Closed Bug 309304 Opened 19 years ago Closed 19 years ago

[RFE] Allow banks etc to provide login detail restrictions in a file to prevent phishing

Categories

(Toolkit :: Password Manager, enhancement)

Product:
Toolkit
Component:
Password Manager
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: cslee, Unassigned)

Details

User-Agent:       Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)
Build Identifier: 

To help less educated users a feature that allows a Bank or other orgonisation 
to provide the user with a file that can be imported into the system to prevent 
usernames being used at the wrong site.
It could work like this:
Bank provides a file containing a login name, URLS and IP addresses where the 
specific login name is valid.
User is given option to import this file.
Then if user tries to use the login name at any other site the system will not 
allow submission of the page.
If a user wants to create an account prior to receiving a "Logon Security 
package" from the site they are using, they have to create one manualy before 
they can continue, thus ensuring they know who they are dealing with.


Reproducible: Always

Steps to Reproduce:
Well, that's what we got the extenstion system for...
How would Firefox detect that you're trying to log into a different site with
the same password?
When submitting data if one of the fields has the login name then we prevent it.
Or maybe when importing the "Logon Security package" or creating one with a gui
we link it to a password and prevent the combination being sent to any other site.

I am just looking for a solution that makes the browser more secure than any
other by only allowing interaction with known sites for specifc information.
 
> When submitting data if one of the fields has the login name then we prevent it.

Then phishing sites will use fake, JavaScript-implemented textboxes, or
textboxes that aren't part of a form.
This probably wouldn't work, it would require vast amounts of cooperation from
banks (which we could better use doing other things) and there are better ways
(such as PwdHash) of avoiding sending information to dodgy sites.

Thanks for taking the time to write up your idea, though.

Gerv
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → WONTFIX
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.