According to a Pew Research poll, 79% of Americans said they were concerned about how their personal data is collected. And with high-profile data breaches like Equifax causing further concern, it’s extra important that you take your user’s data collection seriously.
You’re responsible for protecting the passwords entered by your user. The best way to prevent hackers from accessing these passwords is to make sure your login pages are secured with HTTPS. Hackers can extract a password from non-secure HTTP pages, leaving your user’s information free to steal. Make sure all login forms are on HTTPS, especially those asking for any Personal Identifiable Information (PII) from your users.
If you want to go the extra mile, your site could also require 2-step authentication, which involves the user receiving a text message or email containing a code. The user then enters the code, along with their password, before they can access the site. You’ll need to evaluate whether this extra step is worth the effort on both you and the user’s end. But 2-step authentication can be effective, especially when users are providing important PII such as Social Security numbers.
- Allow pasting for input boxes, such as passwords — pasting makes web forms work well with password managers and reduces password overload.
- Explain how and why you collect data.
- Require individuals to give consent for their information to be collected and used.
- Explain consent in clear, unambiguous language.
- Explain to your users that they have the right to withdraw consent.
- Inform users which companies their data will be shared.
- Ensure all personally identifiable information is encrypted and not located within your database.
- Update your antivirus software, firewall, and malware protection.
- Create an emergency plan in the case of a data breach.