your password manager's url comparison? Better than manual url comparision! A su... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		jefftk on Jan 5, 2017 \| parent \| context \| favorite \| on: Browser auto-fill phishing `your password manager's url comparison?` Better than manual url comparision! A surprising number of humans think things like www.goodcompany.evil.com are urls for "Good Company", and anyone can screw up and make mistakes checking urls (www.goodcomany.com).

ksenzee on Jan 5, 2017 [–]

Add Unicode and it gets worse. I don't trust my eyes to differentiate between Cyrillic а and Latin a. https://en.wikipedia.org/wiki/IDN_homograph_attack

jefftk on Jan 6, 2017 | [–]

Browsers only display unicode in domain names if the TLD has restrictions on character sets that prevent homograph attacks.

See https://en.wikipedia.org/wiki/IDN_homograph_attack#Defending...

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact