"The biggest issue is the general population doesn't know what SSL is, why they're using it, and it's ingrained in them that it always makes them secure, which is not always the case," says Tyler Reguly, senior security engineer for nCircle. While 83 percent of users check they're using an SSL-secured session before entering their credit card information on a Website, only 41 percent do so when typing in their passwords. To make matters even worse, "You see surveys saying that anywhere from 30 to 60 percent of users are using the same password everywhere, so they're probably using it for on-line banking, too."
According to this article at DarkReading, this problem isn't confined to just end-users. More than half of the respondents don't know what Extended Validation SSL (EVSSL) is and how it differs from SSL, while 36 percent say they do. Interestingly, most of them are aware that SSL traffic can be sniffed without their knowledge. Even so, nearly one-third say the only purpose of SSL is to encrypt their traffic so it can't be sniffed.
Lots more interesting statistics in the article regarding how many people in the survey commit a variety of security sins.
Cheers,
Dave
Subscribe to:
Post Comments (Atom)
About Me
- DaveAtFraud
- B.Sc. ('78) and M.Sc. ('80) in Math from Ohio State followed by 12 yrs at TRW and a variety of software development positions since then. Currently living in Colorado and enjoying "trial retirement". For fun I climb mountains in the summer and ski down them in the winter, fix gourmet food and have an excellent wine cellar.
Good article. Again, the problem is not the technology, but the human factor, how well someone understands the technology.
ReplyDelete