Open Connect - A UX proposal for the OpenStack
Allen Tom
atom at yahoo-inc.com
Tue Dec 16 23:36:11 UTC 2008
I like how MySpace says this on their login screen:
Always make sure you're visiting the real myspace.com!
1. Check the URL in your browser.
2. Make sure it begins with http://www.myspace.com/
3. If ANY OTHER PAGE asks for your info, DON'T LOG IN!
oseph A Holsten wrote:
> Agreed. It is vital that, in the absence of ibid, the user check the
> OP url. A warning of that sort would have to go on the RP's page of
> the flow. But the RP is probably the one trying to spoof the user.
>
> I think the best tactic is then to get respectable RPs to mention it
> so checking becomes second nature. Has anyone put together a really
> effective blurb to tell users how to check the URL? How about a box
> like http://www.flickr.com/photos/josephholsten/3107919243/
>
> ------------------------------------------------------------------------
>
>
>
> http://josephholsten.com
>
>
> On Dec 14, 2008, at 3:05 PM, David Fuelling wrote:
>
>> Hi Sebastian,
>>
>> I love your mockups! Great ideas!
>>
>> The only flaw is the whole "password" bit, though I think this is a
>> flaw with Facebook's solutions as well. For people that use Facebook
>> a lot, and also start connecting to other websites using Facebook
>> Connect, the potential for phishing seems very high -- If I'm not
>> already logged-in to my Facebook account, and I try to "Connect"
>> using Facebook, I'm asked for my Facebook email address/password.
>> This is not good. In the future, once Facebook Connect becomes very
>> familiar to people, it will be easy to phish this type of thing (on
>> my popup window for facebook, the URL is
>> "http://www.connect.facebook.com/lo...", the rest of which is
>> cut-off). Most people won't bother to look and see what the rest of
>> the URL says (it could be http://www.connect.facebook.com.lookout.com").
>>
>> I think your UI workflow will have the same problems as Facebook
>> Connect. So, is there a way to utliize the workflow you propose, but
>> if the user isn't logged-in to their OP, then take them to their OP's
>> login page
>> (which would involve a redirect). I know it's not an ideal "flow",
>> but my feeling
>> is that Facebook's connect popup (or Open Connect's popup) will be
>> easily phishable in its current form that asks for a password to be
>> entered.
>>
>> Overall, though, I think your flow is pretty cool!
>>
>> David
>>
>> On Sun, Dec 14, 2008 at 5:46 PM, Sebastian <pixelsebi at me.com> wrote:
>> Hi UX list,
>>
>> I have created a few mockups over the weekend to illustrate a UX
>> proposal, which just adapts the Facebook Connect design-pattern for
>> the OpenStack:
>>
>> http://pixelsebi.com/2008-12-14/open-connect-a-ux-proposal-for-the-openstack/
>>
>>
>> Looking forward to get your feedback!
>>
>> Best Regards,
>> Sebastian
>>
>> _______________________________________________
>> user-experience mailing list
>> user-experience at openid.net
>> http://openid.net/mailman/listinfo/user-experience
>>
>> _______________________________________________
>> user-experience mailing list
>> user-experience at openid.net
>> http://openid.net/mailman/listinfo/user-experience
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> user-experience mailing list
> user-experience at openid.net
> http://openid.net/mailman/listinfo/user-experience
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-user-experience/attachments/20081216/0c6b0b8d/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 12723 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-user-experience/attachments/20081216/0c6b0b8d/attachment-0002.jpeg>
More information about the user-experience
mailing list