Perhaps there should be a symbol for "trustworthy", that you can't render on a browser. (The browser would detect it and censor it, e.g. by blackening it out). But the browser itself can use it, e.g. in dialog boxes.
>Perhaps there should be a symbol for "trustworthy", that you can't render on a browser.
To expand on this, the web browsers are missing:
1) trusted pixels: Some bank websites implement this idea when you try to sign in. When you enter your id, you are shown a special secret image that you chose when you created the account. If that image isn't there, you should not trust the password field presented. Therefore, any criminal who wants to present a fake bank login screen also has to know the secret image as well. E.g. Chrome could use this technique to show the secret image with dialog boxes truly triggered by Chrome itself instead of painted by malicious HTML.
2) a trusted keyboard sequence that is well-known and standard : Windows operating system had this with Ctrl+Alt+Del. Instead of trusting any login screen, you just press Ctrl+Alt+Del because no user-mode program can hijack that special key sequence. Intercepting it requires a kernel patch or a registry hack. A similar idea could be used in browsers to toggle a special keyboard mode that disables all javascript keyboard events. This mode may be useful for password fields or as a special key sequence to "unstack" hidden buttons, etc.
Someone tried defeating the secret-image security... it turns out all it takes is a static image saying "Error with Secret Image Server, call us if the problem lasts more than 24 hours."
>3. Real bank website shows fake bank website your "secret" image.
I had left out some implementation details for brevity. Any first time use of a "new" computer to access the online account requires verification from the bank. (E.g. random code is emailed.) At that point, a bank cookie is set. The bank doesn't show the secret image unless the computer already has a cookie from a previous verification.
A fake webpage that tries to forward credentials to a "robo" browser on a computer in Russia wouldn't have that cookie so they'd never be able to see the secret image.
There are probably other security checks the banks do such as ip blacklists etc.
The secret image isn't foolproof but it's an extra signal to signify trust. Likewise, 2-factor authentication with mobile phones isn't foolproof either and can also be hacked.
Banks should notice a new IP/browser and then force 2 factor authentication before showing the image. ex: Sending a text. Which would make Users far more suspicious as rather than a normal login they see one of those "we don't recognize your browser" screens. The bank can also track the 3rd party connection to their servers making this more tricky to get away with. So, while not fool proof done correctly it is actually very useful.
However, a website would not have access to the browsers image unless the machine was already compromised.
Hm... the way I remember this feature (forgot where it was) is that your custom image is stored in your browser (localstorage?), not on the remote site. So when you see your image, you know it's the same origin. (E.g. not a similar URL with two letters swapped, I guess.)
That's not an issue though if we're talking about the browser UI, as there's no way for a website (malicious or otherwise) to obtain secret image data from the browser.
Sorry for not being clear. For the Chrome implementation of the secret image, I was thinking that the user would store it locally inside of Google Chrome configuration. E.g. in "chrome://settings" or "chrome://flags", the user sets the secret image (e.g. a photo of their cat or whatever.)
Oops, I was the one being unclear. I was just going off on a tangent about the HTML ones that some banks use. A native one indeed wouldn't have the problem I'm mentioning.
True. Like the other commenter noted, perhaps we could use a special key-combination (or perhaps a new key even) to enter a secure mode. Pressing that key-combination could trigger the area above the line-of-death to increase in size. Then it could show more security-related information, and perhaps even password entry fields. Just brainstorming here.
I think that'll end up back firing by making a single target a lot of people will aim to break, creating an arms race that the browser will lose on occasion, to great determent to its users.
To expand on this, the web browsers are missing:
1) trusted pixels: Some bank websites implement this idea when you try to sign in. When you enter your id, you are shown a special secret image that you chose when you created the account. If that image isn't there, you should not trust the password field presented. Therefore, any criminal who wants to present a fake bank login screen also has to know the secret image as well. E.g. Chrome could use this technique to show the secret image with dialog boxes truly triggered by Chrome itself instead of painted by malicious HTML.
2) a trusted keyboard sequence that is well-known and standard : Windows operating system had this with Ctrl+Alt+Del. Instead of trusting any login screen, you just press Ctrl+Alt+Del because no user-mode program can hijack that special key sequence. Intercepting it requires a kernel patch or a registry hack. A similar idea could be used in browsers to toggle a special keyboard mode that disables all javascript keyboard events. This mode may be useful for password fields or as a special key sequence to "unstack" hidden buttons, etc.