[security] Passwords in the clear
Ka-Ping Yee
openid at zesty.ca
Sun Jan 21 00:57:55 UTC 2007
On Sun, 21 Jan 2007, Claus Färber wrote:
> Ka-Ping Yee wrote:
> > Password entry in chrome.
> > If we can get users out of the habit of typing their passwords into
> > arbitrary webpages, that'll be a serious blow against phishing.
>
> It does not matter how the password is entered as long as it sent to the
> website in clear.
You're talking about a different problem, which we already know how
to address -- the login form should use HTTPS instead of HTTP.
-- ?!ng
More information about the security
mailing list