[OpenID] Security related Use Cases?
Allen Tom
atom at yahoo-inc.com
Sat Oct 18 03:45:06 UTC 2008
Dick Hardt wrote:
> Have you tested the OP user experience with a malicious RP?
As a quick followup, we did some BBAuth usability testing a couple years
ago, and several of the test subjects refused to enter their
YahooID/Password on a non-yahoo site. In other words, many non-technical
mainstream users instinctively rejected the phishing anti-pattern, which
was surprising and encouraging.
Allen
More information about the general
mailing list