Extended Validation Certificates Certifiably Useless
EV certificates are being touted as a means to help users identify fraudulent sites and thwart phishing. But a study suggests they actually do very little to help fend off
February 16, 2007
A recent study shows that a new antifraud mechanism does little to help users identify phishing sites.
Extended Validation certificates are being touted by the CA/Browser Forum--an association of prominent certificate authorities and browser developers--as a means to help users identify fraudulent sites and thwart phishing. EV certificates require more stringent identification of a domain owner, and the presence of an EV certificate lets browsers provide visual clues to users, such as a green address bar in IE7.
But in a Stanford University study, EV certificates did not help users identify common phishing attacks. The only real information a user will get from an EV certificate is that a particular Web site ponied up extra cash to get one. --Mike Fratto, [email protected]
You May Also Like