[thelist] Security & general user acceptance

Morbus Iff morbus at disobey.com
Thu Oct 25 08:35:33 CDT 2001 

 >I am working on a new site and a fairly new concept that involves online
 >highly confidential legal documents. Does anyone have experience / knowledge
 >in regards to general user acceptance, i.e. what does Joe Bloggs perceive as
 >being secure?  A secure site is always susceptible to intruders.

Welp, make sure your SSL is 128 bit, and make sure that your HTML pages 
literally say that the page is secure - don't depend on the little lock in 
the bottom status bar of the browser.

The 128 bit is important both mentally and technically:

  - banks use 128 bit encryption. if banks do...
  - people who use old browsers are forced to upgrade to brand
    new ones, which is always a good thing to designers, tech's,
    and so on and so forth.

For HTML pages, I always prefer something prominent - something that a 
user  will be able to notice the minute it disappears. Perhaps a top band 
in the page or a different color of a navigation bar. As well as this 
noticable change, there should always be something saying this is secure. 
If a moment's doubt enters a shopper's mind, then you've lost a customer. 
The same sort of trust exists in any instance where security is important.

 >Adding a thick layer of secure functionality's (such as digital signatures
 >and additional software on local machines) will scare users away, especially
 >our audience who are legal practitioners who are reluctant to use IT related
 >technologies such as online services.

I've never done email security, simply because, as you mentioned, it's too 
smart for most common users. Security shouldn't be something you think 
about - it should be an intuitive sort of process. My own experiences in 
the past have mostly been the SSL'd browser, and then a password protected, 
IP restricted directory on the site itself that contained all customer/user 
information. Audit trails were everywhere and after initial patterns 
developed during testing, I wrote some scripts that would email me if the 
patterns changed, allowing for quick turnaround.


--
Morbus Iff ( softcore vulcan porn rulezzzzz )
http://www.disobey.com/ && http://www.gamegrene.com/
please me: http://www.amazon.com/exec/obidos/wishlist/25USVJDH68554
icq: 2927491 / aim: akaMorbus / yahoo: morbus_iff / jabber.org: morbus

More information about the thelist mailing list