authentication page

This problem is not unique to Twitter, but Twitter exacerbates the risk of phishing by failing to use appropriate language on its authentication page.

For example, a malicious relying party may forward the end-user to a bogus identity provider authentication page asking that end-user to input their credentials.

It can be headers in the HTTP request for this authentication page over on Twitter, in this example.

Even if the merchant has a mobile Web site, unless the issuer is also mobile-aware, the authentication pages may fail to render properly, or even at all.

Each challenge consists of an authentication page with a password entry box, plus other files which are to be exploited or attacked in order to gain the correct password.

Visit the Authentication page for additional information on GPO's role in authentication, how authentication works, and frequently asked questions about authentication.

The request token that was obtained from the server is supplied as a parameter in the URL that is used to direct the user to the authentication page.

On completion of this, the malicious party (who in this case also controls the bogus authentication page) could then have access to the end-user's account with the identity provider, and as such then use that end-user's OpenID to log into other services.