undefined | Better HN

0 pointstracker17y ago0 comments

Wouldn't you actually want the opposite behavior... any "password" field should have a dialog with, "Are you certain this is the site you want to log into?" then you can check, "oh yeah that isn't my bank."

edit: If I don't get an autofill option from LastPass, I'm incredibly skeptical if it is the right site.

0 comments

1 comments · 1 top-level

peterwwillis7y ago

There's a couple problems with that. Not all sites get their password forms detected correctly. And sites may change their design, causing the old form to stop being cached correctly. It would be hard to tell if changes were just design updates or phishing, and I think the layman would be hard-pressed to make that determination.

Really I think we need something akin to app shortcuts. If you want to log in to your bank, you should be able to go to your browser's Home page and find some kind of signed login link that was created the first time you logged in. It's like a bookmark, but following a particular standard, and can be pushed by the site and accepted by the user one time, with warnings and instructions to keep users from accepting it from phishers. The intent would be to add a process that would be hard to dupe users into following by accident, and giving them easy access to sensitive sites. Then the site could tell users "never follow a link in an e-mail from us, always use your Home screen shortcut" or similar.

Browsers could even vet these via a kind of "app store for logins" to remove anything that looks like phishing. Maybe that's been explored before, though?

j / k navigate · click thread line to collapse