[OpenID] OpenID User Interface Working Group
Allen Tom
atom at yahoo-inc.com
Mon Mar 23 00:53:55 UTC 2009
Eddy Nigg (StartCom Ltd.) wrote:
>
> Your assumptions that users will notice the difference between a
> window with and without address bar are basically wrong. A small
> research would tell you that most users will enter their details anyway.
>
Does the popup make things worse for users who don't pay attention to
the address bar or to any visual indicators?
> Which leads us again to the issue of user/pass pairs and their usefulness
OpenID does not specify how the user authenticates with their OP, so OPs
are free to deploy authentication methods other than passwords.
> . However a full page might protect some users still protect better
> than a small pop-up...
As far as I can tell, all phishing sites currently use a full browser
window, so I'm not sure how the full browser window is more resistant to
phishing compared to a popup.
Allen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090322/fd70eb21/attachment-0002.htm>
More information about the general
mailing list