“Has the world gone crazy?”
That’s the sentiment echoed across public forums like Quora, where users are baffled by the growing normalisation of sharing usernames and passwords — all under the guise of encryption and security.
“People giving out their username and password and saying it’s a secure thing to do…”
“Not surprisingly, their (aggregators) terms also release them of all liability in the event of a breach, even due to gross negligence…”
Despite widespread awareness campaigns and firm policies from major financial institutions, people continue to hand over their Personally Identifiable Information (PII) — particularly usernames and passwords — far too easily.
What Financial Institutions Say
Whether it’s global banks or local credit unions, the advice is consistent:
- “Never send personal information.”
- “Do not share your username and password with anyone.”
- “If your password is known to someone other than yourself, it is no longer a secure password.”
- “One of the most critical aspects of protecting your finances is never sharing your banking credentials with anyone.”
Yet, in 2025, even in high-value sectors like wealth management, the industry is seeing growing examples of sensitive login credentials being freely provided for account aggregation — a practice that exposes clients to significant risk.
A Bigger Concern in Wealth Management
AI-powered searches now openly state what should be obvious:
“Sharing your username and password for wealth management accounts is never a good idea. It creates significant security risks and potential for unauthorised access to your financial information.”
Unfortunately, this advice is often ignored in favour of convenience. But in the wealth management industry — where stakes are high, and accounts hold sensitive, valuable data — This is a risk that is continually being taken.
There’s a Better Way
In wealth management, secure data aggregation doesn’t have to mean handing over sensitive login credentials.
Instead, forward-thinking firms are using direct, bank-approved channels that never require usernames or passwords. These methods are more robust, harder to implement — and that’s exactly why they’re safer.
No credential sharing. No third-party logins. Just trusted, secure connectivity.
So, Remember:
“No matter how strong your password is, it’s useless if you share it. The moment someone else knows it, it’s no longer secure.”
Where M2Wealth Stands
At M2, we take a firm, independent stance on (PII) data security. We’re proud to lead the way in secure, bank-sanctioned investment data aggregation, with over 110 trusted interfaces and growing — no usernames or passwords required. Ever.
So next time you speak to your wealth manager, ask them the key security question:
Is M2 inside?
