Institute of Electrical and Electronics Engineers
The authors evaluate website authentication measures that are designed to protect users from man-in-the-middle, 'Phishing', and other site forgery attacks. They asked 67 bank customers to conduct common online banking tasks. Each time they logged in, they presented increasingly alarming clues that their connection was insecure. First, they removed HTTPS indicators. Next, they removed the participant's site-authentication image - the customer-selected image that many websites now expect their users to verify before entering their passwords.