[OpenID] Phishing? Web browser integration?

Andrew Arnott andrewarnott at gmail.com
Sun Sep 12 19:54:21 UTC 2010 

In my experience, the best way to prevent phishing is to use a Password
Manager plugin.  That way, if the site is genuine, the password will be
pre-filled for you -- if it's a phishing attack, the password manager won't
help you, and you'll be tipped off.
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death
your right to say it." - S. G. Tallentyre


On Sun, Sep 12, 2010 at 11:03 AM, Alessandro Preziosi <lsnpreziosi at gmail.com
> wrote:

> Thanks for the interesting links. I'm glad to see we're moving in that
> direction.
> Anyway I'm afraid it will still remain "complicated" for common people to
> use it. I just saw this video:
> http://www.youtube.com/watch?v=o4MwTvtyrUQ
> <http://www.youtube.com/watch?v=o4MwTvtyrUQ>Only 8% of the people knew
> what a browser is...
>
> 2010/9/12 <Axel.Nennker at telekom.de>
>
>  https://mozillalabs.com/conceptseries/identity/connect/ (Mozilla Chris
>> Messina)
>>
>> http://ignisvulpis.blogspot.com/2010/02/openinfocard-openid-selector.html
>>  (me)
>> http://self-issued.info/?p=235 (Mike Jones)
>>
>> -Axel
>>
>>
>>  ------------------------------
>> *From:* openid-general-bounces at lists.openid.net [mailto:
>> openid-general-bounces at lists.openid.net] *On Behalf Of *Alessandro
>> Preziosi
>> *Sent:* Sunday, September 12, 2010 6:50 PM
>> *To:* openid-general at lists.openid.net
>> *Subject:* [OpenID] Phishing? Web browser integration?
>>
>> Hi everybody,
>> A couple of days ago I used openID for the first time.
>> It was on a low traffic website and when i clicked on the button it
>> redirected me to Google's login page, where I had to insert my google
>> password.
>> Before doing so, I double-checked the address because I'm aware of
>> phishing scams, but I'm afraid the vast majority of people would not do so.
>> I think we're kind of lucky that openID isn't widespread, otherwise many
>> people could see their email accounts stolen, and with them all the other
>> accounts (paypal etc.).
>> I think this is a MAJOR flow, and the only solution that i see would be to
>> try to integrate openID in the browser in some way, to make phishing
>> impossible.
>> Any ideas? Any comments?
>>
>> Have a nice day,
>>
>> Alessandro Preziosi
>>
>>
>
> _______________________________________________
> general mailing list
> general at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-general
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20100912/69a334e8/attachment.html>

More information about the general mailing list