On Mar 21, 2006, at 12:37 AM, Dave Crocker wrote:
Security – Consistent user experience
This one sounds interesting. How does user experience consistency
affect
security? (Is there any empirical basis for this?)
The good news is that there are certainly people working on
developing an empirical basis for this. At last week's W3C Workshop
on Web Authentication, this was a major topic of discussion in the
room and in several position papers <http://www.w3.org/2005/Security/
usability-ws/papers/>. If you run into Stuart Schecter at this IETF,
be sure to talk to him about the work MIT Lincoln Labs are doing on
the topic.
At the risk of oversimplifying, the argument is that if users are
very familiar with one frequently-used self-identification mechanism
(which may be a password login), then it will be that much more
difficult for bad actors to "phish" the user to provide credentials
to any agent other than the real provider of that mechanism.
Lisa
_______________________________________________
dix mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/dix
