Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Extended Validation Certificates Certifiably Useless

A recent study shows that a new antifraud mechanism does little to help users identify phishing sites.

Extended Validation certificates are being touted by the CA/Browser Forum--an association of prominent certificate authorities and browser developers--as a means to help users identify fraudulent sites and thwart phishing. EV certificates require more stringent identification of a domain owner, and the presence of an EV certificate lets browsers provide visual clues to users, such as a green address bar in IE7.

But in a Stanford University study, EV certificates did not help users identify common phishing attacks. The only real information a user will get from an EV certificate is that a particular Web site ponied up extra cash to get one. --Mike Fratto, [email protected]