Open Connect - A UX proposal for the OpenStack
Alexandru Popescu ☀
the.mindstorm.mailinglist at gmail.com
Wed Dec 17 22:06:41 UTC 2008
On Wed, Dec 17, 2008 at 1:36 AM, Allen Tom <atom at yahoo-inc.com> wrote:
> I like how MySpace says this on their login screen:
>
> Always make sure you're visiting the real myspace.com!
>
> Check the URL in your browser.
> Make sure it begins with http://www.myspace.com/
> If ANY OTHER PAGE asks for your info, DON'T LOG IN!
>
That is indeed a good idea, but the message is too long and will need
careful design to be sure that the end-user (probably non-tech) will
actually read it. We might need to symbolize the above steps in some
sort of icon that is part of the OpenID 'brand'.
./alex
--
.w( the_mindstorm )p.
Alexandru Popescu
>
>
> oseph A Holsten wrote:
>
> Agreed. It is vital that, in the absence of ibid, the user check the OP url.
> A warning of that sort would have to go on the RP's page of the flow. But
> the RP is probably the one trying to spoof the user.
>
> I think the best tactic is then to get respectable RPs to mention it so
> checking becomes second nature. Has anyone put together a really effective
> blurb to tell users how to check the URL? How about a box like
> http://www.flickr.com/photos/josephholsten/3107919243/
>
> ________________________________
>
>
> http://josephholsten.com
>
>
> On Dec 14, 2008, at 3:05 PM, David Fuelling wrote:
>
> Hi Sebastian,
>
> I love your mockups! Great ideas!
>
> The only flaw is the whole "password" bit, though I think this is a flaw
> with Facebook's solutions as well. For people that use Facebook a lot, and
> also start connecting to other websites using Facebook Connect, the
> potential for phishing seems very high -- If I'm not already logged-in to my
> Facebook account, and I try to "Connect" using Facebook, I'm asked for my
> Facebook email address/password. This is not good. In the future, once
> Facebook Connect becomes very familiar to people, it will be easy to phish
> this type of thing (on my popup window for facebook, the URL is
> "http://www.connect.facebook.com/lo...", the rest of which is cut-off). Most
> people won't bother to look and see what the rest of the URL says (it could
> be http://www.connect.facebook.com.lookout.com").
>
> I think your UI workflow will have the same problems as Facebook Connect.
> So, is there a way to utliize the workflow you propose, but if the user
> isn't logged-in to their OP, then take them to their OP's login page
> (which would involve a redirect). I know it's not an ideal "flow", but my
> feeling
> is that Facebook's connect popup (or Open Connect's popup) will be easily
> phishable in its current form that asks for a password to be entered.
>
> Overall, though, I think your flow is pretty cool!
>
> David
>
> On Sun, Dec 14, 2008 at 5:46 PM, Sebastian <pixelsebi at me.com> wrote:
> Hi UX list,
>
> I have created a few mockups over the weekend to illustrate a UX
> proposal, which just adapts the Facebook Connect design-pattern for
> the OpenStack:
>
> http://pixelsebi.com/2008-12-14/open-connect-a-ux-proposal-for-the-openstack/
>
> Looking forward to get your feedback!
>
> Best Regards,
> Sebastian
>
> _______________________________________________
> user-experience mailing list
> user-experience at openid.net
> http://openid.net/mailman/listinfo/user-experience
>
> _______________________________________________
> user-experience mailing list
> user-experience at openid.net
> http://openid.net/mailman/listinfo/user-experience
>
> ________________________________
> _______________________________________________
> user-experience mailing list
> user-experience at openid.net
> http://openid.net/mailman/listinfo/user-experience
>
>
> _______________________________________________
> user-experience mailing list
> user-experience at openid.net
> http://openid.net/mailman/listinfo/user-experience
>
>
More information about the user-experience
mailing list