According to a Pew Research poll, 79% of Americans said they were concerned about how their personal data is collected. And with high-profile data breaches like Equifax causing further concern, it’s extra important that you take your user’s data collection seriously.
You’re responsible for protecting the passwords entered by your user. The best way to prevent hackers from accessing these passwords is to make sure your login pages are secured with HTTPS. Hackers can extract a password from non-secure HTTP pages, leaving your user’s information free to steal. Make sure all login forms are on HTTPS, especially those asking for any Personal Identifiable Information (PII) from your users.
Making the move to HTTPS can be a complicated process if you plan to go it alone. You’ll first want to reach out to your hosting company to see if they offer an easy HTTPS option (or find a hosting company that does). For example, Kinsta and WPX Hosting both offer one-click options for migrating to HTTPS that take less than a minute to complete.
If your provider doesn’t offer these options, we would recommend consulting a professional if you lack the technical expertise to pull off such a complex task.
But if you want to push forward, you can visit a site like Let’s Encrypt or SSL2Buy, which will help you obtain a TLS certificate. This guide from Kinsta also provides step-by-step directions for a complete HTTP to HTTPS migration.
Once a TLS certificate is installed, the process runs on its own with no additional effort on your part. With HTTPS in place, you’ll not only get added security, but you’ll also get a boost in your search rankings, as HTTPS has become a top priority for Google.
If you want to go the extra mile, your site could also require 2-step authentication, which involves the user receiving a text message or email containing a code. The user then enters the code, along with their password, before they can access the site. You’ll need to evaluate whether this extra step is worth the effort on both you and the user’s end. But 2-step authentication can be effective, especially when users are providing important PII such as Social Security numbers.
- Allow pasting for input boxes, such as passwords — pasting makes web forms work well with password managers and reduces password overload.
- Explain how and why you collect data.
- Require individuals to give consent for their information to be collected and used.
- Explain consent in clear, unambiguous language.
- Explain to your users that they have the right to withdraw consent.
- Inform users which companies their data will be shared.
- Ensure all personally identifiable information is encrypted and not located within your database.
- Update your antivirus software, firewall, and malware protection.
- Create an emergency plan in the case of a data breach.