- From: Maritza Johnson <maritzaj@cs.columbia.edu>
- Date: Sat, 9 Dec 2006 10:11:28 -0500
- To: "Close, Tyler J." <tyler.close@hp.com>
- Cc: "W3 Work Group" <public-wsc-wg@w3.org>
- Message-Id: <23198CA2-6C7B-4F80-9170-F01AD476B06A@cs.columbia.edu>
> I think our first public Note should also specifically call out the > problems we see with the current display of security context > information. I think this will help us understand the problem we are > trying to solve and encourage us to pull expertise from the many > phishing studies that have been done. Would this also be the place to talk about the problems with how users are taught to interpret current security cues? I think part of the reason some of the current security indicators are ignored/misinterpreted by users ( and exploitable by spoofers ) is due to users receiving either incomplete information, or incorrect information about what they should be looking for. Some examples: Users are told if they see a lock icon the page is secure. However, a lot of the time they aren't told *where* it should be. This allows users to associate favicons, and lock icons in the page content with a page's actual security. This is a very specific example, but I think it illustrates my point ... on Bank of America's site they tell users " If you recognize your SiteKey, you'll know for sure that you are at the valid Bank of America site.'' The statement puts the user in a position to completely rely on SiteKey, and more or less telling then it's ok to ignore any other security information they might be shown. Not to mention saying "you'll know for sure" completely ignores the possibility of a MITM attack. Specific solutions like SiteKey may be out of scope, my point is users shouldn't be taught to rely on just one security indicator when there might be many. It completely undermines the purpose have having multiple security cues. - Maritza http://www.cs.columbia.edu/~maritzaj/
Received on Saturday, 9 December 2006 15:11:45 UTC