Posted by: Brein Matturro
Network and application security, Reseller channel business development
Maybe you should wait for a joint Harvard/MIT study to come out on a security measure you’re considering before using it or recommending it to a customer.
According to a recent study on the use of site-authentication images to prevent fraud cited in the New York Times, users didn’t notice when their summary image had disappeared. The idea behind image-based authentication is that a user will refuse to provide their password if their personalized login page has changed. But Stuart Schechter, a computer scientist at the M.I.T. Lincoln Laboratory said “the premise is right less than 10 percent of the time.”
The debate is raging. While Mr. Gupta of Bank of America insists that the security measure makes the site more secure as part of a larger security posture, Rachna Dhamija, the Harvard researcher who conducted the study, argues that site-authentication images “detract from security by giving users a false sense of confidence.”
So is the appearance of security more important than security itself? The moral of the story might be that channel professionals in particular have an obligation to time-test any recommendations they make or security measures they implement.