|
|
|
|
|
|
by mcherm
4872 days ago
|
|
|
I disagree. Unless the user is intentionally TRYING to break the system, it is probably not the user's fault. It is IT's fault for failing to make it easy for the user to understand. For instance, how about if the login page says in big bold letters: "This is the ONLY page you should ever enter your password on." With this tiny change, moderately competent users are much better protected from phishing attempts that use something like Google Docs forms... although that still hasn't protected them from something like a hand-crafted phishing site. Other techniques can help with this: for example, you could offer a bounty: pay real dollars for the first person to report any phishing site resembling your login page. Some steps are up to the user, but instead of BLAMING the user, make it EASY for the user. |
|
|