[OpenID] [security] MyOpenID anti-phishing tools ...

Marcin Jagodziński marcin.jagodzinski at gmail.com
Wed Jan 24 16:55:02 UTC 2007


I don't quite get SafeSignIn. I have a weblog (nettoblog.com) that is
OpenID enabled. I've entered reuptake.myopenid.com identifier as
login. Then I had to enter URL in Location bar. The I logged in...
and? What's next? I expected something like:

"A site identifying as http://nettoblog.com  has asked us for
confirmation that http://reuptake.myopenid.com/  is your identity URL.
 nettoblog.com also asked for additional information. It did not
provide a link to the policy on data it collects"

How can I login to weblog using SafeSignIn and MyOpenID?

And second question: what you mean by "personalized image for MyOpenID that is
not tied to your account"? Does it means that it's stored in cookie
readable by myopenin.com not reuptake.myopenid.com?



2007/1/24, Scott Kveton <scott at janrain.com>:
> Inspired by a lot of the discussion happening here on the mailing lists
> (yes, I'm cross-posting, I think its applicable) we've gone and implemented
> two new features on MyOpenID.com to help fight phishing:
> * Personal Icon: Allows you to set a personalized image for MyOpenID that is
> not tied to your account that is only visible from the browser you install
> it on.  This helps you with a visual clue on when you might be getting
> phished.
> * SafeSignIn: Inspired by Simon Willison, we created an option that allows
> users to not be redirected to a password screen from another site.  You are
> presented with a dialog that asks you to navigate to the page via a bookmark
> or enter the address manually in the address bar.
> We wanted to get something up quickly while we discuss options for the
> specification/appendix/etc to make sure our users are as secure as they can
> be.
> You can read more about it here:
> http://kveton.com/blog/?p=211
> We'd love to hear thoughts from folks on these new tools,
> - Scott
> _______________________________________________
> security mailing list
> security at openid.net
> http://openid.net/mailman/listinfo/security

More information about the general mailing list