[OpenID] Replacing all browsers isn't as hard as it might seem...
Claus Färber
GMANE at faerber.muc.de
Sun Jan 21 00:47:39 UTC 2007
Ka-Ping Yee wrote:
> So how about a smaller step that might have a decent payoff?
> Password entry in chrome.
> If we can get users out of the habit of typing their passwords into
> arbitrary webpages, that'll be a serious blow against phishing.
It does not matter how the password is entered as long as it sent to the
website in clear.
With basic authentication, the user already enters the text into a
chrome dialogue box. Even if the user pays attention to the domain shown
in the dialogue (if it *is* shown; I have not tested all browsers wrt
that) there's no big advantage compared to checking the URL in the
address bar.
Claus
More information about the general
mailing list