[kwlug-disc] Password scam
Digimer
lists at alteeve.ca
Thu Oct 23 11:18:55 EDT 2014
On 23/10/14 10:50 AM, Giles Malet wrote:
> On 14-10-22 03:40 PM, Digimer wrote:
>> MBNA has a neat feature.
>> When you sign up, you choose a picture. [...]
>
> I'd read about this recently, and how ineffective it is, so tracked it
> down again. It's called SiteKey (http://en.wikipedia.org/wiki/SiteKey).
>
> Quoting from the above link (it's Wikipedia, so it must be true):
>
> "A Harvard study found SiteKey 97% ineffective. In practice, real people
> don't notice, or don't care, when the SiteKey is missing [...] The
> obvious flaw in the design is that a phishing site can get the correct
> SiteKey info from the genuine site, then serve it to the user."
>
> On 14-10-23 10:27 AM, Chris Irwin wrote:>
> > MBNA no longer has that feature.
>
> Perhaps it was becoming too obvious even to the casual punter that this
> little bit of security theatre was just that.
>
> g
Ya, I suppose that's true. I guess I don't have a villainous enough mind
to think of how easy it is to bypass security. :P
--
Digimer
Papers and Projects: https://alteeve.ca/w/
What if the cure for cancer is trapped in the mind of a person without
access to education?
More information about the kwlug-disc
mailing list