[OpenID] Security related Use Cases?
Dick Hardt
dick.hardt at gmail.com
Wed Oct 22 00:40:58 UTC 2008
On 21-Oct-08, at 11:02 AM, Ben Laurie wrote:
> On Tue, Oct 21, 2008 at 5:28 PM, Allen Tom <atom at yahoo-inc.com> wrote:
>> Paul Madsen wrote:
>>>
>>> Even better 'please login so we can display your personalized seal'
>>>
>>
>> This is exactly why we want the Login UX to be very consistent, so
>> users
>> should be very alarmed if the flow ever changes.
>
> So if we're going to embark on a UX consistency campaign, should we
> not do it around authentication that actually is safe - that is:
>
> a) Built in to the browser, s.t. it can't be faked by webpages
>
> b) Does not reveal the user's password in the process of
> authentication?
+1
More information about the general
mailing list