- From: Serge Egelman <egelman@cs.cmu.edu>
- Date: Fri, 11 Jan 2008 17:54:02 -0500
- To: Anil Saldhana <Anil.Saldhana@redhat.com>
- CC: "public-wsc-wg@w3.org" <public-wsc-wg@w3.org>
Yes, but the point that Ian was making is that that's not an additional
factor. It's just more of the same factor.
serge
Anil Saldhana wrote:
>
> Additional virtual factor is the KBA. Rather than scout for a scanner or
> the retina or the mobile, the picture acts as the additional
> *incomplete* factor.
>
> Ian Fette wrote:
>> Which is still just a single factor (what you know)...
>>
>> On Jan 11, 2008 2:26 PM, Anil Saldhana <Anil.Saldhana@redhat.com> wrote:
>>
>>> Many of the US banks are going towards multi-factor knowledge based
>>> authentication, like displaying a favorite picture of yours and such.
>>>
>>>
>>> Mike Beltzner wrote:
>>>> michael.mccormick@wellsfargo.com wrote:
>>>>> There seems to still be some lingering misunderstanding about the
>>>>> security score. It does not specify how the score should be presented
>>>>> in primary chrome. The UA is free to render it as anything from a
>>>>> padlock to a color-coded address bar to a traffic light to whatever.
>>>>> The raw score is not displayed in the primary UI.
>>>> The disagreement is in that I don't believe a single "score" will ever
>>>> hold value. A recommendation or advice based on a score, is what I
>>>> would
>>>> suggest we advocate in our document.
>>>>
>>>> The user who needs a recommendation for action (ie: "Is this page
>>>> safe?") won't benefit from a score ("72% safe!"), as it won't hold any
>>>> specific meaning to them.
>>>>
>>>> The user who wants to know more about why a specific recommendation has
>>>> been given (ie: "Why are you saying that this page is suspicious, it
>>>> looks like my bank!") won't benefit from a score ("because it's onlye
>>>> 72% safe!") because they need more detail.
>>>>
>>>> Both of these users are served by a system where security risks are
>>>> called out by the browser ("Note: This page is suspicious!
>>>> (Details...)") and then further explanation is given (the certificate
>>>> changed, it's not high on the network of trust, etc).
>>>>
>>>> cheers,
>>>> mike
--
/*
PhD Candidate
Vice President for External Affairs, Graduate Student Assembly
Carnegie Mellon University
Legislative Concerns Chair
National Association of Graduate-Professional Students
*/
Received on Friday, 11 January 2008 22:54:49 UTC