Assure OSX authentication dialog box authenticity

  • Author:
  • Send To:
    Apple Inc.
  • Sponsored By:
  • More Info at:
It is apparently common knowledge that faking an OSX authentication dialog box is trivial. Thus, we are petitioning Apple to institute a secure method by which OSX users can be assured of the authenticity of OSX authentication dialog boxes.

We recommend that OSX authentication dialog boxes include a user-selected image that can be known only to the authentication system, as a means of authenticating the dialog box itself. Alternatively, we recommend that OSX authentication dialog boxes not include any data entry fields, but rather present instructions for bringing about those fields in a secure manner, such as a reserved keyboard or mouse action that cannot be intercepted by normal applications.