[OpenID] OpenID and phishing (was Announcing OpenIDAuthentication 2.0 - Implementor's Draft 11)

Ka-Ping Yee openid at zesty.ca
Sat Jan 20 10:22:44 UTC 2007

On Fri, 19 Jan 2007, Scott Kveton wrote:
> > Short answer.  Passpet.  Longer answer, passpet plus SRP.
> Is Petname also something along the same lines?  I see that it
> is Firefox 2.0 compatible:
> https://addons.mozilla.org/firefox/957/

In short, Passpet = Petname + password management.

Petname directly attacks the site identification problem, which
is the real problem in phishing.  Its weakness is that the user
has to look at the label before logging in.  Passpet goes further
by making the label a part of the login process and making it
impossible for you to give away your site passwords.

-- ?!ng

More information about the general mailing list