[security] Phishing: Bookmarks to the rescue?
Bob Wyman
bob at wyman.us
Tue Jan 23 03:38:44 UTC 2007
On 1/21/07, Ka-Ping Yee <openid at zesty.ca> wrote:
> The core part of the strategy, and the core untested claim,
> is that users can develop the habit of using a bookmark
> to log in. If they use the bookmark, they're safe; if they
> don't, they're not.
It seems to me that if "the core part of the strategy" is to get users to
use bookmarks, then the strategy relies on merely hacking around limitations
in today's browsers. This is, at best, a short term approach. However, I
strongly believe that secure authentication and identity is sufficiently
important that we should NOT be wasting our time on building hacks. Rather,
we should be determining:
* What are the best modifications that we can make to clients?
* What can we do to get client developers to implement those modifications?
Let's solve these problems properly and be done with it. No more hacks.
bob wyman
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-security/attachments/20070122/c0005704/attachment-0002.htm>
More information about the security
mailing list