Proposal: An anti-phishing compromise

[Johnny Bufu]

On 2-Feb-07, at 1:53 PM, Josh Hoyt wrote:
> Therefore, I think that the authentication mechanism is (or
> at least can be) independent from whether the authentication channel
> is phishable.

.. or, pushing it a bit further, I could ask/configure my OP to  
always issue "phishable=no" for me, because I am a power user, always  
watch the address bar, check certificates, make sure my machine is  
not compromised, etc. That's also fine, as long as the OP represents  
the user's interests.

Johnny