At the Ref Desk (3/25/17): Happy 1st Day of Spring Quarter! [more...]
Subscribe to RSS - Security

Security

Dumb 'Security' Idea About to Be Axed by Bank of America - Finally

Submitted by Leo Klein on Wed, 5/20/15 (3:27pm)

Well, it took them a while but Bank of America is finally saying 'bye-bye' to a particularly ineffective form of online security called 'SiteKey'. Probably better known as a 'security image', the idea was to assign you an image which you were then expected to remember every time you logged in. Yeah, good luck with that.

There actually was research on this. Not surprisingly, researchers found that "users will enter their passwords even if their site-authentication images are absent." Brad Stone summarizing the results in the New York Times put it this way, "Of 60 participants who got that far into the study and whose results could be verified, 58 entered passwords anyway. Only two chose not to log on, citing security concerns."

Of course that was 2007 or more than eight years ago. The NYT article concludes with a comment from one of the original researchers, "sometimes the appearance of security is more important than security itself.”

I'd only add that all too often, the mere mention of 'security' is expected to triumph over everything including common sense. The truth of course is that everything deserves a healthy measure of skepticism.

Captcha of the Day

Submitted by Leo Klein on Tue, 1/9/07 (7:40am)

Hoo Baby! I caught a live one! No less than 10 characters long that you have to input perfectly in order to create an account at Myspace.com!

Fear of the spambot creating too many accounts? Is that the problem? Not that I'm complaining -- this one's worth it. Hello, 'mhhh5h7D7J', nice to meet you! (Though naturally I blew it on the first try.)

U.S. Military: HTML Email Is a Security Threat

Submitted by Leo Klein on Tue, 12/26/06 (5:34am)

The Department of Defense is automatically converting all formatted email (aka 'html' email) to plain text:

The [Joint Task Force for Global Network Operations] mandated use of plain text e-mail because HTML messages pose a threat to DOD because HTML text can be infected with spyware and, in some cases, executable code that could enable intruders to gain access to DOD networks, the JTF-GNO spokesman said.

Attachments like Powerpoint "used for briefings" can still get through. Article here... (h/t ZDNet)

Topic: