-- Ka-Ping Yee wrote: > Passpet's strategy is to customize a button that you > click. We are used to recognizing toolbar buttons by > their appearance, so it seems plausible that if the > button has a custom per-user icon, users are unlikely > to click on a spoofed button with the wrong icon. > Unlike other schemes, such as special-looking windows > or a custom image shown with the login form, this > strategy requires the user to directly interact with > the customized UI element. > > The effectiveness of Passpet's approach is only > hypothesized; it has never been formally tested, so i > can't claim it works better. > >> Cannot find a web page that presents passpet. > > See > http://usablesecurity.com/2006/02/08/how-to-prevent-ph > ishing/
This seems like a highly effective cure for phishing, and one that can be implemented on the individual level - and unlike my proposed solution, your solution does not require competent web masters, who tend to be in short supply. When do you hope to release an actual working passpet? --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 2XJ1hBQB4Lh88oartvxNB9R47imTGm9ijr/vCQ5S 4tw2qTJbgf91cRjr3IilUO+alJWC4QViGoIqSUjWI --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]