> I would argue that we should be continually educating our users to not > blindly accept popups of any type...
Pardon my snarktastic tone, but... I presume you gather everybody on campus together in a group on the day before your certificate expires to let them know that "just this one time" they should blindly accept the certificate... ...or when the machine dies... ...or when you upgrade to a faster one... ...or the university decides to use a new CA... ...or any number of valid reasons why the "real" certificate may become invalid and they need to "blindly accept" a new one... ...and how many times does it take before the user simply responds by "blindly accepting" because... well... IT is probably doing *something*? Twice? Once? Tell me what I am missing. Please! Educate *me*. :-[ Sincerely, Mark Linton [EMAIL PROTECTED] www.personal.psu.edu/mhl100 814-865-4698 > -----Original Message----- > From: Michael Griego [mailto:[EMAIL PROTECTED] > Sent: Thursday, October 12, 2006 2:20 PM > To: [email protected] > Subject: Re: [WIRELESS-LAN] 802.1X and Mac Supplicant > > Walter Reynolds wrote: > > > > The problem is that you have the user validate the cart. A hacker could > > provide another cert at a later time and a user, being used to having to > > accept a cert, may just click it. > > > > What we want to do is avoid that. > > I very much understand the usability concerns here. The way to work > around that, though, is to go ahead and set your certificate to be > automatically accepted once validated. This way, if the user is > presented with a popup later, they aren't tempted to click without > checking. Just the presence of the popup should cause them to take > notice and second-guess the validity. > > > > This still allows the availability of users accepting other certs. All > > this will do is allow the cart we "Always accept" to work of EAP > > authentication. It will not prevent other certificates from working. > > No, but with a small amount of user education, it will cause them to > take notice if they're asked to authorize something. > > > > I agree that the exposure is somewhat limited, but it replies on users > > not only setting up the certificate and accepting them, but also to know > > not to accept others which I am not sure they will do. > > > I would argue that we should be continually educating our users to not > blindly accept popups of any type... > > > --Mike > > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
