8 votes

Extended Validation Certificates are (Really, Really) Dead

1 comment

  1. Emerald_Knight Link
    This isn't really surprising, honestly. Even barring the issues outlined in the article, EV certs may be something that "advanced" users would look for, but would otherwise be largely ignored by...

    This isn't really surprising, honestly. Even barring the issues outlined in the article, EV certs may be something that "advanced" users would look for, but would otherwise be largely ignored by your average user. You can't contend with user apathy, and quite frankly, your average user just doesn't care about that little green lock or why it's there.

    If you want to improve security for your users, then it must be baked into the process itself. This is why we have minimum password length requirements and a requirement to avoid obvious passwords, otherwise users would just use "a" or "password" as their password. How we do this effectively for ensuring that users aren't directed toward phishing sites isn't something I have an answer for, but it's a problem that will need to be solved if we want a true solution that does what EV certs were intended to do.

    Security that isn't enforced is no security at all. Plain and simple.

    1 vote