To help prevent your identity from being phished - that is, to assist you in determining whether the site asking for your identity is legitimate or is illegitimately trying to steal your password - Appalachian will provide visual feedback based on its assessment of the login process. You must use Appalachian to log in for this feature to activate.
If you log in through Appalachian (and only if you log in through Appalachian!) and your OpenID identity server is visited during the course of the login process, you'll see the Appalachian icon in the status bar change to a green, verified state:
This indicates that the original site is legitimately directing you to your OpenID authentication page, where you verify that the OpenID does in fact belong to you. You can proceed safely with your login.
However, if you log in through Appalachian and your OpenID server is not visited, you'll see instead this icon in the status bar, the viewport will dim, and the following critical notification will be displayed:
It is likely you should stop here and leave the original site. If you are certain, by other means, that the site is not phishing for your identity, you may dismiss the warning dialog by clicking the 'Ignore' button, which will remove the notification and restore the page. If you are unsure, you may want to back up and use a one-time only ID, or you may want to avoid the site entirely.
The 'Leave this page' button will try to move back in your browsing history; if it fails, clicking the button will bring you to the page you're currently reading.
False Positives and Negatives
If you happen to be warned about a site you know is not phishing or you aren't warned about a site you know is phishing, please contact us - securing this feature is important to us.
You're all set! In the unlikely event that you do need to make changes to properties of your OpenID or sites you use it to login with, see notes on how to use the ID management.