Re: Summary: Growing Bad Practice with Login Forms

[David Telfer <david.telfer () ostechnology co uk>]

On Wednesday 28 Jul 2004 14:27, Ivan Andres Hernandez Puga wrote:

> Anyway, there is no application without user. Why don't you try to learn
> what's wrong with your poin of view instead of blaming the 99% of non
> techie people?

His point of view has some foundation.  Your personal information is 
ultimately your responsibility.  A lot people are wary of real word security 
implications, card skimming and tampered ATM machines for example.  They 
would not insert their bank card into an ATM machine that looked abnormal.

Many of the public would never check public keys or certificates though.  
Surely taking some responsibility for your own personal information should be 
assumed.

On the other hand it is the responsibility of the site developer to be verbose 
as much as possible in security provisions.  Ways to help the "non techie 
people" secure their data should be under constant development.  

I am unable to find the post, but the suggestion of pass phrases that the user 
holds would surely help.  Showing characters x and y to a user and getting 
them to verify them against a given phrase (provided non-electronically, by 
normal post perhaps) would allow the user to verify in her own mind that the 
site is legitimate before entering login information.

> athena () buyukada co uk wrote:
> > > Users are stupid, unpredictable, and applications would function a lot
> > > better without their interaction.

Perhaps intended to be tongue-in-cheek somewhat?  None of us deny the point in 
the technology is for the user.

David Telfer