--
Ka-Ping Yee wrote:
> Passpet's strategy is to customize a button that you
> click. We are used to recognizing toolbar buttons by
> their appearance, so it seems plausible that if the
> button has a custom per-user icon, users are unlikely
> to click on a spoofed button with the wrong icon.
> Unlike other schemes, such as special-looking windows
> or a custom image shown with the login form, this
> strategy requires the user to directly interact with
> the customized UI element.
>
> The effectiveness of Passpet's approach is only
> hypothesized; it has never been formally tested, so i
> can't claim it works better.
>
>> Cannot find a web page that presents passpet.
>
> See > http://usablesecurity.com/2006/02/08/how-to-prevent-ph
> ishing/
This seems like a highly effective cure for phishing,
and one that can be implemented on the individual level
- and unlike my proposed solution, your solution does
not require competent web masters, who tend to be in
short supply. When do you hope to release an actual
working passpet?
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
2XJ1hBQB4Lh88oartvxNB9R47imTGm9ijr/vCQ5S
4tw2qTJbgf91cRjr3IilUO+alJWC4QViGoIqSUjWI
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
