13 May 2008

A good step towards sealing off phishers

Recently while logging in to my Flickr account (its via Yahoo ever since that acquisition), I happened to notice their "sign-in seal" link. I'd seen it & ignored it on previous visits but nowadays since my mind is engrossed in the aspects of web security, I got curious about it and decidedly gave it a second look.

And I really liked the concept. Its something akin to the captcha concept for dealing with bot programs. What it does is provide a simple mechanism for avoiding Phishing based attacks. It doesn't entirely prevent such attacks but at least provides one way out.

The way it works is - you need to upload some image to Yahoo - which will then associate that image with your account & display that image whenever you login to your account on that computer. So whenever you visit the yahoo login page on your computer, you will see that image. it assures you that you are visiting the right site indeed. If you chance to open a forged yahoo link - then it will display the standard yahoo login page - thereby raising a thought in your mind regarding the authenticity of that page.

The down side is that - it will work only on your computer - on which you created the sign-in seal. Also, since the image is stored on your computer, an OS upgrade or reformatting might need you to recreate the sign-in seal.

But still its a pretty good way of secure browsing on your home computer / laptop against increasing phishing tricks. Probably Google & other industry giants will also follow suit.

No comments :

Post a Comment