16 January 2018
visit www.ebaday.com

Study questions effectiveness of image authentication

06 February 2007  |  7318 views  |  0 Mouse

A joint study by researchers at Harvard and the Massachusetts Institute of Technology (MIT) has found that site authentication images — where customers choose images that appear on a log-in page to prove the authenticity of the Web page — provide little protection to customers.

The study evaluated the effectiveness of authentication measures by asking participants to conduct common online banking tasks. Each time they logged in, they were presented with clues that their connection was insecure.

The research found that the vast majority of participants - 97% - entered their account details and passwords even when their site authentication images had been removed. The remaining three per cent chose not to log-in because of security concerns.

Bank of America, ING and Alliance & Leicester, are among a number of financial firms that have signed up for an image authentication system provided by PassMark Security, a California-based firm that was bought out by RSA Security last year.

Bank of America is using the PassMark technology as the basis of its SiteKey authentication service which is being rolled out to its 14+ million online banking customers. Sanjay Gupta, e-commerce and ATM executive for Bank of America, told New York Times reporters that he was not troubled by the research, adding that the siteKey service was "only a single part of a larger security blanket".

However the study found that the use of site authentication images may cause customers to disregard other important security indicators.

Many sites that have deployed site-authentication images instruct customers that the presence of their images is a sufficient condition for security, when it is only one of many necessary conditions, says the report.

The academic study also found that all customers continued to enter log-in details if HTTPS indicators were removed from the passworrd-entry page. Furthermore over half (53%) entered passwords when a bank's login page was replaced with a warning page.

Read the report here:» Download the document now 859.1 kb (Adobe Acrobat Document)

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

RSA acquires PassMark Security for $44.7 million

RSA acquires PassMark Security for $44.7 million

24 April 2006  |  15370 views  |  0 comments
Scottrade to introduce PassMark two-factor authentication

Scottrade to introduce PassMark two-factor authentication

11 October 2005  |  11058 views  |  0 comments
Yodlee adds PassMark two-factor authentication to aggregation services

Yodlee adds PassMark two-factor authentication to aggregation services

08 June 2005  |  10095 views  |  0 comments
Bank of America to introduce PassMark authentication technology

Bank of America to introduce PassMark authentication technology

26 May 2005  |  12081 views  |  0 comments
PassMark releases two-factor online authentication system in the UK

PassMark releases two-factor online authentication system in the UK

19 April 2005  |  6472 views  |  0 comments
PassMark Security raises $7.7m in series B financing

PassMark Security raises $7.7m in series B financing

14 April 2005  |  6392 views  |  0 comments
Stanford Federal Credit Union signs for PassMark authentication system

Stanford Federal Credit Union signs for PassMark authentication system

04 February 2005  |  6524 views  |  0 comments
PassMark pitches anti-phishing solution

PassMark pitches anti-phishing solution

24 February 2004  |  5575 views  |  0 comments

Related company news

 

Related blogs

Create a blog about this story (membership required)
visit www.capgemini.comvisit www.thomsonreuters.infovisit www.fivedegrees.nl

Top topics

Most viewed Most shared
Buffett rubbishes cryptocurrencies; South Korea preps exchange crackdownBuffett rubbishes cryptocurrencies; South...
11016 views comments | 15 tweets | 17 linkedin
BNP Paribas Asset Management completes fund transaction blockchain testBNP Paribas Asset Management completes fun...
9751 views comments | 14 tweets | 31 linkedin
Crypto mining threatened by power capacity concernsCrypto mining threatened by power capacity...
8765 views comments | 17 tweets | 18 linkedin
Exchanges call for global fintech standardsExchanges call for global fintech standard...
8539 views comments | 17 tweets | 13 linkedin
Kodak announces blockchain plan, share price soarsKodak announces blockchain plan, share pri...
8270 views comments | 29 tweets | 24 linkedin

Featured job

Competitive base + commission + benefits
UK or Germany

Find your next job