[OpenID] [security] MyOpenID anti-phishing tools ...
marcin.jagodzinski at gmail.com
Wed Jan 24 16:55:02 UTC 2007
I don't quite get SafeSignIn. I have a weblog (nettoblog.com) that is
OpenID enabled. I've entered reuptake.myopenid.com identifier as
login. Then I had to enter URL in Location bar. The I logged in...
and? What's next? I expected something like:
"A site identifying as http://nettoblog.com has asked us for
confirmation that http://reuptake.myopenid.com/ is your identity URL.
nettoblog.com also asked for additional information. It did not
provide a link to the policy on data it collects"
How can I login to weblog using SafeSignIn and MyOpenID?
And second question: what you mean by "personalized image for MyOpenID that is
not tied to your account"? Does it means that it's stored in cookie
readable by myopenin.com not reuptake.myopenid.com?
2007/1/24, Scott Kveton <scott at janrain.com>:
> Inspired by a lot of the discussion happening here on the mailing lists
> (yes, I'm cross-posting, I think its applicable) we've gone and implemented
> two new features on MyOpenID.com to help fight phishing:
> * Personal Icon: Allows you to set a personalized image for MyOpenID that is
> not tied to your account that is only visible from the browser you install
> it on. This helps you with a visual clue on when you might be getting
> * SafeSignIn: Inspired by Simon Willison, we created an option that allows
> users to not be redirected to a password screen from another site. You are
> presented with a dialog that asks you to navigate to the page via a bookmark
> or enter the address manually in the address bar.
> We wanted to get something up quickly while we discuss options for the
> specification/appendix/etc to make sure our users are as secure as they can
> You can read more about it here:
> We'd love to hear thoughts from folks on these new tools,
> - Scott
> security mailing list
> security at openid.net
More information about the general