Comments on: Passpack’s Whitelist…It’s Unanimous

By: Passpack And OpenID: Under the Hood « Passpack Blog

Passpack And OpenID: Under the Hood « Passpack Blog — Tue, 02 Sep 2008 09:02:31 +0000

[...] end we decided that instead of a “whitelist”, the Sign In page will display icons of OpenID providers which work well with Passpack, and we’d work something out so that no one would be excluded – icon or [...]

By: Tara

Tara — Fri, 22 Aug 2008 15:45:04 +0000

@TB
No, that list shouldn’t get too long. We’re only putting a select few OPs in there. The rest will be accepted, but just typed in manually.

OpenID support for Desktop and Offline? Oh dear, I have no idea. You’re too far ahead :)

@Thor
We’re having some internal debate here on whether or not the PhishTank sites should be blocked completely. My vote goes to blocking… we’ll see how that goes (so far I’m loosing).

Cheers!
Tara

By: Thor Marius K. H

Thor Marius K. H — Tue, 19 Aug 2008 14:17:21 +0000

Great to hear that you’re going to use the PhishTank API (just took a look at the comments in “A question for..”).

Although, I still think that sites listed in phishtank shouldn’t just show a warning. A warning can “potentially” be bypassed if the user’s browser has malicious software.

Even though it’s not likely, it’s possible, thus it is a security issue. I’d deny any sites using PhishTank, as your chance of finding legit sites on PhishTank is extremely small.

Better safe than sorry. Especially with 100 potential passwords.

By: TB

TB — Tue, 19 Aug 2008 13:25:32 +0000

Isn’t that list of icons going to get HUGE eventually? How about also including an autocomplete feature as you type into the box? And is a warning good enough for a phishing site? I think it’s probably best just to block that site until it’s off the phishing list.

Other than those minor things, this is amazing, thanks for supporting openid!

(will there openid support for passpack offline btw?)