Personal Capital Security

This review was performed on January 17, 2014 and is part of a series of comparisons of financial management sites.

Personal Capital is a relatively new service with the following goal: “to build a better money management experience for consumers. That’s why we’re blending cutting edge technology with objective financial advice.” uses a EV certificate with a 2048 bit RSA key. receives an B on the Qualys SSL Test run on February 11, 2014. They do not support TLS v1.1 or v1.2. Overall, not a major concern, but areas where they could easily increase the security of the connection to the site.

Security Claims

I wasn’t able to find much about Personal Capital’s security.

Analysis of claims

Personal Capital’s description of their security is concerning. There is only one very high level descriptions of their security. Their privacy policy claims they describe their security and answer common questions; however, none of those links work. Personal Capital does not describe any protections for protecting usernames and passwords stored in their database. The positives are that they have multi-factor authentication and constantly watch for suspicious activity.


With the very limited security claims, I was still able to identify

  1. “best technology” – Personal Capital does not use the “best technology.” They do not support TLS v1.1 or v1.2. Both of these provide better security than TLS v1.0 or SSL v 3.0.
  2. “military-grade encrypted algorithms” – Personal Capital supports triple DES which is only allowed if required by legacy technology of the (US) military.
  3. Linking to non-existent pages that claim to describe security.


I find the number of problems in Personal Capital’s almost non-existent description of security very alarming. I give their claims a F.