[OpenID] Security related Use Cases?
Ben Laurie
benl at google.com
Tue Oct 21 18:02:11 UTC 2008
On Tue, Oct 21, 2008 at 5:28 PM, Allen Tom <atom at yahoo-inc.com> wrote:
> Paul Madsen wrote:
>>
>> Even better 'please login so we can display your personalized seal'
>>
>
> This is exactly why we want the Login UX to be very consistent, so users
> should be very alarmed if the flow ever changes.
So if we're going to embark on a UX consistency campaign, should we
not do it around authentication that actually is safe - that is:
a) Built in to the browser, s.t. it can't be faked by webpages
b) Does not reveal the user's password in the process of authentication?
Continuing to try to prop up the house of cards that is authentication
on webpages seems counterproductive to me.
>
> Allen
>
>
More information about the general
mailing list