Re: User (mis)education [was: Problems with the current user interface] from Mary Ellen Zurko on 2006-12-11 (public-wsc-wg@w3.org from December 2006)

From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
Date: Mon, 11 Dec 2006 11:46:18 -0500
To: mikes@opera.com
Cc: public-wsc-wg@w3.org
Message-ID: <OF87B41962.8369D7F0-ON85257241.005BAFF7-85257241.005C2199@LocalDomain>

> > This is a very specific example, but I think it illustrates my 
> > point ... on Bank of America's site they tell users
> > "  If you recognize your SiteKey, you'll know for sure that you are 
> > at the valid Bank of America site.''
> > 
> > The statement puts the user in a position to completely rely on 
> > SiteKey, and more or less telling then it's ok to ignore any other 
> > security information they might be shown. Not to mention saying 
> > "you'll know for sure" completely ignores the possibility of a MITM 
> > attack.
> > 
> > Specific solutions like SiteKey may be out of scope,
> 
> Actually, I think that's a really good example that probably ought
> to make it into the note.
> 

I agree. Martiza, action-39 is created and assigned to you. I think it 
should go in NoteContent as one of the examples of how sites show security 
content. Perhaps a link from it to user interface problems.

Received on Monday, 11 December 2006 16:46:52 UTC