Re: Secure Chrome

One of the crowd pleasers of Microsoft's Infocard pitch is the secure  
user experience. If you were to have Microsoft's Infocard show static  
HTML rather then a fixed UI, it would seem that you would have Secure  
Chrome. The user knows it is the their secure browser because it  
initially shows a graphic secret shared between the user and the app.  
The keyboard and screen are locked out to any other app to block  
malware. Unfortunately the UI is fixed.

Microsoft did significant user experience research in designing  
Infocard in order to stop phishing. It could be worthwhile to review  
what they learned.

-- Dick

On 17-Apr-06, at 7:47 AM, Dan Schutzer wrote:

>
> I believe this is a good first start.
>
> -----Original Message-----
> From: public-usable-authentication-request@w3.org
> [mailto:public-usable-authentication-request@w3.org] On Behalf Of
> Hallam-Baker, Phillip
> Sent: Monday, April 17, 2006 10:36 AM
> To: Jeffrey Altman; George Staikos
> Cc: public-usable-authentication@w3.org
> Subject: RE: Secure Chrome
>
> Lets break the problem down.
>
> Secure Chrome has a number of attributes:
>
> * Must be recognizable as secure chrome to the user
> * Must be under exclusive control of the application
> * [Possibly more]
>
> There are a number of ways that secure chrome might be achieved and  
> a number
> of degrees of security possible:
>
> * Secure Chrome - security guaranteed by the operating system
> * Spoof resistant chrome - security guaranteed by application level  
> best
> effort
>
> Adding the Google toolbar is an unintentional but effective protection
> against many phishing attacks spoofing the address bar in  
> javascript because
> it mucks up their pixel counts.
>
> Refusing to create frameless pop ups. Rejecting the idiotic notion  
> that the
> content provider has the right to determine the end user experience  
> does a
> lot.
>
> To get to absolutely secure chrome we are going to need close  
> coupling to
> the O/S security layer. But this is a goal to work towards not a must
> achieve first day requirement.
>
>
>
>

Received on Tuesday, 18 April 2006 02:26:45 UTC