HTTP authentication logout/stop phishing

Here’s an idea. When someone finally gets around to implementing logout/etc. functionality in HTTP authentication, why not put the username in a little box at the right of the address bar, like where the lock is for secure sites. Not only would this be nice and usable, but it would also help stop phishing attacks of the form http://www.examplebank.com@evilsite.net/, since the username part, www.examplebank.com, would be moved away from the normal address and be visually distinct.

Edit: posted this on my website, with a nice, pretty mock-up.

Comments are closed.