P17. Account security (digital platforms)

The company should help users keep their accounts secure.

Elements:

  1. Does the company clearly disclose that it deploys advanced authentication methods to prevent fraudulent access?
  2. Does the company clearly disclose that users can view their recent account activity?
  3. Does the company clearly disclose that it notifies users about unusual account activity and possible unauthorized access to their accounts?

Definitions:

Account / user account — A collection of data associated with a particular user of a given computer system, service, or platform. At a minimum, the user account comprises a username and password, which are used to authenticate the user’s access to his/her data.

Clearly disclose(s) — The company presents or explains its policies or practices in its public-facing materials in a way that is easy for users to find and understand.

Notice / notify — The company communicates with users or informs users about something related to the company or service.

Users — Individuals who use a product or service. This includes people who post or transmit the content online as well as those who try to access or receive the content. For indicators in the freedom of expression category, this includes third-party developers who create apps that are housed or distributed through a company’s product or service.

Indicator guidance: Companies should help users keep their accounts secure. They should clearly disclose that they use advanced authentication techniques to prevent unauthorized access to user accounts and information. We also expect companies to provide users with tools that enable them to secure their accounts and to know when their accounts may be compromised.

Potential Sources:

  • Company security center
  • Company help pages or community support page
  • Company account settings page
  • Company blog
No Comments

Post A Comment

Sign up for the RADAR

Subscribe to our newsletter to stay in touch!