Hacker News new | past | comments | ask | show | jobs | submit login

No, because I know that I drove down the same street, parked in the same parking lot, and walked through the same door. The URL should always be visible so that I can glance up and see if I am in a familiar place before putting in a username/password.



The point of this is that you see and compare the domain before putting in a username/password. That's probably more reliable than comparing a full URL - the difference between y0urbank.com and yourbank.com is much more obvious than the difference between y0urbank.com/?bunch/of/state=whatever and yourbank.com/?bunch/of/state=whatever


The component of the URL you check when avoiding phishing attack (the domain) is still displayed.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: