IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [sitekey]

SiteKey is a system for mutual authentication intended to protect users from phishing.

5 questions
56
votes
4 answers

Effectiveness of Security Images

Do security images such as those presented upon logging into banks provide any tangible security benefits, or are they mostly theater? Per my understanding, if somebody is phishing your users, it's also trivial for them to proxy requests from your…
Stephen Touset
  • 5,736
  • 1
  • 23
  • 38
33
votes
2 answers

What is this authentication method/approach called?

Background: I want to implement something like this in our websites, and I'm looking for advice and possibly APIs that allow this out of the box rather than re-inventing the wheel, but I can't even figure out the right search terms. As seen on my…
David Stratton
  • 2,646
  • 2
  • 20
  • 36
19
votes
3 answers

Is SiteKey a valid defense against Phishing?

As described here, some banks use a SiteKey mechanism in an attempt to provide a defense against phishing. (This is a scheme where the user is shown a personalized image (each user has their own custom image) after the user enters their username but…
David Stratton
  • 2,646
  • 2
  • 20
  • 36
8
votes
4 answers

Banking application login leaks information

My question is regarding the online banking application of a large credit card organisation. The login process for this application works as follows: User visits the homepage of the bank. User enters their username and clicks login. If the username…
mckiethanks
  • 556
  • 3
  • 12
4
votes
2 answers

Is Yahoo SignIn Seal effective at phishing prevention?

Possible Duplicate: Effectiveness of Security Images Information about the efficacy of Yahoo's SignIn Seal is scarce, the best I could find was this section on Wikipedia's entry on Phishing, claiming that "few users refrain from entering their…
mgibsonbr
  • 2,905
  • 2
  • 20
  • 35