And that you somehow magically remember whether you chose the yellow flower or the green flower.
-
-
Replying to @_can1357 @McGrewSecurity and
If uou use it regularly, you will notice the change if you are paying attention. You could also store it as a note in your pw manager.
2 replies 0 retweets 0 likes -
Replying to @Helter27 @McGrewSecurity and
No security concerned user will fall for a pishing site nor waste time remembering it, and others won't care eitherway.
2 replies 0 retweets 0 likes -
Replying to @_can1357 @McGrewSecurity and
I disagree with most of this. But even if you are correct, at worst it's harmless.
1 reply 0 retweets 1 like -
It's extra complexity (technical and mental), and is also an indicator of how security controls are designed (in this case: "bring the kitchen sink!").
1 reply 0 retweets 0 likes -
Replying to @buherator @Helter27 and
I don't think it's all that complicated to have a chance at catching/preventing phishing sites by a user not seeing the picture they normally see whenever they log in.
2 replies 0 retweets 0 likes -
Replying to @McGrewSecurity @buherator and
How does it work, when you enter your username a special image is displayed? The phishing site can just POST the username you enter and grab the right image, no? Not really sure what it's supposed to prevent...
4 replies 0 retweets 1 like -
Replying to @taviso @McGrewSecurity and
Sure, but that makes the Phishing attack harder to employ. Also, that gives the site SOC at least an ability to ID/mitigate credential theft, as they would have data on which IPs accessed the login pages.
1 reply 0 retweets 1 like -
Replying to @Helter27 @McGrewSecurity and
I dunno, I don't know how to write an audio driver but I'm still listening music - I just bought one from someone who did. Don't attackers just buy a phishing kit that does it all for them?
1 reply 0 retweets 0 likes -
Replying to @taviso @McGrewSecurity and
Yes, I expect that most do. This would, presumably, make them harder to create/run/manage. It's another thing they have to get right.
1 reply 0 retweets 0 likes
Perhaps, I think I agree with @buherator that it's extra complexity for negligible benefit. They could show a diagram of how to check the address bar instead of asking people to memorize "security images"! If a phishing site copied that detail, that would be bold
-
-
Replying to @taviso @McGrewSecurity and
That's fair I think. To me, it takes less complexity to implement this than it does to defeat it. Generally, anything that puts a tool in the end users hands I'm in favor of, as long as the other edge isn't too sharp.
0 replies 0 retweets 1 likeThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.