Study Finds Bank of America SiteKey is Flawed

Study Finds Bank of America SiteKey is Flawed 335

Posted by Hemos on Monday February 05, 2007 @11:49AM from the trying-something-new dept.

An anonymous reader writes "The NYT reports on a Harvard and MIT study, which finds that the SiteKey authentication system employed by Bank of America is ineffective at prevent phishing attacks. SiteKey requires users to preselect an image and to recognize this image before they login, but users don't comply. 'The idea is that if customers do not see their image, they could be at a fraudulent Web site, dummied up to look like their bank's, and should not enter their passwords. The Harvard and M.I.T. researchers tested that hypothesis. In October, they brought 67 Bank of America customers in the Boston area into a controlled environment and asked them to conduct routine online banking activities, like looking up account balances. But the researchers had secretly withdrawn the images. Of 60 participants who got that far into the study and whose results could be verified, 58 entered passwords anyway. Only two chose not to log on, citing security concerns.' The study, aptly entitled "The Emperor's New Security Indicators", is available online."

Study Finds Bank of America SiteKey is Flawed

Search 335 Comments Log In/Create an Account

Comments Filter:

Re:Flawed system or flawed usage? (Score:1, Funny)

by Anonymous Coward writes: on Monday February 05, 2007 @01:29PM (#17891630)

Yeah, that's what I told my girlfriend after I tried to stick it...

Uh... Nevermind.

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Study Finds Bank of America SiteKey is Flawed 335

Study Finds Bank of America SiteKey is Flawed More Login

Study Finds Bank of America SiteKey is Flawed

Re:Flawed system or flawed usage? (Score:1, Funny)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot