Phishing can still happen in that case, of course. Just not as "often" if you know what I mean
-
-
Workflow should look something like: I click amazon product link, get a new tab in anonymous context. Decide I want to buy or add to list...
-
Click sign-in button on browser toolbar. Browser tells me either I don't have sign-in for this site (maybe it's fake/I never used it) or...
-
...tells me I've visited it 268 times before and can switch to signed-in (start showing it mg cookies). No passwords anywhere.
-
Sounds great. Requires incredible change in both browsers and websites. Not something I can start doing in my organization any time soon

-
There are lots of things that can be done now, but which are possible depends on what role you're in.
-
You can always, as a user, use bookmarks or manual entry to login to non-junk sites (esp Google or another primary email provider).
-
And as someone in security training/policy you can teach/insist your students/staff/whatever do it that way.
-
Yeah we have training for staff. Harder for casual customers.
End of conversation
New conversation -
-
-
I mean I understand that superfuture but I just don't see banks, who can't even be bothered to support long passwords or pasting into new password fields, supporting something as radical as this.
-
Banks are the most awful and backwards. Unless they have a function to send $ to new recipients they don't even need above-avg protection.
-
Most ppl just want read-only access to transaction log & bill-pay for existing billing accounts. No need to inconvenience or expose them.
-
True.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.