[security] Phishing: Bookmarks to the rescue?
Chris Drake
christopher at pobox.com
Fri Feb 2 16:28:11 UTC 2007
Hi Ka-Ping,
KPY> In short, the provider asks users to bookmark the login page, ...
There's another neat feature built-in to MSIE called "userdata
persistence" - it's best described as a "persistent cookie" that lives
along with a bookmark - in other words - you can not only easily
enforce that a particular person uses a bookmark to log in to their
IdP, but since bookmarks are unique to individuals who already
authenticated when logging in to their PC for the day, this is
additionally a suitable persistent mechanism for fully authenticating
those people who do not share their PCs (and who are comfortable with
having a bookmark that works as an immediate login off their PC).
Our IdP will be offering our customers a context-sensitive
"smorgasbord" of authentication technologies to select from, and this
is one of them.
Kind Regards,
Chris Drake
=1id.com
More information about the security
mailing list