Friday, January 18, 2008

Yahoo! Sign-In Seal to protect OpenID phishing











Phishing, technically goes against OpenID - despite the OpenID's attempt is not to add phishing resistance login. But, there are many approaches to deal with this.

SeatBelt plugin for Firefox is one of them. This is basically at the client side.If you care not to let the rest to steal your credentials, protect your self!

Integrating OpenID with CardSpace is another approach.This has to be supported at the OpenID Provider[OP] end. myOpenID already supports this and I explain what you need to know on this in this post.

Another approach is, always let your clients approach the OP through a bookmark or simply typing the url on the browser. This is known as, "SafeSignIn".

Yahoo! - with it's OpenID support will use it's already existing phishing resistance mechanism to deal with OpenID phishing.

Yahoo! Sign-In Seal will let you create a customized login page for you.

Mine is the above image.

You can create your own Sign-In Seal with a photo or a text which is well-known to you - so each time you present your credentials, look for the customized text or the image.

0 comments: