So you are saying emails shouldn't have links, basically?
There are lots of things that can be done now, but which are possible depends on what role you're in.
-
-
You can always, as a user, use bookmarks or manual entry to login to non-junk sites (esp Google or another primary email provider).
-
And as someone in security training/policy you can teach/insist your students/staff/whatever do it that way.
- 1 more reply
New conversation -
-
-
Sure. Fwiw our sessions last effectively forever, but we do run into phishing problems often where con artists try to scam our customers. Incredibly hard to fix this via training of the users.
-
Including in emails "Reminder: we will never prompt you for your password except when you go to the main page and click login..." can help.
-
Also making login page so it only works when referer is home page (or csrf-prot-like mechanism) avoids creation of links to login.
-
Many browsers now hide referer entirely so we've had trouble with that
-
Even within site? I thought it was cross-site only.
-
Lots of sites depend on same-origin referer e.g. for image linking restrictions.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
