, 2006-06-05
Phishing works for so many reasons, we need to rethink browser and user interface design to provide some real-life security to the average user who doesn't see or understand the security cues.
Expand all |
Post comment
Sure. Lots of ideas...
2006-06-05
Anonymous (2 replies)
Anonymous (2 replies)
Your First Statement Is Right
2006-06-06
Anonymous (1 replies)
Anonymous (1 replies)
Browsers, phishing, and user interface design
2006-06-06
Anonymous (1 replies)
Anonymous (1 replies)
The article successfully points out that educating users into the various security features present in the web browser is one thing, but when even experienced users fall for the 'vv = w' in a phishing URL, there is something that the legitimate site needs to do to authenticate themselves back to the user.
Alliance & Leicester's online banking has recently introduced such a two-factor authentication tool whereby when you first sign up to the service, you are requested to choose an image from a bank of thousands. When you next log in, the image is displayed before you are prompted for your password so that you know that you are logging into the legitimate site.
This works well alongside A&L's more complex digital fingerprint to authenticate the user to the site.
Will this sort of thing help the majority of users, though, especially those who reload a phishing site just to see an animated bear, and aren't even aware that criminals may want to even set up these fake sites?
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/405/33702#33702