VALIDATING IDENTITIES ONLINE
or, “Dr. Livingstone, I presume?”
In the physical world, you can see the people you share information with. You talk to them face-to-face, or meet them in a trusted place like a bank branch. That’s how you make your first judgments about giving them your trust.
But online, it can be hard to tell who’s behind any website. The visual cues we normally rely on can be faked. For example, a phony webpage could copy the logo, icon, and design of your own bank’s website — almost as if they had set up a fake storefront on your block.
Fortunately, there are tools to help you determine if a website is genuine or not. Some websites have an extended validation certificate that allows you to determine the
name of the organization that runs the web site. The extended validation certificate gives you the information you need to help ensure that you’re not entrusting your information to a fake website.
Here’s an example of extended validation in action in the browser. On a bank’s website that has been verified through extended validation, the bank’s name is displayed in a green box between the lock icon and the web address in the address bar:
Example of the extended validation indicator in Chrome
On most browsers, the extended validation indicator can be found by looking for the name of the organization in the green section of the browser’s address bar. You can also click on the indicator to see the website’s security information and inspect its digital certificate.
To receive extended validation certification, a website owner has to pass a series of checks confirming their legal identity and authority. In the previous example, extended validation on bankofamerica.com verifies that yes, the website is from the actual Bank of America. You can think of this certification as something that ties the domain name of the web address back to some real-world identity.
It’d be wise to share sensitive information with a website only if you trust the organization responsible for the site. So the next time you’re about to perform a sensitive transaction, take a moment to keep a look out for the website’s security information. You’ll be glad you did.