401(k) Account Security Best Practices

Your 401(k) account likely holds one of your largest financial assets—your retirement savings. Just like a bank account, it can be a target for cybercriminals if not properly protected. Following a few simple security practices can go a long way in keeping your account safe.

Create a secure password for your 401(k) account by following these guidelines:

• At least 12 characters long

• Includes uppercase and lowercase letters, numbers, and symbols

• Avoids personal info like names, birthdays, or pet names

• Never reuse a password used for email, social media, or shopping accounts

Tip: Consider using a password manager to generate and store secure passwords.

NestEggs requires two-factor authentication but allows you to choose how often you're prompted to enter a 2FA code -

• Every time you log in; or

• Only when signing on from a new or untrusted device

This adds an extra layer of security by requiring:

• Your password and

• A verification code sent via text, email, or authentication app

Even if your password is compromised, 2FA helps block unauthorized access. We recommend keeping 2FA enabled every time you log in.

Don’t wait for your annual statement to review your account. Log in at least once a month to:

• Check for unauthorized withdrawals or transfers

• Review recent contributions and investment activity

• Confirm your contact and beneficiary information are correct

Tip: Keep email alerts from NestEggs set as "important" or "trusted" in your email account.

Your phone and computer are often the gateway to your 401(k) account. Secure them by:

• Installing antivirus and anti-malware software

• Keeping your operating system and browser up to date

• Using a secure Wi-Fi connection, especially when accessing financial accounts

Avoid logging in on public or shared computers whenever possible.

Cybercriminals may send fake emails, texts, or calls that appear to come from NestEggs.

Watch for signs of phishing:

• Unusual sender addresses

• Urgent messages asking for personal information

• Links that take you to a login screen—always go directly to the NestEggs official website

Never provide your Social Security number or login credentials by phone or email unless you initiated the contact with a verified source.

Make sure your NestEggs account has your correct email address and phone number on file. This helps:

• Receive account alerts and confirmations

• Verify your identity quickly if there’s suspicious activity

If you notice anything unusual:

• Contact NestEggs right away

• Change your password immediately

• Monitor your email and bank accounts for related activity

NestEggs is here to help recover accounts and limit damage.

Log into your 401(k) portal and review your:

• Security questions

• Recovery email/phone

• Authorized account aggregators (if any)

Make updates as needed to ensure only you can regain access if locked out.

• Use a strong, unique password

• Enable two-factor authentication

• Monitor your account monthly

• Avoid accessing on public Wi-Fi

• Watch out for phishing attempts

• Keep your contact info up to date

• Report suspicious activity immediately

Your 401(k) is your future—keep it secure. If you’re unsure whether a message or website is legitimate, contact NestEggs directly - info@nesteggs401k.com or 866-202-4646.