[OpenID] Fwd: OpenID Spoofing

Granqvist, Hans hgranqvist at verisign.com
Fri Jan 12 23:55:46 UTC 2007


> The thing that the financial services web sites (bank of 
> america, vanguard, etc) currently do is show you an image 
> that you selected as a shared secret so you know you are 
> looking at their log-in page.  Although taking your username 
> ...

Just a FYI for all how BofA describes this SiteKey service:
http://www.bankofamerica.com/privacy/sitekey/ 

-Hans



More information about the general mailing list