[cap-talk] Update on petname related anti-phishing work at the W3C

[Dean Tribble]

While I am very much in favor of blinding passwords and credit card numbers
by default, I often find it frustrating to have write-only fields,
particularly for lower-security purposes.  I can't tell you how many times
I've had to go searching for the one place that remembers a wireless
password just so I can get one more house guest hooked up.  I've recently
seen a general pattern that I like very much:  initial entry fields default
to blinded, with a check box to show the unblinded contents (I think always
defaulting to blind rather than remembering is a good idea).  This prevents
shoulder surfing while not precluding the user from getting at his secret
data.  Exposure of that data later requires a more involved, explicit
interaction that expires quickly.  In the pet name context, that might mean
that I can get the actual credit card numbers out, but they are not
displayed by default.  Ideally, the secret data would only be extractable
through an entirely separate security interface, reached via trusted path.

A note: it would be great to get the credit card number generation
integrated with something like Citibank's single-use credit card number
scheme.  Then, when you fill in the credit card number, it's a unique one
for this transaction.

BTW I would think that the only psasword that would not be automatically
generated would be the user's local password.  All the passwords for remote
accounts should be randomly generated and not typically ever visible to the
user.  (on the theory that you can't get tricked out of an account password
if you don't ever need to know it).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.eros-os.org/pipermail/cap-talk/attachments/20070701/608c5d86/attachment.html