September 2018 – Member Login: Login and Security Procedures

As more members manage their accounts online, firms must protect policies and personal information through stringent security practices, starting with login procedures. With increasingly frequent security breaches, it is also more important than ever that firms ensure their sites are secure so that members feel confident in completing tasks online. Firms achieve the most basic account protection by requiring a username and password to access the account. An easily findable and efficient login process ensures members can complete tasks independently, decreasing calls to the firm and saving time and money. This Healthcare Monitor Report examines the authentication and security measures coverage firms employ in the account login process.

Almost all of the 16 Healthcare Monitor firms provide a relatively easy login experience, except for two firms that fail to prioritize homepage findability. Every firm offers a dedicated member login page, often with options to register and recover forgotten credentials. All firms employ a standard login practice requiring a username and password through a single-factor authentication process. Despite the growing prevalence of two-factor authorization in other industries, however, it has not become a health insurance industry standard. Nearly all firms (94%) implement inactivity logout, yet significantly fewer (31%) provide a confirmation notifying users they have successfully logged out. Firms in this report provide login security information and resources to educate members with varying levels of success. While all firms link to privacy practices on login pages, half offer security and fraud prevention tips, and only a quarter promote security services directly on the login pages. Healthcare Monitor firms leave much room for improvement with login and security procedures.

 Are you a Healthcare subscriber?Not a Healthcare subscriber?