-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Andy Pieters wrote:
|>Here's an idea... you expect the site to challenge YOU for your password |>before giving you access, right? Well keep that, but register a second |>password with the site when you join it, and the site has to show it to |>you over https before you will believe it is the site that you |>originally joined ;-)
| Say... this system isn't pattented is it? I am thinking of incorporating it | in my products.
Not to my knowledge... and it's public domain now ;-) Further thought: you can stick the word or picture ((c) Matthew Miller) on the login page so it doesn't get in the way at all. The word/picture HTML needs to come with a script to "break out of frames" or somehow violently object to the user if it is in an IFRAME, and ideally check the referrer URL.
- -Andy -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFCpUpdjKeDCxMJCTIRAvlHAKCD1DFdx4UiRLweONWDkiqIKWhgDgCfV6Bx 6seRsX9/ckQYZNAbwgYCGFY= =p+aQ -----END PGP SIGNATURE-----
