illurity-logo
Log in

Site menu:

Categories

Tags

Site search

July 2018
M T W T F S S
« Dec    
 1
2345678
9101112131415
16171819202122
23242526272829
3031  

Links:

Archives

Susceptibility to Identity Theft

We design security products for everyman. We don’t have the luxury of designing products for security-savvy users, nor should we seek solace in the feckless admonition “education is the only solution”. That’s why this report is so alarming. It demonstrates that everyman users of online banking sites provide their credentials:

  • In the absence of HTTPS indicators
  • In the absence of site authentication images (e.g. Passmark/RSA’s SiteKey)
  • In the presence of IE7’s severe certificate warning page (although this did register as a slight deterrent).

Yes – we need to continue the education campaign, but we also need to design better technological measures until the education is pervasive (and we probably shouldn’t hold out breath until then). What would be appropriate in the name of protecting users against this vector of identity theft? Build browsers that prohibit user-input in the event of a certificate mismatch? Require that browsers show the target of form submissions, and prevent the submission (maybe requiring a manual override) in the event of a detectable mismatch? I’d like to hear more suggestion.

Share: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Twitter
  • LinkedIn
  • Facebook
  • email
  • Google Bookmarks
  • del.icio.us
  • StumbleUpon
  • Reddit

You must be logged in to post a comment.