Any creative solution to make it harder for hackers to copy your IdP login page?

Cantor, Scott cantor.2 at
Wed Mar 28 07:54:52 EDT 2018

On 3/28/18, 1:01 AM, "users on behalf of Martin Lunze" <users-bounces at on behalf of martin.lunze at> wrote:

> I only want to say, this way its possible for attackers to guess usernames.
> In my personal opinion the first step of a possible attack.

As soon as you go down that road, you are trapped into expensive rules around what systems can make use of the username as an identifier, and that is a disaster in most cases.

> After this attackers could bruteforce passwords target-oriented.

Phishing is too easy to make it worth the time.

-- Scott

More information about the users mailing list