- From: Amir Herzberg <herzbea@cs.biu.ac.il>
- Date: Mon, 27 Nov 2006 17:45:31 +0200
- To: "Hallam-Baker, Phillip" <pbaker@verisign.com>
- CC: Amir Herzberg <herzbea@macs.biu.ac.il>, "Michael(tm) Smith" <mikes@opera.com>, public-wsc-wg@w3.org
Hallam-Baker, Phillip wrote: >> [mailto:public-wsc-wg-request@w3.org] On Behalf Of Amir Herzberg >> > > >> Users care about security, and will more and more, thanks to >> the phishers... but this does not mean, they have to >> understand security mechanisms or indicators. As long as the >> indicators and their use are simple and non-obtrusive, users >> will use them. >> > > Any security indicator has to answer the question that the user is already asking. > > Does the user ask 'is this safe?' or do they ask 'is this Bizybank?' ? > Absolutely. Indeed, I believe the correct term for what we look for is `identification and security indicators` - and definitely, the `identification` is the more significant part. Browser security should make it harder for spoofers/phishers to trick users into believing false site identification. The challenge is that users look mostly at the content of the site, which can present fake identification (tokens, etc.). Same for email... Which is why identification indicators, like the secure letterhead (or TrustBar, or PetName...) are useful. Best, Amir Herzberg > > > > . > >
Received on Tuesday, 28 November 2006 07:24:13 UTC