This review was performed on January 17, 2014 and is part of a series of comparisons of financial management sites.
Personal Capital is a relatively new service with the following goal: “to build a better money management experience for consumers. That’s why we’re blending cutting edge technology with objective financial advice.”
personalcapital.com uses a EV certificate with a 2048 bit RSA key.
personalcapital.com receives an B on the Qualys SSL Test run on February 11, 2014. They do not support TLS v1.1 or v1.2. Overall, not a major concern, but areas where they could easily increase the security of the connection to the site.
I wasn’t able to find much about Personal Capital’s security.
- How it Works – Safety and Security
- “… uses the best technology to keep your information safe and secure.”
- “multiple levels of security”
- “multi-factor authentication”
- “constantly watching for suspicious activity”
- “military-grade encrypted algorithms”
- nothing on security.
Analysis of claims
With the very limited security claims, I was still able to identify
- “best technology” – Personal Capital does not use the “best technology.” They do not support TLS v1.1 or v1.2. Both of these provide better security than TLS v1.0 or SSL v 3.0.
- “military-grade encrypted algorithms” – Personal Capital supports triple DES which is only allowed if required by legacy technology of the (US) military.
- Linking to non-existent pages that claim to describe security.
I find the number of problems in Personal Capital’s almost non-existent description of security very alarming. I give their claims a F.