Workflow should look something like: I click amazon product link, get a new tab in anonymous context. Decide I want to buy or add to list...
-
-
Replying to @RichFelker @frioux
Click sign-in button on browser toolbar. Browser tells me either I don't have sign-in for this site (maybe it's fake/I never used it) or...
1 reply 0 retweets 0 likes -
Replying to @RichFelker @frioux
...tells me I've visited it 268 times before and can switch to signed-in (start showing it mg cookies). No passwords anywhere.
1 reply 0 retweets 0 likes -
Replying to @RichFelker
Sounds great. Requires incredible change in both browsers and websites. Not something I can start doing in my organization any time soon
1 reply 0 retweets 0 likes -
Replying to @frioux
There are lots of things that can be done now, but which are possible depends on what role you're in.
2 replies 0 retweets 0 likes -
Replying to @RichFelker
Sure. Fwiw our sessions last effectively forever, but we do run into phishing problems often where con artists try to scam our customers. Incredibly hard to fix this via training of the users.
1 reply 0 retweets 0 likes -
Replying to @frioux
Including in emails "Reminder: we will never prompt you for your password except when you go to the main page and click login..." can help.
2 replies 0 retweets 0 likes -
Replying to @RichFelker @frioux
Also making login page so it only works when referer is home page (or csrf-prot-like mechanism) avoids creation of links to login.
1 reply 0 retweets 0 likes -
Replying to @RichFelker
Many browsers now hide referer entirely so we've had trouble with that
1 reply 0 retweets 0 likes -
Replying to @frioux
Even within site? I thought it was cross-site only.
2 replies 0 retweets 0 likes
Lots of sites depend on same-origin referer e.g. for image linking restrictions.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.