[thelist] Security & general user acceptance
Morbus Iff
morbus at disobey.com
Thu Oct 25 08:35:33 CDT 2001
>I am working on a new site and a fairly new concept that involves online
>highly confidential legal documents. Does anyone have experience / knowledge
>in regards to general user acceptance, i.e. what does Joe Bloggs perceive as
>being secure? A secure site is always susceptible to intruders.
Welp, make sure your SSL is 128 bit, and make sure that your HTML pages
literally say that the page is secure - don't depend on the little lock in
the bottom status bar of the browser.
The 128 bit is important both mentally and technically:
- banks use 128 bit encryption. if banks do...
- people who use old browsers are forced to upgrade to brand
new ones, which is always a good thing to designers, tech's,
and so on and so forth.
For HTML pages, I always prefer something prominent - something that a
user will be able to notice the minute it disappears. Perhaps a top band
in the page or a different color of a navigation bar. As well as this
noticable change, there should always be something saying this is secure.
If a moment's doubt enters a shopper's mind, then you've lost a customer.
The same sort of trust exists in any instance where security is important.
>Adding a thick layer of secure functionality's (such as digital signatures
>and additional software on local machines) will scare users away, especially
>our audience who are legal practitioners who are reluctant to use IT related
>technologies such as online services.
I've never done email security, simply because, as you mentioned, it's too
smart for most common users. Security shouldn't be something you think
about - it should be an intuitive sort of process. My own experiences in
the past have mostly been the SSL'd browser, and then a password protected,
IP restricted directory on the site itself that contained all customer/user
information. Audit trails were everywhere and after initial patterns
developed during testing, I wrote some scripts that would email me if the
patterns changed, allowing for quick turnaround.
--
Morbus Iff ( softcore vulcan porn rulezzzzz )
http://www.disobey.com/ && http://www.gamegrene.com/
please me: http://www.amazon.com/exec/obidos/wishlist/25USVJDH68554
icq: 2927491 / aim: akaMorbus / yahoo: morbus_iff / jabber.org: morbus
More information about the thelist
mailing list