Extended Validation Certificates Certifiably Useless

EV certificates are being touted as a means to help users identify fraudulent sites and thwart phishing. But a study suggests they actually do very little to help fend off

February 16, 2007

1 Min Read
Network Computing logo

A recent study shows that a new antifraud mechanism does little to help users identify phishing sites.

Extended Validation certificates are being touted by the CA/Browser Forum--an association of prominent certificate authorities and browser developers--as a means to help users identify fraudulent sites and thwart phishing. EV certificates require more stringent identification of a domain owner, and the presence of an EV certificate lets browsers provide visual clues to users, such as a green address bar in IE7.

But in a Stanford University study, EV certificates did not help users identify common phishing attacks. The only real information a user will get from an EV certificate is that a particular Web site ponied up extra cash to get one. --Mike Fratto, [email protected]

SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights