[security] How to prevent phishing...
Johannes Berg
johannes at sipsolutions.net
Wed Apr 11 16:37:07 UTC 2007
On Wed, 2007-04-11 at 15:07 +0100, gaz_sec at hushmail.com wrote:
> If I understand your point correctly are you referring to the fact
> that a phisher could get the passphrase from the user. This would
> not be possible because the passphrase would only be available to
> that user and the passphrase consists of 5 or more words that are
> meaningful to that user not a standard phrase that a phisher could
> easily construct.
You're right.
Different point though: how does the system know somebody who hasn't
logged on is which user?
johannes
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.openid.net/pipermail/openid-security/attachments/20070411/80de07ca/attachment-0002.pgp>
More information about the security
mailing list