[OpenID] Why spoofing and OpenID look so much alike

[SitG Admin]

>If the user is usually signed into their OP before using OpenID, 
>then we might be able to train users to think that entering their 
>password is a special event, which requires vigilance and caution. 
>Education and evangelism against the password/phishing anti-pattern 
>could go a long ways to prevent phishing.
>
>Yahoo's Login Screen encourages users to setup a customized Sign-in seal

Seal. Badge?

Has anyone gathered up various analogies to see which of them users 
find most helpful in understanding digital authentication concepts? I 
think it could be useful.

Right now I'm thinking of telling users that, when they login to 
Yahoo, it's like the security guard at Yahoo's door gives them a 
badge to identify them, and when they use OpenID, they're showing 
their badge to my site. Making it more accurate, but also complex, I 
could model privacy by explaining that the user can tuck their badge 
inside their jacket (or a pocket) to make sure we can't see who they 
are at Yahoo unless the user deliberately takes it out to show us, 
and explain Yahoo's timeout by saying that they only get a daypass 
(or one that's only good for a few hours), so occasionally their 
badge - like a credit card - is getting checked out against Yahoo's 
systems when it starts flashing "Expired".

-Shade