Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in you inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
Go

Site-Authentication Images Ensure Web Safety Only 10% Times

Online bankers tend to evade critical signs and hints regarding the potential compromise of any banking site, say researchers at Harvard University and the Massachusetts Institute of Technology in a working draft of a study they released on February 4, 2007.

The big financial institutions and e-commerce portals ask their online customers to avoid entering passwords when they can't see or select a picture or symbol like a number, pet or chess piece, on their websites. However, the study assessing the behavior of visitors to the website of Bank of America discovered that site-authentication images worked only sometimes - just 10% of the normal time.

The research worked with 67 user respondents. The study conducted three security tests with different parameters due to which everybody could not qualify to be part of the results. The study asked the users to perform general Internet banking tasks. It also took necessary precautions so that users were not exposed to risk.

The first test involved HTTPS indicators that show the active status of an encrypted connection. The HTTPS indicators were deleted from the address bar in the test along with the lock that shows up in the right corner at the bottom of Internet Explorer 6. The study found all the 67 users to continue with their transactions although the non-visibility of HTTPS indicators in a security warning.

In another test, researchers substituted a password-entry page with a warning page in Internet Explorer 7 Beta 3. The warning page suggests the presence of a problem with the security certificate of the selected website. Despite the appearance of that page, 30 of 57 participants typed their passwords.

In the third test, researchers removed the site-authentication image as well as the HTTPS indicators, implying the site may be a phishing site. The study found that only two of the 60 participants restrained from logging in.

The premise of the study is that site-authentication images ensure security for customers as they are not supposed to enter their passwords when the correct image is not visible. The results of the study say the premise is right only 10% of the time.

Related article: South Korea Becomes Infamous For Being World’s Fifth Spamme

» SPAMfighter News - 12-02-2007

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next