Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This is the single biggest UI mistake for security in browsers.

How do I explain to my grandmother when a banking site is safe? "Yeah, so, it has to start with 'https://', but only at the beginning, and then it has to END with "thebank.com", OR, before the third slash (so not the ones after https://). So find the third /: is there no third /? Then it must end with thebank.com. Is there one? Then before that it must have thebank.com. Yeah it's the part that's blacker! Exactly. It's not super clear but.... Ok forget it. Click the padlock and read the name of the company. And make sure it's from the same country, at least."



Tell her as I tell mine: The security behind the internet has at this point proven to be so fallible that it may as well not even be called security. The advice we I.T. folk have been preaching all these years [but quietly ignoring ourselves] is so much more profound than even we thought. You're safer to continue taking your bankbook to the same teller at the same bank you've been dealing with your whole life and continue to hope the bank doesn't get robbed while you're in there - because you're less likely to get killed in a bank robbery than you are crossing the road to get to the bank... both of which are infinitely less likely than your security getting compromised on the internet and your information being leaked to some hacker forum and ending up on the black market - regardless of the bank's laughable promise to you that your information is "safe and secure." It also has the additional upside of getting you out of the house, interacting with other people and keeping the human spirit alive instead of sitting cooped up inside all day.


In theory this is the problem that EV SSL Certificates solve.

[🔒 Bank Entity Inc.] https://yourbank.tld




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: