[OpenID] Security related Use Cases?
Ben Laurie
benl at google.com
Wed Oct 22 09:52:06 UTC 2008
On Wed, Oct 22, 2008 at 1:59 AM, Peter Williams <pwilliams at rapattoni.com> wrote:
> Built into PC browser? -10
Why?
> In "site seal" used at banks, you typically accept/recognize your seal/caption BEFORE you supply password (during signon)!
So?
>
> -----Original Message-----
> From: general-bounces at openid.net [mailto:general-bounces at openid.net] On Behalf Of Dick Hardt
> Sent: Tuesday, October 21, 2008 5:41 PM
> To: Ben Laurie
> Cc: OpenID List
> Subject: Re: [OpenID] Security related Use Cases?
>
>
> On 21-Oct-08, at 11:02 AM, Ben Laurie wrote:
>
>> On Tue, Oct 21, 2008 at 5:28 PM, Allen Tom <atom at yahoo-inc.com> wrote:
>>> Paul Madsen wrote:
>>>>
>>>> Even better 'please login so we can display your personalized seal'
>>>>
>>>
>>> This is exactly why we want the Login UX to be very consistent, so
>>> users
>>> should be very alarmed if the flow ever changes.
>>
>> So if we're going to embark on a UX consistency campaign, should we
>> not do it around authentication that actually is safe - that is:
>>
>> a) Built in to the browser, s.t. it can't be faked by webpages
>>
>> b) Does not reveal the user's password in the process of
>> authentication?
>
> +1
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
More information about the general
mailing list