[development] OpenId open to phishing attacks.
drupal.beginner at wechange.org
Wed Nov 7 06:58:45 UTC 2007
On Wednesday 07 November 2007 14:28, Derek Wright wrote:
> Phishing is inherently about tricking humans into compromising
> their own security. OpenID isn't unique in this regard -- look
> at how well many phishing operations work, regardless of the
> underlying authentication mechanism.
However, it seems to me that the OpenId protocol seems to make
phishing easier. I agree that there is no perfect solution, but there
is no need to actually make it easy to con the users.
I followed some of the links, read the discussion:
OpenID: Phishing Heaven
Solving the OpenID phishing problem
I'll look if the later can be implemented for Drupal in a few months
More information about the development