Green Armor: M.I.T.-Harvard Research Paper Underscores the Importance of Leveraging Psychology in the Design of Authentication Systems

7 February 2007

Report Describes Ineffectiveness of Popular Authentication System Resulting From Failure to Adequately Address Human-Factors Issues

Hackensack, NJ - Green Armor Solutions today noted that a research paper published on Sunday by researchers at M.I.T. and Harvard underscores the importance of Green Armor’s long-held claim that leveraging psychology in the design of a website authentication system is critical in order to ensure the long-term effectiveness of the system.

The study, The Emperor’s New Security Indicators, describes the failure of a popular site-authentication system to adequately protect online banking users from phishing and Internet fraud during studies run by researchers last year.

Many of the concerns and tests described in the M.I.T.-Harvard paper were previously discussed and conducted in research performed by Green Armor Solutions’ founder Shira Rubinoff in 2004 and 2005, and much of the integral design of Green Armor’s Identity Cues series of products was created specifically to address issues such as those discussed in the M.I.T.-Harvard research.

“As described in the M.I.T.-Harvard study, and as published in Green Armor’s research findings, site-authentication vulnerabilities often stem from human weaknesses, not technological deficiencies,” noted Shira Rubinoff, Founder and President of Green Armor Solutions. “By properly leveraging psychology in the design of a product we can create authentication offerings that are more effective and more secure than the one described in the M.I.T.-Harvard report.”

Green Armor’s site-authentication technology, for example, offers numerous advantages over the system tested in the M.I.T.-Harvard report. Psychologically-sound visual cues are used to prove site authenticity instead of images (which are problematic for numerous reasons as described in the research reports authored by M.I.T.-Harvard and Green Armor). Green Armor’s patent-pending medium for achieving site authentication without requiring users to enroll or to undergo a multi-step login process, as well as its multiple defenses against man-in-the-middle attacks, are also important differentiators.

In addition, as opposed to the system mentioned in the study, the Green Armor system does not require the use of challenge questions, and, therefore, does not increase risks of Identity Theft by conditioning users to answer sensitive challenge questions over the Internet before they know the identity of the party asking the questions.

Furthermore, both Green Armor’s white paper (describing its research findings) and the M.I.T.-Harvard study discuss the problem of users not consciously paying attention to images used for site authentication; while such a phenomenon is a critical problem for most site-authentication systems, Green Armor’s technology utilizes several significant patent-pending design elements to help address this issue, and remains effective even if users do not make an active effort to check site validity.