[OpenID] Yahoo OpenID UX Study

[SitG Admin]

>+1 for writing anti-password honeypots to lure users to disclose their
>password and then slap their hand for it!  Takers?  Anyone?  :)

Not good enough yet - you have the stick, but we mustn't neglect the 
carrot. Integrate it with "bennies" to the basic service that can't 
be earned in any other way (except, perhaps, by *paying* for them - 
more on that below), incidentally enticing users to actually revisit 
the site; I wrote on a similar idea about two months ago:
http://openid.net/pipermail/general/2008-August/005304.html
Let's say that paying users have a "frequency of reminders" minimum 
setting lower than that available to "free" users, but the benefits 
to "free" users are dependent upon how well they do at not entering 
their passwords to the fake/phishing page!

The drawback is not just that paying users might feel cheated of 
their value because other users could get (many of) the same benefits 
just by passing some "security awareness" tests, or that unpaying 
users might feel unmotivated to become start handing over money for 
the service - it's that unethical hackers might teach people how to 
bypass the tests in such a way that users don't learn *why* the tests 
are important. After all, the phishing industry kind of *relies* on 
users being so dumb ;)

-Shade