Another study on users' attentiveness, this time based on Sitekey (which uses self-selected images to help users verify they are visiting a trusted site). Apparently users accept that stuff changes all the time on websites/browsers while their habits do not.
http://usablesecurity.org/emperor/ "Absence of indicators that SSL is used, and absence of an image-based site authenticity indicator (such as SiteKey -- although the authors do not mention which bank was involved in the study -- are almost entirely ignored by subjects. Only a relatively dire IE7-style warning page seems to dissuade the subjects, and even then over a third logged in even when their real credentials, at their real bank, were involved." _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
