[OpenID] My password is 'password'
SitG Admin
sysadmin at shadowsinthegarden.com
Sat Nov 28 21:30:54 UTC 2009
>My intuition tells me that the password prompt is the new clickwrap
>screen and people just plow right through it without even thinking
>about who's asking for the password. Of course this explains why
>phishing is so successful.
How about a different model entirely? It'd be a radical paradigm
shift, but if we can get users away from all their old thoughts
associated with "passwords", and introduce them to a new model (which
just happens to work much like their old model) that explicitly bases
itself off of some process in the real world which they all use, and
which more closely parallels the security (and privacy) concerns
involved, they may inherit all the thinking that usually accompanies
that process - when they are utilizing the new "unpassword" model,
that is?
-Shade
More information about the general
mailing list