The Truth about Web Navigation. Jeremy Zawodny on regular users understanding the browser address bar: “They don’t. And they never will.” Then they’re going to get phished, and there’s absolutely nothing we can do to help them.
Sign in with 
OpenID
Why depressing? And why fishing? Actually commenters of this post and of linked one tell there're positive features of such behaviour: better phishing resistance (no mistyped urls), and indication that something's wrong with current browsers.
Browsers don't try to correct typos in address, though they could do this unobtrusively. Another point is that start page idea may be wrong, because Speed Dial (like in Opera or Firefox+some plugin) could work better if it automatically filled empty cells with often used sites. AFAIK, Opera prefills 3 of these cells on clean install, and Firefox provides popular links for current locale.
And one more thing: despite usabilists insist on evilness of modal interfaces, looks like they are evil for advanced users only, and are very good for non-techies, because they don't see indicators moved away from center of screen. Opera and Firefox explore this direction too: see their notifications of malware sites.
You can't trust a website by how it looks - in order to have any hope at all of defending yourself against phishing attacks and other forms of online fraud you NEED to have a basic understanding of concepts like URLs and the address bar. I just don't see how it's possible to be safe online without those fundamental principles. It's clear that most people don't have them, and may never get them. As someone who spends their life building things on the Web that really depresses me. I want my family to be able to use the things I build safely.
Children don't have to understand cuts or broken bones to feel pain when they start doing something wrong. I think browsers can behave same way, providing big red warning signs to non-techies when they, i.e. enter something looking like credit card number on non-whitelisted site. And no easy way to switch them off like "Don't remind me again" or passing seatbelt behind your seat. This may sound overprotective, but maybe we need it?
Noone told me not to wash my puppy in dishwasher, it's all their fault.
anti-phishing foo
http://netfx3.com/content/WindowsCardspaceHome.asp x
gunnar - 20th July 2008 15:20 - #
Any solution to phishing must start from the axiom that people are lazy, ignorant and stupid (and I include myself in this). People prefer not to think or work, and will actively resist efforts to make them do so.
To fight phishing, it must be easier for people _not_ to get phished than for them to get phished. People type the name of their bank in the search field and then click on the first link they see because it's less demanding than remembering and typing the actual URL. It's easier to click on the link in the email that says it's from your bank than to do the safe thing and type the URL by hand.
The trouble is that most attempts to remedy the problem 'shift the battleground'. If you create a start page with a link to the user's bank on it and encourage users to use that, the phishers will do everything they can to get their link onto that start page - and if they succeed, your security feature becomes an insecurity feature.
If making it easier to do the right thing won't work, making it harder to do the wrong thing might. The alerts that modern browsers pop up if you try to visit a known phishing/malware site are one way to do this. But then the browser makers or the search engines get locked into an arms race with the scammers, always one step behind and trying to catch up.
I don't know the solution, but I do know that - unfortunately - any fix that requires the user to better understand the tools they use - browsers, the Internet etc - is pretty much doomed to failure.