[OpenID] OpenID and phishing (was Announcing OpenIDAuthentication 2.0 - Implementor's Draft 11)

andy.dale at ootao.com andy.dale at ootao.com
Sat Jan 20 18:35:05 UTC 2007

I have updated ph-off for Firefox 2.0 and will post it early next week. 
Ph-off is also an implementation of petnames but was designed to be simple 
enough for my mother-in-law to understand what to do and when (and some of 
you have met her).  I also understand that w3c is starting a working group 
for this issue based on the petnames model. ph-off can be found at: 

Andy Dale
ooTao, Inc.

Phone: 877-213-7935
Fax: 877-213-7935

i-name: =Andy.Dale

If you don't have an i-name yet use this link to visit one of our partners 
and buy one:



Ka-Ping Yee <openid at zesty.ca> 
Sent by: general-bounces at openid.net
01/20/2007 02:22 AM

Scott Kveton <scott at janrain.com>
openid-general <general at openid.net>
Re: [OpenID] OpenID and phishing (was Announcing OpenIDAuthentication 2.0 
- Implementor's Draft 11)

On Fri, 19 Jan 2007, Scott Kveton wrote:
> > Short answer.  Passpet.  Longer answer, passpet plus SRP.
> Is Petname also something along the same lines?  I see that it
> is Firefox 2.0 compatible:
> https://addons.mozilla.org/firefox/957/

In short, Passpet = Petname + password management.

Petname directly attacks the site identification problem, which
is the real problem in phishing.  Its weakness is that the user
has to look at the label before logging in.  Passpet goes further
by making the label a part of the login process and making it
impossible for you to give away your site passwords.

-- ?!ng
general mailing list
general at openid.net

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070120/49b8aa96/attachment-0002.htm>

More information about the general mailing list