illurity-logo
Log in

Site menu:

Categories

Tags

Site search

November 2018
M T W T F S S
« Dec    
 1234
567891011
12131415161718
19202122232425
2627282930  

Links:

Archives

Susceptibility to Identity Theft

We design security products for everyman. We don’t have the luxury of designing products for security-savvy users, nor should we seek solace in the feckless admonition “education is the only solution”. That’s why this report is so alarming. It demonstrates that everyman users of online banking sites provide their credentials:

  • In the absence of HTTPS indicators
  • In the absence of site authentication images (e.g. Passmark/RSA’s SiteKey)
  • In the presence of IE7’s severe certificate warning page (although this did register as a slight deterrent).

Yes – we need to continue the education campaign, but we also need to design better technological measures until the education is pervasive (and we probably shouldn’t hold out breath until then). What would be appropriate in the name of protecting users against this vector of identity theft? Build browsers that prohibit user-input in the event of a certificate mismatch? Require that browsers show the target of form submissions, and prevent the submission (maybe requiring a manual override) in the event of a detectable mismatch? I’d like to hear more suggestion.

Share: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Twitter
  • LinkedIn
  • Facebook
  • email
  • Google Bookmarks
  • del.icio.us
  • StumbleUpon
  • Reddit

You must be logged in to post a comment.