Sunday, August 14, 2005

That's Not Right: Bank of America Sign In

I went over to the Bank of America | Home Page | Online Banking Sign In and noticed that the URL of the page was a standard http, instead of the secure https that I'm used to seeing.

Bank of America explains:
Browser security indicators

You may notice when you are on our home page that some familiar indicators do not appear in your browser to confirm the entire page is secure. Those indicators include the small "lock" icon in the bottom right corner of the browser frame and the "s" in the Web address bar (for example, "https").

To provide the fastest access to our home page for all of our millions of customers and other visitors, we have made signing in to Online Banking secure without making the entire page secure. Again, please be assured that your ID and passcode are secure and that only Bank of America has access to them.
So anyone could set up a non secure page and then post a text message that says, "Really, trust us, go ahead, don't worry about anything, we've got it covered."

The whole reason for those security indicators is to give us an indication that the page is secure.

Hey Bank of America, if you're concerend about providing fast access to a secure sign on, how about giving us a dedicated Online Banking Sign In page with the standard security indicators?

1 comment: