Managing Passwords for E-Commerce Website Accounts
How many passwords do you currently have for accessing your active online accounts? I don’t know either. Consumers today have accounts for all kinds of online services, both financial and other types. Unless we use the same password for all of our accounts or write them down and store them physically or electronically, either of which by the way would put us in a very vulnerable position if a criminal got a hold of it, chances are that we would at times forget one or two of them. In fact, this is almost certain to happen, as different websites use different password formats, regulating the length of the password, the use of capital letters and numbers, etc., so it’s difficult to stick to a single pattern for all accounts.
E-commerce merchants should have in place a simple and straightforward procedure for managing customer passwords. While you want to make sure that only your customer has access to his or her account information, you will also want to make it easy for them to retrieve their forgotten password. Consider implementing the following suggestions:
- Whenever a customer has troubles signing into his or her account or states that he or she has forgotten the password, you should use security information that was provided when the account was first set up to verify your customer’s identity. The process should follow these steps:
- When creating a new account, ask your customer to select a question from a list – such as a father’s middle name, favorite movie, favorite sports team, etc. – and provide the correct response. For better protection, ask your customer to repeat the process two or three times.
- Whenever a returning customer has forgotten the account password, ask the customer for the correct answer to the one of the questions that he or she selected at registration.
- Verify the answer and, if correct, ask your customer to reset their password. You can do that by opening up in your customer’s browser a form asking for a new password to be created and re-entered. Send your customer a confirmation email to acknowledge that the password was updated successfully, but do not include the new password in the email! Email is not a safe form of communication and you should not use it for transmitting sensitive information.
- Use hint words to help customers remember passwords. The process of selecting and implementing hint words should follow these steps:
- Ask the customer during the registration process to select a hint for his or her password.
- Display the hint word on your website if the customer enters the wrong password when trying to log into his or her account.
Your password retrieval process should be automated and customers should be able to reset passwords quickly and without complications. In case there are technical issues, or if customers need additional help, provide a customer service phone number and make sure incoming calls are answered quickly. If you receive a call from a customer who cannot reset his or her password, verify their identity using the personal information that you have on file for them.
Image credit: Webanywhere.