Channel Marker

Feb 6 2007   1:23PM GMT

Site-authentication images may not add security

Brein Matturro Profile: Brein Matturro

Maybe you should wait for a joint Harvard/MIT study to come out on a security measure you’re considering before using it or recommending it to a customer.

According to a recent study on the use of site-authentication images to prevent fraud cited in the New York Times, users didn’t notice when their summary image had disappeared. The idea behind image-based authentication is that a user will refuse to provide their password if their personalized login page has changed. But Stuart Schechter, a computer scientist at the M.I.T. Lincoln Laboratory said “the premise is right less than 10 percent of the time.”

The debate is raging. While Mr. Gupta of Bank of America insists that the security measure makes the site more secure as part of a larger security posture, Rachna Dhamija, the Harvard researcher who conducted the study, argues that site-authentication images “detract from security by giving users a false sense of confidence.”

So is the appearance of security more important than security itself? The moral of the story might be that channel professionals in particular have an obligation to time-test any recommendations they make or security measures they implement.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: