At the risk of oversimplifying, the argument is that if users are very familiar with one frequently-used self-identification mechanism (which may be a password login), then it will be that much more difficult for bad actors to "phish" the user to provide credentials to any agent other than the real provider of that mechanism.
Indeed that is a reasonable hypothesis. My constant question, about anything pertaining to user impact, is whether there is empirical data to support it. Users have this nasty tendency to react in unexpected way -- or rather, to be sensitive to issues that were not part of the model. Therefore, innovative UI design that predicts user behavior, without careful testing, usually fails.
At any rate, thanks for the pointer. d/ -- Dave Crocker Brandenburg InternetWorking <http://bbiw.net> _______________________________________________ dix mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dix
