3 Ways to Protect Consumer Sign-in
In all consumer-facing enterprises, ensuring the security of customer accounts and personal information are paramount. In many cases, consumer profiles and credentials are among the most sensitive and proprietary information in your possession. Yet, achieving adequate infrastructure and protection for this data can pose challenges that many companies find difficult.
We recently surveyed technology executives about their top identity-related challenges to delivering applications for customers. Sixty percent of respondents cited the vulnerability of passwords as a top concern while 55 percent indicated that IAM infrastructure and code vulnerabilities were a top issue.
Consumer-facing development teams can take some straightforward steps to boost the security of consumer identity. Here are my top three recommendations for protecting your customers and your company.
Require a strong password. Most of us succumb to the temptation of reusing passwords. The cognitive demands of remembering a different password for every app that we use are just too high. Many don’t realize that when one site is compromised, passwords can be discovered and then used elsewhere. The first wall of defense for any cyberattack starts with requiring more cognitively stimulating passwords. You can nudge your users to take an active role in securing access to their accounts with a strong password policy. Ask for more characters, require extra complexity, and require a refresh every 90 days.
Offer multi-factor authentication. Multi-factor authentication (MFA) has been a top priority for businesses and it ought to be for consumer-facing apps as well. With consumers, getting the UX right is critical or you’ll risk turning users away. Allow users to choose the types of factors that work best for them and provide options for reducing sign-in friction such as, “remember me on this machine” so that users are only prompted when signing in from an unknown device. The utilization of MFA not only provides an extra layer of security beyond a strong password, but also allows the freedom for the user to customize their platform experience without compromising identity security.
Suspicious sign-in alerts. A comprehensive security requires a dedicated end-to-end effort. Enlist your users to help keep their accounts safe. When you detect a suspicious sign-in or a sign-in from a new device, send a note alerting the user of the activity and ask them to verify it or change their password.
Learn more about Okta’s vision and approach to security here.