[OpenID] Phishing? Web browser integration?
Ben Laurie
benl at google.com
Mon Sep 13 13:46:32 UTC 2010
On 13 September 2010 13:36, <Axel.Nennker at telekom.de> wrote:
> I wish Google would work on something like that for Chrome.
>
> Mozilla has a Mozilla Labs project "AccountManger" that goes in that direction.
> It started as an Firefox addon and is now beeing integrated into a mozilla-central clone.
> http://ed.agadak.net/category/account-manager
> https://wiki.mozilla.org/Labs/Weave/Identity/Account_Manager
> The current binary only supports username/password but openid and Information Card support could be added through profiles.
Right, I'm aware of Weave, I should catch up with those guys again.
>
> -Axel
>
> -----Original Message-----
> From: Ben Laurie [mailto:benl at google.com]
> Sent: Monday, September 13, 2010 1:33 PM
> To: Alessandro Preziosi
> Cc: Nennker, Axel; openid-general at lists.openid.net
> Subject: Re: [OpenID] Phishing? Web browser integration?
>
> On 12 September 2010 19:03, Alessandro Preziosi <lsnpreziosi at gmail.com> wrote:
>> Thanks for the interesting links. I'm glad to see we're moving in that
>> direction.
>
> If we're moving in that direction, we're doing it very slowly indeed.
> The problem and solution have been recognised for a long time, but
> there aren't any implementations in browsers...
>
>> Anyway I'm afraid it will still remain "complicated" for common people to
>> use it. I just saw this video:
>> http://www.youtube.com/watch?v=o4MwTvtyrUQ
>> Only 8% of the people knew what a browser is...
>>
>> 2010/9/12 <Axel.Nennker at telekom.de>
>>>
>>> https://mozillalabs.com/conceptseries/identity/connect/ (Mozilla Chris
>>> Messina)
>>>
>>>
>>> http://ignisvulpis.blogspot.com/2010/02/openinfocard-openid-selector.html (me)
>>> http://self-issued.info/?p=235 (Mike Jones)
>>>
>>> -Axel
>>>
>>> ________________________________
>>> From: openid-general-bounces at lists.openid.net
>>> [mailto:openid-general-bounces at lists.openid.net] On Behalf Of Alessandro
>>> Preziosi
>>> Sent: Sunday, September 12, 2010 6:50 PM
>>> To: openid-general at lists.openid.net
>>> Subject: [OpenID] Phishing? Web browser integration?
>>>
>>> Hi everybody,
>>> A couple of days ago I used openID for the first time.
>>> It was on a low traffic website and when i clicked on the button it
>>> redirected me to Google's login page, where I had to insert my google
>>> password.
>>> Before doing so, I double-checked the address because I'm aware of
>>> phishing scams, but I'm afraid the vast majority of people would not do so.
>>> I think we're kind of lucky that openID isn't widespread, otherwise many
>>> people could see their email accounts stolen, and with them all the other
>>> accounts (paypal etc.).
>>> I think this is a MAJOR flow, and the only solution that i see would be to
>>> try to integrate openID in the browser in some way, to make phishing
>>> impossible.
>>> Any ideas? Any comments?
>>> Have a nice day,
>>> Alessandro Preziosi
>>
>>
>> _______________________________________________
>> general mailing list
>> general at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-general
>>
>>
>
More information about the general
mailing list