Site-Authentication Images Ensure Web Safety Only 10% Times
Online bankers tend to evade critical signs and hints regarding the potential compromise of any banking site, say researchers at Harvard University and the Massachusetts Institute of Technology in a working draft of a study they released on February 4, 2007.
The big financial institutions and e-commerce portals ask their online customers to avoid entering passwords when they can't see or select a picture or symbol like a number, pet or chess piece, on their websites. However, the study assessing the behavior of visitors to the website of Bank of America discovered that site-authentication images worked only sometimes - just 10% of the normal time.
The research worked with 67 user respondents. The study conducted three security tests with different parameters due to which everybody could not qualify to be part of the results. The study asked the users to perform general Internet banking tasks. It also took necessary precautions so that users were not exposed to risk.
The first test involved HTTPS indicators that show the active status of an encrypted connection. The HTTPS indicators were deleted from the address bar in the test along with the lock that shows up in the right corner at the bottom of Internet Explorer 6. The study found all the 67 users to continue with their transactions although the non-visibility of HTTPS indicators in a security warning.
In another test, researchers substituted a password-entry page with a warning page in Internet Explorer 7 Beta 3. The warning page suggests the presence of a problem with the security certificate of the selected website. Despite the appearance of that page, 30 of 57 participants typed their passwords.
In the third test, researchers removed the site-authentication image as well as the HTTPS indicators, implying the site may be a phishing site. The study found that only two of the 60 participants restrained from logging in.
The premise of the study is that site-authentication images ensure security for customers as they are not supposed to enter their passwords when the correct image is not visible. The results of the study say the premise is right only 10% of the time.
Related article: South Korea Becomes Infamous For Being World’s Fifth Spamme
» SPAMfighter News - 12-02-2007