Gervase Markham wrote:
I can't remember if I read this somewhere... I had the idea, but I'm not
sure if there's enough value in it to be worth implementing, as it's a
reasonably large UI change for perhaps not a very big gain. But I'm
going to float it anyway and see what people think.
Basically, have a one-character rolling hash of the domain plus the
password next to a password field. So, when the user has finished typing
their password, it functions like a check digit. If they are on a
different domain, it's pretty likely (depending on the number of
different characters; we could easily have 26 + 26 + 10 - a few
confusables) that the checksum character would be different. Hopefully,
this would be a cause for alarm.
Because it also helps with the problem, we could push it as a "avoid
password mistyping" feature, to try and get people to check the checksum
character before submission.
Advantages:
- Another visual difference between a genuine site and a phishing site
(Thinking aloud here)
If it was done in the *browser* then why wouldn't the
browser just reproduce it when it came across the phishing
site? Oh I see, it hashes the domain in as well.
That would work except in the case of the DNS attack. Well,
we can't have everything.
You could hash in the domain+CA out of the cert, but then
you would have to deal with wild cards. It would still work
though.
- Helps people to notice that they've mistyped their password
It would be nice if the hash was configurable to show
different things. I'd like to see either a small gfx
or a word taken out of a dictionary.
Disadvantages:
- Requires fairly significant user education
- Can't help if people finish typing and immediately hit enter
- Extra UI; possibly confusing and intrusive
- Theoretical danger of shoulder-surfers working out first few letters
of password
What do people think?
Certainly worth experimenting with...
Solving password loss is a big issue, support departments
put this as one of their biggest problems. So addressing
it at the browser is probably worthwhile.
Some good ideas to password remembrance I have seen are:
* make the user log in a couple of times when registering,
so they have say 4 chances at typing their password
* writing down the passwords somewhere
* typing them in the clear
From that pov, I'd suggest putting a radio button next to
the password form field that turned on clear instead of
stars. (The reason I say this is that shoulder-surfing
is actually a very low risk these days, it goes back to
the days of shared terminal labs when a terminal was a
valuable resource. That's only found in public access
places these days. Yet the legacy of those days remains
with us in the ****** and it may be too hard to shift that.)
Also, making the password manager better, and adding a
radio button beside the form to save-on-success, and to
read-from-password-manager would help. If the password
manager ever got to the point where people just used it
all the time, then there would be less of a problem
there .... although the more they come to depend on it,
the more crippled they are when they want to log in at
a friend's place to check that important transfer.
iang
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
_______________________________________________
Mozilla-security mailing list
Mozilla-security@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-security