I think that you are thinking of "SiteKey" (and probably similar systems) http://en.wikipedia.org/wiki/SiteKey. Unfortunately, not clear that it helps :(.
> -----Original Message----- > From: Misagh Moayyed [mailto:[email protected]] > Sent: Wednesday, August 07, 2013 4:31 AM > To: [email protected] > Subject: RE: [cas-user] CAS anti-phishing measures > > You may want to think about Graphical User Authentication (GUA), where > the user identifies the authenticity of the site/application pictorially first > using graphics they configure during the setup process, before providing any > type of sensitive credentials. Most banking sites do a variant of this. > > P.S: Technically, I think it would be incorrect to the classify this as GUA since > no graphics are actually used to authenticate the user. This would be more > like graphical user recognition :) > > > -----Original Message----- > > From: Tom Poage [mailto:[email protected]] > > Sent: Friday, August 2, 2013 12:34 PM > > To: [email protected] > > Subject: [cas-user] CAS anti-phishing measures > > > > Greetings, > > > > We've had occasional issues with fake CAS login sites, and I'm > > wondering what current anti-phishing measures might be available to > > the CAS web server (I see a slightly outdated mention of the topic on > > https://wiki.jasig.org/x/FgnP). > > > > Foremost is user education--instilling the Internet analogue of > > "street smarts". Unfortunately, there's always someone who isn't > > paying > attention > > or, in some cases, a bit of a language barrier understanding nuance in > > phishing emails, web pages, .... > > > > At the server level, one method is to place either a short expiration > > or > 'no- > > cache' directive on static content (e.g. css) and, on detecting a > non-local HTTP > > 'Referer' header ("hot linking"), block access to alter login page > presentation, > > or redirect an access-denied page (with additional educational content). > > > > None of this is bulletproof; they're only layers to reach a fraction > > of > low > > hanging fruit. > > > > Other ideas? > > > > Thanks. > > Tom. > > > > -- > > You are currently subscribed to [email protected] as: > > [email protected] To unsubscribe, change settings or access > > archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: > [email protected] To unsubscribe, change settings or access archives, > see http://www.ja-sig.org/wiki/display/JSG/cas-user
smime.p7s
Description: S/MIME cryptographic signature
