Security Skins: Single Sign-On with Images
Appol writes "Berkeley researchers propose a Mozilla extension to stop phishing. They claim that users only need to remember one password and one image for their lifetime to securely log in to any number of sites. They also use uniquely generated visual hashes to "skin" trusted windows and webpages, which is harder to spoof than the SSL lock icon. To verify that the skin is legit, the user has to compare two images, which is easier for novices than verifying a certificate."
SSL certificates are pretty expensive for someone setting up a secure hobby website. You can go the route of FreeSSL, or generate your own, but this gives browser warnings/errors. I'm wondering how much this method would cost if you got it from GeoTrust/Thawte/etc. and what the lifetime of that would be (good for a year, two years, etc.)?
As a side note, after 8 years of tech support, I find users trust what their browsers trust, and as long as people use browsers like IE and just click on email links, nothing will be secure at the users end.
Give a man a fish and he'll eat for a day. Teach him to fish and he'll wipe out the species.