Tyler wrote: > In general, as mentioned, you should simply not enter your password on any > website that is not the site the password belongs to. For my full-time job, > employees have a Chrome extension where accidentally type your password on > any website (even if it's not in a text box) you're required to reset it. >
[Slightly off topic] That is an interesting approach. Obviously not applicable to us, but in a corporate setting I imagine it could be quite effective. One thing I would worry about is the potential for timing attacks as you are now doing password comparisons against untrusted input from all over the internet with no rate limitting. I suppose that is taken into account when writing the extension though and precautions are taken. -- bawolff _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
