Ka-Ping Yee wrote:
> Passpet's strategy is to customize a button that you
> click.  We are used to recognizing toolbar buttons by
> their appearance, so it seems plausible that if the
> button has a custom per-user icon, users are unlikely
> to click on a spoofed button with the wrong icon.
> Unlike other schemes, such as special-looking windows
> or a custom image shown with the login form, this
> strategy requires the user to directly interact with
> the customized UI element.
> The effectiveness of Passpet's approach is only
> hypothesized; it has never been formally tested, so i
> can't claim it works better.
>> Cannot find a web page that presents passpet.
> See > http://usablesecurity.com/2006/02/08/how-to-prevent-ph
> ishing/

This seems like a highly effective cure for phishing,
and one that can be implemented on the individual level
- and unlike my proposed solution, your solution does
not require competent web masters, who tend to be in
short supply.  When do you hope to release an actual
working passpet?

         James A. Donald

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to