On Wednesday 07 November 2007 14:28, Derek Wright wrote:
Phishing is inherently about tricking humans into compromising their own security. OpenID isn't unique in this regard -- look at how well many phishing operations work, regardless of the underlying authentication mechanism.
Ok, thanks. However, it seems to me that the OpenId protocol seems to make phishing easier. I agree that there is no perfect solution, but there is no need to actually make it easy to con the users. I followed some of the links, read the discussion: OpenID: Phishing Heaven http://www.links.org/?p=187 Solving the OpenID phishing problem http://simonwillison.net/2007/Jan/19/phishing/ I'll look if the later can be implemented for Drupal in a few months from now. Blessings, Augustin.