Q

User account best practices for an investment management website

When creating online user accounts for an investment management website, security is key. Learn user account best practices from IAM expert Randall Gamby.

A well-known investment-management company has a website whereby its clients can access account information and request changes (sales, purchases, etc.). To access the website, users must enter a username, account number, Social Security number and a unique "user defined" (not supplied by the company, but created by the user) password. I think the requirement to use the Social Security number is a bad idea. Is there any professional literature on this, something like "Best Practices on Setting Up User Accounts?"

I agree. Using a Social Security number as a user identifier is never a good idea, but there may be a valid need to collect this information as part of the transaction-verification process for trades. I hope the company vetted the need for this information vs. the risk of using it.

But per your question, the Electronic Frontier Foundation (EFF) has an excellent white paper for Online Service Providers (OSPs) who "provide links between their users and the Internet, offering bandwidth, email, Web and other Internet services." It contains information that any organization looking to provide Internet-facing applications should read.

For more information:

This was first published in October 2009
This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close