WebApp Sec mailing list archives
Re: Summary: Growing Bad Practice with Login Forms
From: <athena () buyukada co uk>
Date: Wed, 28 Jul 2004 17:15:43 +0100 (BST)
On Wednesday 28 Jul 2004 14:27, Ivan Andres Hernandez Puga wrote:
I am unable to find the post, but the suggestion of pass phrases that the user holds would surely help. Showing characters x and y to a user and getting them to verify them against a given phrase (provided non-electronically, by normal post perhaps) would allow the user to verify in her own mind that the site is legitimate before entering login information.
The reason I suggested characters from pass phrases was because when designing an authentication mechanism for a private bank I realised that unless you use alt tags for text, it isn't really accessible to the blind. Also the pass phrase can be sent along with the PIN in the post. The feedback I got indicated that the users had absolutely no problem adapting to it as they thought it was just another PIN - the bank now mentions two characters from the passphrase when they call the account holder to confirm their identity over the phone, something they find particularly useful.
athena () buyukada co uk wrote:Users are stupid, unpredictable, and applications would function a lot better without their interaction.Perhaps intended to be tongue-in-cheek somewhat? None of us deny the point in the technology is for the user.
It was meant to be tongue-in-cheek. I think Mark's Disney reference in another post does demonstrate proof of at least the first item in that statement though :)
David Telfer
Steve
Current thread:
- Re: Growing Bad Practice with Login Forms, (continued)
- Re: Growing Bad Practice with Login Forms Paul Johnston (Jul 28)
- RE: Growing Bad Practice with Login Forms Stan Guzik (Jul 27)
- RE: Growing Bad Practice with Login Forms Konstantin Ryabitsev (Jul 27)
- Re: Growing Bad Practice with Login Forms Darragh O'Brien (Jul 27)
- RE: Growing Bad Practice with Login Forms Konstantin Ryabitsev (Jul 27)
- RE: Growing Bad Practice with Login Forms Lane Weast (Jul 27)
- Re: Growing Bad Practice with Login Forms Jason Coombs PivX Solutions (Jul 27)
- Summary: Growing Bad Practice with Login Forms athena (Jul 27)
- Re: Summary: Growing Bad Practice with Login Forms Ivan Andres Hernandez Puga (Jul 28)
- Re: Summary: Growing Bad Practice with Login Forms David Telfer (Jul 28)
- Re: Summary: Growing Bad Practice with Login Forms Rogan Dawes (Jul 28)
- Re: Summary: Growing Bad Practice with Login Forms athena (Jul 28)
- RE: Summary: Growing Bad Practice with Login Forms Yvan Boily (Jul 28)
- Summary: Growing Bad Practice with Login Forms athena (Jul 27)
- RE: Summary: Growing Bad Practice with Login Forms Mike Peppard (Jul 28)
- RE: Summary: Growing Bad Practice with Login Forms Herman Frederick Ebeling Jr. (Jul 28)
- Re: Summary: Growing Bad Practice with Login Forms David Wall @ Yozons, Inc. (Jul 28)
- RE: Summary: Growing Bad Practice with Login Forms Mike Peppard (Jul 29)
- Re: Summary: Growing Bad Practice with Login Forms David Wall @ Yozons, Inc. (Jul 30)
- Re: Summary: Growing Bad Practice with Login Forms Murf (Jul 30)
- RE: Summary: Growing Bad Practice with Login Forms Mike Peppard (Jul 31)
- Re: Summary: Growing Bad Practice with Login Forms Jimi Thompson (Aug 01)
- Re: Summary: Growing Bad Practice with Login Forms athena (Jul 31)