[OpenID] Security related Use Cases?

Peter Williams pwilliams at rapattoni.com
Wed Oct 22 00:59:43 UTC 2008


Built into PC browser? -10

In "site seal" used at banks, you typically accept/recognize your seal/caption BEFORE you supply password (during signon)!

-----Original Message-----
From: general-bounces at openid.net [mailto:general-bounces at openid.net] On Behalf Of Dick Hardt
Sent: Tuesday, October 21, 2008 5:41 PM
To: Ben Laurie
Cc: OpenID List
Subject: Re: [OpenID] Security related Use Cases?


On 21-Oct-08, at 11:02 AM, Ben Laurie wrote:

> On Tue, Oct 21, 2008 at 5:28 PM, Allen Tom <atom at yahoo-inc.com> wrote:
>> Paul Madsen wrote:
>>>
>>> Even better 'please login so we can display your personalized seal'
>>>
>>
>> This is exactly why we want the Login UX to be very consistent, so
>> users
>> should be very alarmed if the flow ever changes.
>
> So if we're going to embark on a UX consistency campaign, should we
> not do it around authentication that actually is safe - that is:
>
> a) Built in to the browser, s.t. it can't be faked by webpages
>
> b) Does not reveal the user's password in the process of
> authentication?

+1

_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general



More information about the general mailing list