[OpenID] [security] MyOpenID anti-phishing tools ...

Marcin Jagodziński marcin.jagodzinski at gmail.com
Wed Jan 24 16:55:02 UTC 2007


Scott,

I don't quite get SafeSignIn. I have a weblog (nettoblog.com) that is
OpenID enabled. I've entered reuptake.myopenid.com identifier as
login. Then I had to enter URL in Location bar. The I logged in...
and? What's next? I expected something like:

"A site identifying as http://nettoblog.com  has asked us for
confirmation that http://reuptake.myopenid.com/  is your identity URL.
 nettoblog.com also asked for additional information. It did not
provide a link to the policy on data it collects"

How can I login to weblog using SafeSignIn and MyOpenID?

And second question: what you mean by "personalized image for MyOpenID that is
not tied to your account"? Does it means that it's stored in cookie
readable by myopenin.com not reuptake.myopenid.com?

regards,

Marcin

2007/1/24, Scott Kveton <scott at janrain.com>:
> Inspired by a lot of the discussion happening here on the mailing lists
> (yes, I'm cross-posting, I think its applicable) we've gone and implemented
> two new features on MyOpenID.com to help fight phishing:
>
> * Personal Icon: Allows you to set a personalized image for MyOpenID that is
> not tied to your account that is only visible from the browser you install
> it on.  This helps you with a visual clue on when you might be getting
> phished.
>
> * SafeSignIn: Inspired by Simon Willison, we created an option that allows
> users to not be redirected to a password screen from another site.  You are
> presented with a dialog that asks you to navigate to the page via a bookmark
> or enter the address manually in the address bar.
>
> We wanted to get something up quickly while we discuss options for the
> specification/appendix/etc to make sure our users are as secure as they can
> be.
>
> You can read more about it here:
>
> http://kveton.com/blog/?p=211
>
> We'd love to hear thoughts from folks on these new tools,
>
> - Scott
>
> _______________________________________________
> security mailing list
> security at openid.net
> http://openid.net/mailman/listinfo/security
>



More information about the general mailing list