zlacker

[return to "A Tour of WebAuthn"]
1. jgalt2+dw1[view] [source] 2024-12-27 15:06:58
>>caust1+(OP)
Credential stuffing would be a much less effective strategy is web apps went back to string-based usernames, and not email-based ones.

Also, I hit CTRL-F on this post for the term "portable", and I got zero hits. Both passwords and SSH keys are trivially portable. Not so much with WebAuthn passkeys.

◧◩
2. lxgr+mx1[view] [source] 2024-12-27 15:14:27
>>jgalt2+dw1
Let's please not. Password recovery flows are hard enough to get right and usually suck; adding username recovery on top of that doubles the opportunity for locking legitimate users out.
◧◩◪
3. jgalt2+hA8[view] [source] 2024-12-30 14:55:49
>>lxgr+mx1
I don't know if I agree about the level of risk here. All password managers store passwords AND usernames.
[go to top]