[security] Passwords in the clear
Recordon, David
drecordon at verisign.com
Fri Feb 9 07:38:48 UTC 2007
+1, any OP worth its code will use HTTPS when working with passwords or user data.
--David
-----Original Message-----
From: security-bounces at openid.net [mailto:security-bounces at openid.net] On Behalf Of Ka-Ping Yee
Sent: Saturday, January 20, 2007 4:58 PM
To: Claus Färber
Cc: security at openid.net
Subject: [security] Passwords in the clear
On Sun, 21 Jan 2007, Claus Färber wrote:
> Ka-Ping Yee wrote:
> > Password entry in chrome.
> > If we can get users out of the habit of typing their passwords into
> > arbitrary webpages, that'll be a serious blow against phishing.
>
> It does not matter how the password is entered as long as it sent to
> the website in clear.
You're talking about a different problem, which we already know how to address -- the login form should use HTTPS instead of HTTP.
-- ?!ng
_______________________________________________
security mailing list
security at openid.net
http://openid.net/mailman/listinfo/security
More information about the security
mailing list