While security is a broad topic and is been innovated throughout the entire web2.0 era. For this modern web days, it is vital that "users" takes part of the responsiblity of securing their information in the public domains (internet/web).
Providers should be aware of this...
Not only limited to acquiring the information from the users but also making sure that the data on the records are up-to-date.
What are some of the approach you can use?
Experiment #1:
Trying not to bug and annoy your users, it's important that you flag an alert or notification in an event basis. This way, you'll be able to send your users your personal note and envelop a probing question.
Credits to: https://dribbble.com/shots/1315388-Dashboard-Web-App-UI-Job-Summary
If you're somewhat minimalist, you can try adding a symbol that catches ones attention. Applying a "mouse hover" function that enables a bubble text to pop-up asking the same question.
Credits to: https://dribbble.com/shots/1315388-Dashboard-Web-App-UI-Job-Summary
Experiment #2:
Amazon is very good at this. If you've seen the AWS Dashboard (Console), under IAM Service, there's a section where they tell you how old is the credential(s) attached to a particular account -- giving users/admin the heads-up of what needs to be done.
Experiment #3:
Who says email is dead? For something this important, sending an email to users will be more appreciated than none. Just make sure you use proper wordings and explain briefly what the email is all about.
In the modern web, security is a shared responsibility. Providers should be the one initiating what needs to be done and making sure users will take part of it. There's no perfect system but there is a -- somehow perfect security protocol.
Remember the basics in security "A chain is only as strong as its weakest link."
