Link: Study Finds Security Flaws on Web Sites of Major Banks
"Internet security experts have long known that simple passwords do not fully defend online bank accounts from determined fraud artists. Now a study suggests that a popular secondary security measure provides little additional protection."
This is a pretty poor piece on site authentication images; the writer suggests that that the technology represents a "security flaw" when in fact the study just faults site authentication images for not working 100% of the time. (By the way, we’re not talking about CAPTCHAs here; instead the MIT study is looking at the personalized images that some sites use to give users a cue that the site they’re viewing is legitimate — so it’s an anti-phishing tactic, not an anti-robot tactic.)
Like anti-spam, anti-phishing is a numbers game that requires multiple modes of defense, and no single mode is going to stop the attacks. Bottom line, if 90% of users don’t notice when a site authentication image is missing, it doesn’t mean the technology is faulty, it means that the technology might have saved the 10% of users who might have been nabbed by a phishing site.
Update: Looks like they softened the original inaccurate headline; now they’re saying that site authentication images are "ineffective," which is also inaccurate. (Site authentication images are "ineffective" in the same way that a gallon of gasoline won’t let you drive 1000 miles.)
No Comments so far ↓
There are no comments yet...Kick things off by filling out the form below.