Since the launch of Netscape, browsers have played an important role in identifying suspicious connections and enforcing good security practices. They did this by recognizing trustworthy certificate authorities (CAs). In lieu of a central, trusted CA, the master list of CAs maintained by browsers became the arbiter of whose certificates were valid. Identity certificates require domain owners to verify their organization unlike the anonymous certificates routinely used to secure phishing sites.
Extended Validation certificates provide assurance of the true ownership and identity of a website, because the issuers take extra steps before providing certification. Identity provides digital forensics affording users with recourse in the event of fraud. Since 2008, browsers have encouraged this good behavior by providing an indicator in the user interface that lets someone browsing know immediately whether the website uses an EV cert. Now, browsers are taking a step back from this practice -- to the detriment of overall security and the benefit of bad actors.
As browsers sideline an important security feature, how can companies maintain trusted relationships with their customers and comply with increasingly stringent data protection regulations around the world?
Join us for an exclusive webinar, featuring security expert Richard Stiennon, Chief Research Analyst for IT-Harvest, to find out. Register today to watch now!