Is an overlay more susceptible to phishing?
Working on a web development project, functionality requires a user to navigate through the website then login and perform a very sensitive function. The login and subsequent functionality is hosted on a different site (sorry I can'be be more specific due to sensitivity)
Choices considered for the UI are:
- A javascript overlay
- A popup
- Load in the full page
The current development and prototype user testing has been on an overlay with no problems. There is concern that an overlay does not show the address bar and the SSL certificate therefore is more susceptible to phishing.
A popup or a full page would be better in this respect but I have read studies that show users do not pay attention to passive indicators: http://www.usablesecurity.org/emperor/
Popups also have the problem with popup blockers, the overlay looks the best and provides the least disruptive user experience, i.e. user feels they have not left the original site
So what is the best option considering security, usability and design?
Related question: is there any problems with loading an iframe within an overlay? e.g. scrollbars etc?
Edit: The question is more how to present the secure login page on an overlay, a popup or redirect to load the login in the full page. I'll edit the question to make this clear
Edit: Any links to research or studies showing increased phishing i开发者_StackOverflowf an overlay is used would be very useful for making the case
Just redirect the user to login on the secure login page and customize its look. Make sure the secure login pages url are the same every time. You might wanna have a look at how Stack Overflow (a big website for programmers) handle logins with OpenIDs.
精彩评论