- From: Dan Schutzer <dan.schutzer@fstc.org>
- Date: Sat, 17 Mar 2007 07:08:43 -0400
- To: "'Close, Tyler J.'" <tyler.close@hp.com>, <public-usable-authentication@w3.org>
- Cc: "'Dan Schutzer'" <dan.schutzer@fstc.org>
I like these use cases very much, and incidentally, they do make the case for a Safe Web Browsing Mode, which FSTC is very much in favor of testing. -----Original Message----- From: public-usable-authentication-request@w3.org [mailto:public-usable-authentication-request@w3.org] On Behalf Of Close, Tyler J. Sent: Friday, March 16, 2007 5:33 PM To: public-usable-authentication@w3.org Subject: Forwarded feedback on WSC FPWD from Don Norman In another forum, I received feedback from Don Norman on the WSC FPWD. I am forwarding it to our public feedback list with his permission. There's a second email I'll be forwarding after this one. His comments start below. Tyler --- Begin Don Norman's comments ---- I'd like to suggest three more use cases for your group's consideration. All the use cases you provide are for potential rogue sites, which fool the user into accepting them. In my experience, there is also the problem of over-caution. I have watched the incidents below happen. People who have been warned about all the mischief are now overcautious and refuse to accept legitimate sites or actions. Therefore, as your committee goes forth, it is important to consider not only how to detect illegitimate sites, but how to make t possible for the average, non-technical user to be reassured that something is legitimate and proper? 3B, below, is one of the many problems because people do not understand the architecture of compute and web applications and confuse the messenger with the message. If they use Internet Explorer for activities, they identify the activity (mail, banking) with the browser and do not understand that the actual service is hosted somewhere in the cloud, so any browser yields the same result. -- I myself have tried to tell banks that their legitimate emails look identical to scams, and if the respond at al, it is to assure me that they would never do anything wrong. That wasn't my point. My point is, illegitimate emails often look legitimate. Therefore, legitimate emails look illegitimate. How is the recipient to know? Why do legitimate emails still have clickable URLs? ==================== 1. The legitimate financial institution sends out a legitimate note stating that some action is required. Jane, the recipient, knows not to trust such legitimate-looking documents, and immediately deletes it, without acting. 2. A window pops up on the screen stating that an important security update is now available. The message is legitimate (e.g., it is a Microsoft standard message). Henry wonders why his various malware detectors didn't stop it, but immediately closes the window. Over the months, his system falls further and further behind in security updates. 3A. Helen proudly tells her spouse that using Microsoft tried to fool her into using a bank site, so she isn't using Microsoft anymore but instead is using Firefox to do her banking. (Confusion between the browser and the financial institution) 3B. Helen is concerned though. Microsoft is how she reads her mail, and now she doesn't know what to do. She doesn't trust Microsoft mail anymore. What should she do? (Because she reads her web-based email through a particular browser, she identifies the email service with the browser)
Received on Saturday, 17 March 2007 11:09:22 UTC