On 4/26/2010 6:03 AM, Phillip Jones wrote:
Cruz, Jaime wrote:
JohnW-Mpls wrote:
You got it. Phillip - it's not a bug but a design change/flaw. I went
to 2.x for better security but the design of ID/Password handling went
overboard.
I have a few hundred bookmarks and a few dozen with ID/Password
protection. The Wall St Journal is a nice example, one of the
publications I go to daily.
When I go to the WSJ site with 1.x, their site comes up with a "Hello,
John" greeting - they already know me as a customer. With 2.x. the
WSJ comes up but I am restricted till I click to login and then I need
to right-click for 5-15 seconds for 2.x to finally respond with my
ID/Password, or I need to enter in the first character of the ID I use
for that vendor.
I use a number of ID/Passwords for different purposes, for different
clients, etc. Remembering which one for which site is not practical
for a human - that's what I have a computer for, and the 1.x and even
old Netscape does it well - user friendly.
I think if the banks are the ones that forced this change on Mozilla,
the proper response SHOULD have been to tell them to go pound sand and
write their own damned browser and leave the Mozilla team free to write
the browser the USERS want...
I agree.
I very much doubt banks care about the way a browser is designed with
regards to security and passwords. Any bank IT guy knows the limits of
this type of security.
It so happens I daily deal with two banks and several credit card sites
in the US, two banks in Finland and two banks in France. None of the US
sites I deal with have any security beyond the typical user's name and
password, with the exception of one of them (Bank of America) which uses
a sitekey (whatever that brings in terms of security, I do not know).
The two Finnish banks use a totally different approach, where browsers
have little to do in terms of security: you are prompted to enter a
specific six digit number, from a list printed of on a card where they
are numbered and which you keep in your wallet for instance. This card
is renewed by the bank on a regular basis. Hard to defeat, unless you
are stupid enough to give your card to somebody, or if it is stolen and
you do not notice it. ...
One of the two French banks I use requires that I click on a virtual
keypad to enter the password, the keypad being reshuffled every time I
attempt to logon. In other words, the keys never (or as frequently as
you win the lotto!) show up with the same display. Hard to defeat too ...
This is why I do not believe for a second banks would bother "dictate"
the way Browsers deal with this issue. It has to be a design choice and
as any choice, it is a compromise ...
Any way, Firefox 3 (and SM 1.1.1x) and Roboforms do work very well
together which shows that a convenient and reasonably safe system can be
put up for forms and passwords. Unfortunately, Roboform does not work
its usual way (there seems to be a work-around but I have not checked
it) with SM 2 and the company does not appear to be in a hurry to issue
a compatible version.
Until then, I use SM1.1.19 and Firefox 3, hoping the situation will
evolve and let me use SM2.
--
John Doue
_______________________________________________
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey
