[OpenID] Replacing all browsers isn't as hard as it might seem...

Ka-Ping Yee openid at zesty.ca
Sat Jan 20 23:50:38 UTC 2007


On Sat, 20 Jan 2007, Mike Beltzner wrote:
> That's why I've gone on record saying that if there's a feasible
> solution that makes things better for users, can be wrapped in
> a simple UI, and can easily work with the majority of web sites
> in the world, Mozilla would be very interested in making it part
> of the Firefox 3 product.

Passpet is a decent stab at the problem.  I'll be the first to say it
could do with improvement, though I believe it correctly chooses the
important battles.  But Passpet is a big step, and it's not ready for
deployment yet.

So how about a smaller step that might have a decent payoff?

    Password entry in chrome.

If we can get users out of the habit of typing their passwords into
arbitrary webpages, that'll be a serious blow against phishing.

Working out the details is non-trivial, of course, but I think the
basic idea is sound.  I was thinking of something like support for
a special kind of bookmarklet that opens up an entry field next to
it when you click.  You could bookmark a login page this way, and
then when you use the bookmarklet, the browser submits your password
directly to the bookmarked site so you don't even see the login form.


-- ?!ng



More information about the general mailing list