Citibank discloses private information to improve security
Amir Herzberg
herzbea at macs.biu.ac.il
Tue May 31 11:05:59 EDT 2005
> With bank web sites, experience has shown that only 0.3%
> of users are deterred by an invalid certificate,
> probably because very few users have any idea what a
> certificate authority is, what it does, or why they
> should care. (And if you have seen the experts debating
> what a certificate authority is and what it certifies,
> chances are that those few who think they know are
> wrong)
Well, I have some usability tests that seem to prove your intuitive
claim that most users don't know what's a CA. I don't know about
arguments between experts on this. I think however that even naive users
understand quite the TrustBar UI for SSL protected sites. We display
something like <name/logo of site> identified by <name/logo of CA>. I'll
appreciate your thoughts/feedback, try it at http://TrustBar.MozDev.org.
--
Best regards,
Amir Herzberg
Associate Professor
Department of Computer Science
Bar Ilan University
http://AmirHerzberg.com
New: see my Hall Of Shame of Unprotected Login pages:
http://AmirHerzberg.com/shame.html
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list