This morning I attempted to login to Flickr, and something was different. My security seal was gone. I have to say that the designer earned his/her paycheque — The visual cue worked perfectly. My screen went from this: To this
Great! I have become aware of a possible scary event! Now how do I act?
The help file says to restart your browser and manually type in the Yahoo! URL. This makes sense as an obvious countermeasure against phishing – but it didn’t help me. My seal is just gone. The help file opines:
- Your cookies were cleared. In some rare instances, if you use certain web browsers and you clear your cookies, you may lose your sign-in seal and you will need to re-create it. Clearing cookies should not remove the seal for most users; however, if your seal disappears, please check that your browser is not set to clear cookies on browser close.
Hold on — I always clear my cookies on browser close. That’s all it takes to remove my security seal??? Why has it stuck around for the last six months only to disappear today? Color me confused.
Now that I’ve looked at it in detail, I think the Yahoo! Security Seal is actually a really good security measure. It is simple, it is effective for what it is intended, and the actions expected in the case where the ‘danger event’ occurs are reasonable and effective. Problem is, I’m already disincented to recreate my seal. Why place any trust in something that can disappear for all sorts of other reasons besides being phished? How many times will users act correctly in the case of the seal disappearing, only to find out that they’ve been on a fool’s errand? And now they have to set up the security device all over again? From a signalling perspective, it’s an epic FAIL followed by a barrier to continuation. I just don’t think that’s going to fly.