[OpenID] Fwd: [OpenID Foundation] New Poll Opened
Breno de Medeiros
breno at google.com
Fri Mar 20 01:23:48 UTC 2009
If the address bar is shown, I fail to see _any_ difference in phishing
concerns in popup mode vs full redirect.
On Thu, Mar 19, 2009 at 6:11 PM, Allen Tom <atom at yahoo-inc.com> wrote:
> The popup window will be REQUIRED to display the address bar. OPs will be
> strongly encouraged to educate their users to always pay attention to the
> URL of the address bar before entering their credentials.
>
> In particular, I think MySpace does an excellent job on their home page:
>
> Always make sure you're visiting the real myspace.com!
>
> 1. Check the URL in your browser.
> 2. Make sure it begins with http://www.myspace.com/
> 3. If ANY OTHER PAGE asks for your info, DON'T LOG IN!
>
> Allen
>
>
> SitG Admin wrote:
>
> Phishing still is a major concern, however, we do not think that the popup
> window significantly changes the phishing scenarios compared to the existing
> full browser window UIs today.
>
>
> Are you speaking of full-size windows, here, or windows that have an
> address bar in them? Pop-up windows that are missing this indication of what
> site the user is at may reduce confusion by eliminating distractions, but
> they also take away from the user's awareness of what's going on.
>
> -Shade
>
>
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>
--
--Breno
+1 (650) 214-1007 desk
+1 (408) 212-0135 (Grand Central)
MTV-41-3 : 383-A
PST (GMT-8) / PDT(GMT-7)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090319/80803a5d/attachment-0002.htm>
More information about the general
mailing list