WebApp Sec mailing list archives
Re: Summary: Growing Bad Practice with Login Forms
From: Rogan Dawes <discard () dawes za net>
Date: Wed, 28 Jul 2004 17:20:31 +0200
David Telfer wrote:
I am unable to find the post, but the suggestion of pass phrases that the user holds would surely help. Showing characters x and y to a user and getting them to verify them against a given phrase (provided non-electronically, by normal post perhaps) would allow the user to verify in her own mind that the site is legitimate before entering login information.
If the site is being MITM'ed, that is worthless. It is trivial to relay whatever the genuine server sends to the user, with him being none the wiser.
David Telfer
Rogan -- Rogan Dawes *ALL* messages to discard () dawes za net will be dropped, and added to my blacklist. Please respond to "lists AT dawes DOT za DOT net"
Current thread:
- Re: Growing Bad Practice with Login Forms, (continued)
- Re: Growing Bad Practice with Login Forms Ivan Krstic (Jul 28)
- Re: Growing Bad Practice with Login Forms Paul Johnston (Jul 28)
- RE: Growing Bad Practice with Login Forms Stan Guzik (Jul 27)
- RE: Growing Bad Practice with Login Forms Konstantin Ryabitsev (Jul 27)
- Re: Growing Bad Practice with Login Forms Darragh O'Brien (Jul 27)
- RE: Growing Bad Practice with Login Forms Konstantin Ryabitsev (Jul 27)
- RE: Growing Bad Practice with Login Forms Lane Weast (Jul 27)
- Re: Growing Bad Practice with Login Forms Jason Coombs PivX Solutions (Jul 27)
- Summary: Growing Bad Practice with Login Forms athena (Jul 27)
- Re: Summary: Growing Bad Practice with Login Forms Ivan Andres Hernandez Puga (Jul 28)
- Re: Summary: Growing Bad Practice with Login Forms David Telfer (Jul 28)
- Re: Summary: Growing Bad Practice with Login Forms Rogan Dawes (Jul 28)
- Re: Summary: Growing Bad Practice with Login Forms athena (Jul 28)
- RE: Summary: Growing Bad Practice with Login Forms Yvan Boily (Jul 28)
- Summary: Growing Bad Practice with Login Forms athena (Jul 27)
- RE: Summary: Growing Bad Practice with Login Forms Mike Peppard (Jul 28)
- RE: Summary: Growing Bad Practice with Login Forms Herman Frederick Ebeling Jr. (Jul 28)
- Re: Summary: Growing Bad Practice with Login Forms David Wall @ Yozons, Inc. (Jul 28)
- RE: Summary: Growing Bad Practice with Login Forms Mike Peppard (Jul 29)
- Re: Summary: Growing Bad Practice with Login Forms David Wall @ Yozons, Inc. (Jul 30)
- Re: Summary: Growing Bad Practice with Login Forms Murf (Jul 30)
- RE: Summary: Growing Bad Practice with Login Forms Mike Peppard (Jul 31)
- Re: Summary: Growing Bad Practice with Login Forms Jimi Thompson (Aug 01)