well, another possibility would be encrypt username+password somehow with a public launchpad gpg key, which needs to be fetched from a trusted site, and with the users gpg key which is known to launchpad...
Sounds really strange, but should work...another possibilty would be to have a non-webbased-authentication via ssh, and the public key, known by LP...
I really don't see any other (sane) possibility to workaround this phishing problem.
HI,
well, another possibility would be encrypt username+password somehow with a public launchpad gpg key, which needs to be fetched from a trusted site, and with the users gpg key which is known to launchpad...
Sounds really strange, but should work...another possibilty would be to have a non-webbased- authentication via ssh, and the public key, known by LP...
I really don't see any other (sane) possibility to workaround this phishing problem.
Regards,
\sh