[OpenID] Phishing? Web browser integration?
Axel.Nennker at telekom.de
Axel.Nennker at telekom.de
Mon Sep 13 12:36:35 UTC 2010
I wish Google would work on something like that for Chrome.
Mozilla has a Mozilla Labs project "AccountManger" that goes in that direction.
It started as an Firefox addon and is now beeing integrated into a mozilla-central clone.
http://ed.agadak.net/category/account-manager
https://wiki.mozilla.org/Labs/Weave/Identity/Account_Manager
The current binary only supports username/password but openid and Information Card support could be added through profiles.
-Axel
-----Original Message-----
From: Ben Laurie [mailto:benl at google.com]
Sent: Monday, September 13, 2010 1:33 PM
To: Alessandro Preziosi
Cc: Nennker, Axel; openid-general at lists.openid.net
Subject: Re: [OpenID] Phishing? Web browser integration?
On 12 September 2010 19:03, Alessandro Preziosi <lsnpreziosi at gmail.com> wrote:
> Thanks for the interesting links. I'm glad to see we're moving in that
> direction.
If we're moving in that direction, we're doing it very slowly indeed.
The problem and solution have been recognised for a long time, but
there aren't any implementations in browsers...
> Anyway I'm afraid it will still remain "complicated" for common people to
> use it. I just saw this video:
> http://www.youtube.com/watch?v=o4MwTvtyrUQ
> Only 8% of the people knew what a browser is...
>
> 2010/9/12 <Axel.Nennker at telekom.de>
>>
>> https://mozillalabs.com/conceptseries/identity/connect/ (Mozilla Chris
>> Messina)
>>
>>
>> http://ignisvulpis.blogspot.com/2010/02/openinfocard-openid-selector.html (me)
>> http://self-issued.info/?p=235 (Mike Jones)
>>
>> -Axel
>>
>> ________________________________
>> From: openid-general-bounces at lists.openid.net
>> [mailto:openid-general-bounces at lists.openid.net] On Behalf Of Alessandro
>> Preziosi
>> Sent: Sunday, September 12, 2010 6:50 PM
>> To: openid-general at lists.openid.net
>> Subject: [OpenID] Phishing? Web browser integration?
>>
>> Hi everybody,
>> A couple of days ago I used openID for the first time.
>> It was on a low traffic website and when i clicked on the button it
>> redirected me to Google's login page, where I had to insert my google
>> password.
>> Before doing so, I double-checked the address because I'm aware of
>> phishing scams, but I'm afraid the vast majority of people would not do so.
>> I think we're kind of lucky that openID isn't widespread, otherwise many
>> people could see their email accounts stolen, and with them all the other
>> accounts (paypal etc.).
>> I think this is a MAJOR flow, and the only solution that i see would be to
>> try to integrate openID in the browser in some way, to make phishing
>> impossible.
>> Any ideas? Any comments?
>> Have a nice day,
>> Alessandro Preziosi
>
>
> _______________________________________________
> general mailing list
> general at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-general
>
>
More information about the general
mailing list