRITERIA

8

INT

RO

DU

CT

ION

Accessibility

o Public homepage login field

o Standalone pages for logging on

Username and Password Requirements

o Maximum/minimum characters

o Special characters, numbers, letters, combinations, etc.

Login Security Features and Account Services

o Additional login criteria (PIN, etc.)

o Page/site authentication

o Security updates behind the login

KEY FINDINGS FROM THE REPORT

9

KE

Y F

IND

ING

S

INSURERS OFFER BASIC SECURITY OPTIONS

10

KE

Y F

IND

ING

S

Username and password requirements are stringent

Combinations of case-sensitive letters and numbers are effectively utilized

Majority of firms provide password and username retrieval

SEAMLESS LOGIN PROCESS

11

KE

Y F

IND

ING

S

Eight firms display login fields on the public homepage

Three firms utilize a standalone login page

LACK OF ADVANCED SECURITY FEATURES

12

KE

Y F

IND

ING

S

USAA is the only firm utilizing multi-factor authentication

Security questions, image recognition and computer verification are absent

LOGIN MANAGEMENT BEHIND THE LOGIN

13

KE

Y F

IND

ING

S

Password and security question updates are most commonly offered services

Username updates require the user to re-register or contact the firm by phone

LOGIN SECURITY BEST PRACTICES

14

BE

ST

PR

AC

TIC

ES

USAA

15

BE

ST

PR

AC

TIC

ES

Access provided from a universal top menu on the public homepage.

PIN required for login verification.

Three advanced options available to clients; clearly outlined on a help page online.

NATIONWIDE

16

BE

ST

PR

AC

TIC

ES

Login field presented on the public homepage with dropdown menu for account selection.

Private site allows client to update and change information online.

17

BE

ST

PR

AC

TIC

ES

Expandable customer login bottom offers direct access to the public homepage.

First time registrants are offered a link to the three-step eService registration page.

Special characters are allowed in passwords.

LIBERTY MUTUAL

RECOMMENDATIONS

18

RE

CO

MM

EN

DA

TIO

NS

FOUR RECOMMENDATIONS FOR IMPROVEMENT

19

RE

CO

MM

EN

DA

TIO

NS

1. Allow clients and advisors to log in from a universal login field directly on the homepage.

2. Utilize multi-factor authentication to bolster login security.

3. Implement stringent character requirements for usernames and passwords.

4. Make it easy to reset and change login information online.

ABOUT CORPORATE INSIGHT

20

Corporate Insight provides competitive intelligence and user experience research to the nation's

leading financial institutions. For over 20 years, Corporate Insight has tracked new developments

in the financial services industry through our syndicated Monitor research and consulting

services. We are known for our detailed, objective research, unmatched expertise, and emphasis

on the actual user experience. There are no assumptions in Corporate Insight’s work – we use

live accounts at the firms we track to benchmark their effectiveness across all major channels

and give our clients unparalleled competitive intelligence.

Corporate Insight is continuously tracking and identifying best practices in online banking and

investing, retirement, asset management, insurance, mobile finance, active trading platforms,

social media and other emerging areas. In the process, we have helped our clients -- which cover

the entire spectrum of the financial services industry -- to stay on top of industry trends and

improve their competitive position.

Our intelligence services are utilized by over 70% of the financial services firms on the Fortune

500. Our research and analysts are frequently cited in financial media outlets such as The Wall

Street Journal, Barron’s, Bloomberg, CNBC, Forbes and Financial Times and news publications

like the Associated Press, New York Times, Newsweek, TIME and USA Today.

CONTACT US

21

CO

NTA

CT

US

Ian Lundahl

Senior Analyst – Life Insurance Monitor

212-832-2002 x-101

ilundahl@corporateinsight.com

Chase Marshall

Director – Business Development

212-832-2002 x-140

cmarshall@corporateinsight.com