[OpenID] OpenID and phishing (wasAnnouncing OpenIDAuthentication 2.0 - Implementor's Draft 11)

James A. Donald jamesd at echeque.com
Mon Jan 22 19:30:31 UTC 2007

Scott Kveton wrote:
 > 1) OpenID will not solve phishing 2) To limit the
 > problem, we'll need a set of best practices for OP's
 > 3) There is no silver bullet for solving phishing and
 > users will want to choose what level of security they
 > want; we can't mandate any of this or we'll lose the
 > very value of what makes OpenID great.

Phishing is a solvable problem, and the primary
competitor of OpenID provides a substantial part of the
necessary security perimeter.

Completely stopping phishing requires a complete
security perimeter, which is a big project, but
providing the hooks needed for the complete security
perimeter, plus a large enough part of the needed
security perimeter to stop most existing attacks is a
considerably smaller project.

is a good start.

          James A. Donald

More information about the general mailing list