Probably don't even need a short domain. Facebook.login.secureauthredirectsystem... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		MichaelGG on Oct 19, 2014 \| parent \| context \| favorite \| on: What we give away when we log on to a public Wi-Fi... Probably don't even need a short domain. Facebook.login.secureauthredirectsystem.moregibberish.com probably would seem sorta legit. After all, Microsoft's auth systems do crazy stuff like that. So does the moronic Verified by Visa system - it's something like "ww2.secpayment.com" and looks totally sketchy but it's legit.

voltagex_ on Oct 19, 2014 [–]

So does MasterCard (for "3D Secure" 2 factor auth) - I had to do a whois/traceroute on the domain before I trusted it the first time.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact