[OpenID] popup protocol UX? Re: FB Connect, OpenID and UX
Allen Tom
atom at yahoo-inc.com
Tue Dec 16 00:52:19 UTC 2008
Martin Atkins wrote:
> Furthermore, Yahoo! offers the ability to add a "Sign-in Seal" which is
> stored in a cookie on your client rather than on the server as a
> mechanism to detect phishing.
>
More info about the Sign-in Seal is here:
https://protect.login.yahoo.com/
> Whether or not users actually use it or check it is of course debatable
The challenge is to educate users about it. I think the best argument
against the sign-in seal is that users who have one may be susceptible
to phishing if the phisher displays a "temporarily unavailable" Sign-in
Seal. However, our educational screens do say that if the customized
Sign-in Seal isn't there, they're probably getting phished.
Allen
More information about the general
mailing list