1、 February 5, 2007 New York Times 1. Internet security experts have long known that simple passwords do not fully defend online bank accounts from determined fraud artists. Now a study suggests that a popular secondary security measure provides little additional protection.2.The study, produced joint
2、ly by researchers at Harvard and the Massachusetts Institute of Technology, looked at a technology called site-authentication images. In the system, currently used by financial institutions like Bank of America, ING Direct and Vanguard, online banking customers are asked to select an image, like a d
3、og or chess piece, that they will see every time they log in to their account.3.The idea is that if customers do not see their image, they could be at a fraudulent Web site, dummied up to look like their bank”s, and should not enter their passwords.4.The Harvard and M.I.T. researchers tested that hy
4、pothesis. In October, they brought 67 Bank of America customers in the Boston area into a controlled environment and asked them to conduct routine online banking activities, like looking up account balances. But the researchers had secretly withdrawn the images.5.Of 60 participants who got that far
5、into the study and whose results could be verified, 58 entered passwords anyway. Only two chose not to log on, citing security concerns.6. The premise is that site-authentication images increase security because customers will not enter their passwords if they do not see the correct image, said Stua
6、rt Schechter, a computer scientist at the M.I.T. Lincoln Laboratory. From the study we learned that the premise is right less than 10 percent of the time.7.He added: If a bank were to ask me if they should deploy it, I would say no, wait for something better, he said.8.The system has some high-power
7、 supporters in the financial services world, many trying to comply with new online banking regulations. In 2005, the Federal Financial Institutions Examination Council, an interagency body of federal banking regulators, determined that passwords alone did not effectively thwart intruders like identi
8、ty thieves.9.It issued new guidelines, asking financial Web sites to find better ways for banks and customers to identify each other online. January 2007 was set as the compliance date, though the council has yet to begin enforcing the mandate.10.Banks immediately knew what they did not want to do:
9、ask customers to download new security software, or carry around hardware devices that feed them PIN codes they can use to authenticate their identities. Both solutions would add an extra layer of security but, the banks believed, detract from the convenience of online banking.11.The image system, i
10、ntroduced in 2004 by a Silicon Valley firm called PassMark Security, offered banks a pain-free addition to their security arsenals. Bank of America was among the first to adopt it, in June 2005, under the brand name SiteKey, asking its 21 million Web site users to select an image from thousands of p
11、ossible choices and to choose a unique phrase they would see every time they logged in.12.SiteKey gives our customers a fairly easy way of authenticating the Bank of America Web site, said Sanjay Gupta, an e-commerce executive at the bank. It was very well received.13.The Harvard and M.I.T. research
12、ers, however, found that most online banking customers did not notice when the SiteKey images were absent. When respondents logged in during the study, they saw a site maintenance message on the screen where their image and phrases should have been pictured. The error message also had a conspicuous
13、spelling mistake, further suggesting something fishy.14.Mr. Gupta of Bank of America said he was not troubled by the results of the survey, and stressed that SiteKey had made the bank”s Web site more secure. He also said that the system was only a single part of a larger security blanket. It”s not l
14、ike we”re betting the bank on SiteKey, he said.15.Most financial institutions, like Bank of America, have other ways to tell if a customer is legitimate. The banks often drop a small software program, called a cookie, onto a user”s PC to associate the computer with the customer. If the customer logs
15、 in from another machine, he may be asked personal questions, like his mother”s maiden name.16.Rachna Dhamija, the Harvard researcher who conducted the study, points out that swindlers can use their dummy Web sites to ask customers those personal questions. She said that the study demonstrated that
16、site-authentication images are fundamentally flawed and, worse, might actually detract from security by giving users a false sense of confidence.17.RSA Security, the company that bought PassMark last year, has a lot of great data on how SiteKey instills trust and confidence and good feelings in thei
17、r customers, Ms. Dhamija said. Ultimately that might be why they adopted it. Sometimes the appearance of security is more important than security itself.Questions 1-5Do the following statements agree with the information given in the passage? Please writeTRUE if the statement agrees with the writerF
18、ALSE if the statement does not agree with the writerNOT GIVEN if there is no information about this in the passage1.According to internet security experts, secondary security measures provide little additional protection against fraud.2.In the Harvard and MIT study, two subjects didn”t log on withou
19、t seeing the correct pictures.3.According to Schechter, more than 90% of online banking customers studied logged on without seeing the right pictures.4.The image system is the only security measure that the banks mentioned in the passage have currently.5.Bank of America is the first bank that adopte
20、d the image system.Questions 6-13Answer the following questions or complete the following sentences by choosing NO MORE THAN THREE WORDS for each answer.6.What is ING Direct and Vanguard?7.What might online banking customers be cheated to give at a fraudulent Web site?8.What may stop online banking
21、customers from using new verification methods?9.The key to online banking security is to verify the _ of customers.10.Where is PassMark Security located?11.What is the reason why SiteKey is popular among online banking customers?12.What was used instead of images in the Harvard and M.I.T. study?13.H
22、ow many security methods are mentioned in this passage?参考答案:1. 第一段 Now a study suggests that a popular secondary security measure provides little additional protection.似与问题文字很接近,但是原文中a popular secondary security measure是指特定的一个措施,而非泛指全部secondary security measure。原文没有其它secondary security measure安全有效性的
23、内容。故应选择NG。2. 见第4、5段内容。第四段 But the researchers had secretly withdrawn the images.即讨论人员撤下了图形,第五段Only two chose not to log on, citing security concerns.,有两个人由于安全考虑未进入。3. T 见第6段。4. F 见第11、14段。5. F 见第11段 Bank of America was among the first to adopt it,可见首批采纳图形识别软件的银行并非Bank of America一家。6. A financial ins
24、titution 见其次段。7. (their) passwords 见第三段。8. less convenience 见第十段。9. identity 见第八、十段。10. Silicon Valley 见第十一段。11. easy to use 见第十二段。12. site maintenance message 见第十三段 When respondents logged in during the study, they saw a site maintenance message on the screen where their image and phrases should have been pictured.13. 4 分别见第十段的 download new security software和hardware devices that feed them PIN codes,第十五段的a small software program, called a cookie,以及本文提到的site-authentication images。
