P17. Account security (internet and mobile ecosystem companies)

The company should help users keep their accounts secure.

Elements
  1. Does the company clearly disclose that it deploys advanced authentication methods to prevent fraudulent access?
  2. Does the company clearly disclose that users can view their recent account activity?
  3. Does the company clearly disclose that it notifies users about unusual account activity and possible unauthorized access to their account?
Research guidance

Companies should help users keep their accounts secure. They should clearly disclose that they use advanced authentication techniques to prevent unauthorized access to user accounts and information. We also expect companies to provide users with tools that enable them to secure their accounts and to know when their accounts may be compromised.

Potential Sources:

  • Company security center
  • Company help pages or community support page
  • Company account settings page
  • Company blog