The New York Times reports on a study authored by CN Fellow Rachna Dhamija. The study, conducted with colleagues at Harvard and MIT, tested a website authentication system currently in use by Bank of America, ING Direct and Vanguard. In this system, online banking customers are asked to select an image that they will see every time they log in to their account. If customers do not see their image, they could be at a fraudulent, or “phishing” Web site, and should not enter their passwords. However, in a usability test, the researchers found that most online banking customers did not notice when the images were absent and provided their passwords.
Public radio’s FutureTense program interviewed Rachna about the study and released a short MP3 of the interview.
More details can be found in the draft paper [PDF], which will be published at the IEEE Symposium on Security and Privacy in May.