[kwlug-disc] Password scam
Giles Malet
gdmalet at gmail.com
Thu Oct 23 10:50:29 EDT 2014
On 14-10-22 03:40 PM, Digimer wrote:
> MBNA has a neat feature.
> When you sign up, you choose a picture. [...]
I'd read about this recently, and how ineffective it is, so tracked it
down again. It's called SiteKey (http://en.wikipedia.org/wiki/SiteKey).
Quoting from the above link (it's Wikipedia, so it must be true):
"A Harvard study found SiteKey 97% ineffective. In practice, real people
don't notice, or don't care, when the SiteKey is missing [...] The
obvious flaw in the design is that a phishing site can get the correct
SiteKey info from the genuine site, then serve it to the user."
On 14-10-23 10:27 AM, Chris Irwin wrote:>
> MBNA no longer has that feature.
Perhaps it was becoming too obvious even to the casual punter that this
little bit of security theatre was just that.
g
More information about the kwlug-disc
mailing list