W3C home > Mailing lists > Public > public-usable-authentication@w3.org > June 2006

Re: AW: Secure Chrome

From: Amir Herzberg <amir.herzberg@gmail.com>
Date: Thu, 15 Jun 2006 01:08:49 +0300
Message-ID: <449088F1.9000405@cs.biu.ac.il>
To: Jörg Schwenk <joerg.schwenk@ruhr-uni-bochum.de>
CC: public-usable-authentication@w3.org

Jörg Schwenk wrote:
> Sounds like a very interesting idea, and I can imagine how it works for
> standard username/password. Do you have any ideas how to handle non-standard
> logins, e.g. username/email/creditcard/password, or transaction numbers from
> a TAN list (system used by all german banks)?
Joerg, thanks. Yes, actually, our prototype already handles other fields 
(not only passwords) and indeed a very natural other application is to 
protect credit card numbers , and of course other input fields. We use 
an XML schema for identifying the relevant fields, etc., so it is quite 
easy to extend.

One problem, though, is that we don't have a standard mechanism for 
changing user's password.

Amir Herzberg
> Joerg Schwenk
> -----Ursprüngliche Nachricht-----
> Von: public-usable-authentication-request@w3.org
> [mailto:public-usable-authentication-request@w3.org] Im Auftrag von Amir
> Herzberg
> Gesendet: Dienstag, 13. Juni 2006 17:47
> An: James A. Donald
> Cc: public-usable-authentication@w3.org
> Betreff: Re: Secure Chrome
> James A. Donald wrote:
>> User does not look at routine chrome.  Does not look at
>> irrelevant information.
> agree
>> We have to make the login page special in an obvious and
>> dramatic way - and not make all the other pages special,
>> because then it just turns into noise and the user tunes
>> it out - so login and account creation has to be part of
>> the browser, not a web page.
> I agree. Our in-development code modifies login pages so that login is 
> always done via our control in the Chrome - user never enters password 
> in a web form (we can also auto-fill the password so users don't need to 
> type it at all). Feedback?
> Amir Herzberg
Received on Thursday, 15 June 2006 11:57:32 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 19:53:15 UTC