[OpenID] Replacing all browsers isn't as hard as it might seem...

Claus Färber GMANE at faerber.muc.de
Sun Jan 21 00:47:39 UTC 2007

Ka-Ping Yee wrote:
> So how about a smaller step that might have a decent payoff?
>     Password entry in chrome.
> If we can get users out of the habit of typing their passwords into
> arbitrary webpages, that'll be a serious blow against phishing.

It does not matter how the password is entered as long as it sent to the 
website in clear.

With basic authentication, the user already enters the text into a 
chrome dialogue box. Even if the user pays attention to the domain shown 
in the dialogue (if it *is* shown; I have not tested all browsers wrt 
that) there's no big advantage compared to checking the URL in the 
address bar.


More information about the general mailing list