叠加层是否更容易受到网络钓鱼的影响?

发布于 2024-10-20 19:51:18 字数 652 浏览 7 评论 0原文

在从事 Web 开发项目时,功能要求用户浏览网站,然后登录并执行非常敏感的功能。登录和后续功能托管在不同的站点上(抱歉,由于敏感性,我可以更具体)

UI 考虑的选择是:

  1. javascript 覆盖
  2. 弹出窗口
  3. 在整个页面中

加载 当前的开发和原型用户测试已经完成在覆盖层上没有任何问题。人们担心覆盖层不会显示地址栏,因此 SSL 证书更容易受到网络钓鱼的影响。

在这方面,弹出窗口或整页会更好,但我读过的研究表明用户不关注被动指标: http://www.usablesecurity.org/emperor/

弹出窗口也存在弹出窗口拦截器的问题,覆盖看起来最好,并提供最少的破坏性用户体验,即用户感觉他们没有离开原始站点

那么考虑安全性、可用性和设计的最佳选择是什么?

相关问题:在覆盖层中加载 iframe 是否有任何问题?例如滚动条等?

编辑:问题更多的是如何在覆盖层、弹出窗口或重定向上呈现安全登录页面以在整个页面中加载登录信息。我将编辑问题以明确这一点

编辑:如果使用覆盖层,任何显示网络钓鱼增加的研究或研究的链接对于说明情况都非常有用

Working on a web development project, functionality requires a user to navigate through the website then login and perform a very sensitive function. The login and subsequent functionality is hosted on a different site (sorry I can'be be more specific due to sensitivity)

Choices considered for the UI are:

  1. A javascript overlay
  2. A popup
  3. Load in the full page

The current development and prototype user testing has been on an overlay with no problems. There is concern that an overlay does not show the address bar and the SSL certificate therefore is more susceptible to phishing.

A popup or a full page would be better in this respect but I have read studies that show users do not pay attention to passive indicators:
http://www.usablesecurity.org/emperor/

Popups also have the problem with popup blockers, the overlay looks the best and provides the least disruptive user experience, i.e. user feels they have not left the original site

So what is the best option considering security, usability and design?

Related question: is there any problems with loading an iframe within an overlay? e.g. scrollbars etc?

Edit: The question is more how to present the secure login page on an overlay, a popup or redirect to load the login in the full page. I'll edit the question to make this clear

Edit: Any links to research or studies showing increased phishing if an overlay is used would be very useful for making the case

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

土豪我们做朋友吧 2024-10-27 19:51:18

只需将用户重定向到安全登录页面并自定义其外观即可。确保安全登录页面 URL 每次都相同。您可能想看看 Stack Overflow(程序员的大型网站)如何处理 OpenID 登录。

Just redirect the user to login on the secure login page and customize its look. Make sure the secure login pages url are the same every time. You might wanna have a look at how Stack Overflow (a big website for programmers) handle logins with OpenIDs.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文