[OpenID] Yahoo OpenID UX Study
Andrew Arnott
andrewarnott at gmail.com
Fri Oct 10 23:25:43 UTC 2008
+1 for writing anti-password honeypots to lure users to disclose their
password and then slap their hand for it! Takers? Anyone? :)
--
Andrew
If this message seems short, there are two big thumbs and one little
iPhone behind it.
On Oct 10, 2008, at 3:55 PM, Martin Atkins <mart at degeneration.co.uk>
wrote:
> Allen Tom wrote:
>> Paul Madsen wrote:
>>
>>> can the Yahoo recommendation to clearly distinguish between local
>>> and
>>> OpenID UI be reconciled with Google's recent research - which
>>> proposes
>>> conflating them?
>>>
>> One of the recommendations which I did not mention in my email, but
>> is
>> listed on Slide 19 of the study, is for RPs to suggest OpenID login
>> if
>> the user fails to login using an email address belonging to an OpenID
>> Provider.
>>
>> For instance, users who fail to login with an @yahoo.com email
>> address
>> could be prompted to login via Yahoo OpenID. This is fairly
>> consistent
>> with Google's recommendation.
>>
>>
>
> Perhaps this would be a good opportunity for the RP to tell the user
> off
> for sharing foreign account passwords with other sites and explain why
> that's a bad idea.
>
> I realise in practice that RPs are unlikely to want to antagonize
> potential users, but I can dream. :)
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
More information about the general
mailing list