Hacker News .hnnew | past | comments | ask | show | jobs | submitlogin

Domain check is good, but can be misread, especially with IDNs. Of course, URLs can be mistyped too and a lot of phishing is based on typos of URLs. So really, in the end, you should always follow a bookmark before logging in.


I trust my password manager. It auto-fills my passwords only on correct domains. When my password manager doesn't work, I'm highly suspicious.

Plus I use passwords that are auto-generated based on domain name, which I copy & paste to the generator. Hopefully this makes me immune to homograph attacks.


What pm do you use?


1Password Password Manager and Form Filler may be an option: http://www.apple.com/downloads/macosx/networking_security/1p...


Opera's built-in “Wand” + my own script. I like that Opera highlights recognized fields, but doesn't fill them in until I tell it to.


1Password takes care of that for me. I don't see any accounts available if I'm on the wrong domain name.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: